Single Sign On (SSO) Settings

Single Sign On (SSO) with Zendesk Sell allows you to log into your Sell account with just one click! SSO is available on the Elite Plan, and can be set up with any SAML 2.0 compliant Identity Provider. 

What are the benefits of SSO? 

Setting up Single Sign On for your Zendesk Sell account eliminates the need for you and your account's users to remember separate passwords for Sell. As an administrator, SSO helps simplify identity management and increase security compliance with your organization's policies. 

If you're already using an Identity Provider such as Okta, OneLogin, or PingIdentity, setting up SSO with Zendesk Sell is straightforward. 

You can choose any SAML compliant Identity Provider with Sell if you don't already have one set up. 

 

How do I set up SSO? 

Single Sign On can be turned on for your entire account from Zendesk Sell Settings page. As long as you have admin access to Sell, you can head to the Settings page in your account and choose the Single Sign On section. 

 

We'll display your Zendesk Sell account's UUID, Service Provider Issuer ID, and Service Provider Assertion Consumer Service URL information on this page. You'll need to enter in the information in these fields into your Identity Provider. 

You'll also need to bring over your Identity Provider's metadata into Zendesk Sell. Most Identity Providers will offer one URL that will bring over all this information - you can enter that into the Automatic Setup box to complete setup!

If your Identity Provider does not provide a single URL for configuration, you can use the Manual Setup fields to enter in their Issuer ID, SSO URL, and Certificate Fingerprint. 

Once entered, hit Save to complete setup!

How will I log into Zendesk Sell once SSO is setup?

Though you'll still log into Zendesk Sell from our default login page, the experience will be a little different. 

Screen_Shot_2018-10-28_at_11.58.23_PM.pngWith SSO enabled, you and your Zendesk Sell account users will just need to enter in the email address registered to Sell, or in other words your login email.

Zendesk Sell will automatically verify the email address against your Identity Provider - if you're already logged into your Identity Provider, you'll be automatically logged into Sell!

If you're not already logged into your Identity Provider, you'll be taken to their login page to enter in login details. As soon as you're authenticated, you'll be brought back and automatically logged into Zendesk Sell. 

FAQ

Does SSO work on Zendesk Sell mobile apps? 

Yes! Similar to the web, you'll just need to enter in your Zendesk Sell email address in order to begin the sign in process on your device. Depending on your device, we'll take you to your browser or your Identity Provider's app to complete sign in. 

Will I be able to log in without using SSO after setup?

If you're an Administrator on your Zendesk Sell account, you'll be able to select a "Log in with my Email and Password" option on the Sell login page. All non administrator users will need to use SSO to log in. 

How do I change the email address registered to Zendesk Sell?

You'll need to be a Zendesk Sell Admin in order to change the email address registered to Sell. All non admin accounts will not be able to change the email address used to log in. 

What are the SSO settings I'll need to know? 

Parameter Name Parameter Value Comments
Single Sign On URL "Service Provider Assertion Consumer Service URL" value from Zendesk Sell settings

This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.

The same value should be used for Recipient URL and Destination URL if these are defined independently.

Audience Restriction "Service Provider Issuer ID" value from Zendesk Sell settings This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.
NameID Format EmailAddress  
Application Username Email  
Response Signed  
Assertion Signed & Encrypted  
Signature Algorithm RSA-SHA1  
Digest Algorithm SHA1  
Single Log Out URL    Leave this empty, as it is not supported by Zendesk Sell.
Default RelayState   Leave this empty, as it is not supported by Zendesk Sell.