You can provide your users with more options for signing in to Zendesk Support by allowing them to use their existing social and business accounts.
- Agents and admins can use either Google or Microsoft (Azure Active Directory and Office 365) SSO methods to sign into theirbusinessaccounts.
- 最终用户can use Twitter, Facebook, Google, and Microsoft SSO methods using theirsocial/personalaccounts.
How social and business SSO works
Social and business single sign-on allows team members to access Zendesk using their Google or Microsoft business accounts, and end users to access Zendesk using their personal Facebook, Twitter, Google, or Microsoft accounts. When you enable these SSO methods, a sign-in button is added to your Help Center page.
In the example below, the end user can log in using any of their personal Twitter, Facebook, Google, or Microsoft accounts.
用户的社会和商业账户登录credentials (username and password) are never shared with Zendesk. Only the primary email address contained in the social and business account is shared.
Enabling social and business SSO
You can enable social SSO (for end users) and business SSO (for team members) without any custom configuration. To learn more about how the authentication process works after you enable, seeFirst authentication process.
To enable business SSO for team members
- InAdmin Center, click账户in the sidebar, then selectSecurity > Team member authentication.
- SelectExternal authentication显示您的业务和SSOoptions.
- Select the business accounts you'd like to allow the team member to sign in with:GoogleorMicrosoft.
- If you selectedMicrosoft, you must provide thetenant IDsfor the Azure Active Directory tenants that are permitted to access your Zendesk account (also required for Office 365). In theAllowed tenant IDsfield, type the tenant IDs, separated with spaces.
- ClickSave.
- InAdmin Center, click账户in the sidebar, then selectSecurity > End user authentication.
The最终用户command is not available until you activate the Help Center. SeeGetting started with Guide.
- Select each of the SSO options you want to enable.
If you selectedMicrosoft, your end users will be able to sign in with Microsoft identities, which are managed through a personal Microsoft account (for instance, services like Xbox, Teams for Life, or Outlook).
- ClickSave.
The sign-in links appear on your Help Center sign-in page.
First authentication process
- Users select one of the social or business sign-on options on your Zendesk account sign-in page.
- Users will be redirected to their social or business sign-in page and must enter their credentials.
- If the credentials are valid, users will be redirected back to your Zendesk Support account.
- If the email address matches a user's email address in Zendesk, Zendesk will ask the user to enter their Zendesk password. After validated, the contact information is added to the user's profile.
- If the email address does not match a user in Zendesk, a new user will be created, and Zendesk will send a verification email. If the user is a duplicate of a pre-existing Zendesk user, you can merge the users (seeMerging a user's duplicate account).
If your Zendesk account is closed or restricted, and a user tries to sign in with a business or social account email that does not exist in Zendesk, their request to authenticate will be rejected. To enable a user to sign in with a social or business account that uses a different email, you will need to add the account email as a contact inAdd contacton their user profile.
For more information on modifying a user's profile, seeUpdating your user profile and password.
After the one-time authorization is completed, the user is seamlessly signed in to Zendesk. On subsequent visits, if the user is already signed in to the account, they will be immediately signed in to Zendesk after they click the associated social or business sign-on button. If they aren't already signed in with the social or business account, they will be prompted to.
3 Comments
Is there a method to restrict different brand access when using SSO, eg: Staff with an SSO login get X, Y, & Z brand access, but end-users with SSO only gain access to Brands X & Z.
Hi Dave,
As of the moment, SSO will apply to the entire account. There is no native way to restrict the implementation to different brands. However, I understand your need for this functionality and I am marking this comment as product feedback. We truly value customer feedback and your voice and votes in the community help influence future Zendesk functionality.
All the best
Looking for some direction prior to touching base with my internal IT team on how what we need to consider to move forward in our set-up with access/Help Center:
Our situation is we haveend usersthat fall into the following segments:
1. Organization A has end users that they wish to manage via OneLogin
2. Organization B has end users that they wish to manage via Azure Active Directory
3. All other organizations have end users that will login using Zendesk authentication
...specifically so that any one of these end users can submit a ticket, track tickets and even access certain content in the HC (based on their identity/organization).
Is this "mix" possible?
And is it possible to do so in a way where the end users never see/feel a thing - their accounts in Zendesk have the accurate info and however they login, it works?
Any/all input is appreciated.
Pleasesign into leave a comment.