Follow

Setting up Single Sign On (SSO) with Zendesk Sell

Elite plan

Single Sign On (SSO) with Zendesk Sell can be set up with any SAML 2.0 compliant identity provider, eliminating the need for your users to remember a separate password for Sell.

This article contains the following sections:

As an administrator, SSO helps simplify identity management and increases security compliance with your organization's policies. 

If you're already using an identity provider such as Okta, OneLogin, or PingIdentity, setting up SSO with Zendesk Sell is straightforward. 

You can choose any SAML compliant identity provider with Sell if you don't already have one set up. 

Setting up SSO

Single Sign On can be enabled for your entire account from the Zendesk Sell Settings > Single Sign On page. You need administrator rights to access this page.

For guidance on setting up ADFS with Sell, see Configuring Microsoft ADFS Single Sign On (SSO) with Sell.

Screen_Shot_2018-10-28_at_11.58.23_PM.png

Set up SSO in Sell

  1. Go to Settings >Single Sign On, and click Configure.  You'll see the Zendesk Sell account's UUID, Service Provider Issuer ID, and Service Provider Assertion Consumer Service URL information on this page. You'll need to provide this information to your identity provider. 
  2. Select Automatic Setup or Manual Setup.
  3. If you select Automatic Setup, enter the metadata URL for your identity provider. Most identity providers offer one URL to transfer this information.
  4. If your Identity Provider doesn't provide a single URL for configuration, select Manual Setup, enter the following information:
    1. Identity Provider Issuer ID, for example, http://yourdomain/adfs/services/trust
    2. Identity Provider SSO URL, for example, https://yourdomain/adfs/ls
    3. Identity Provider certificate fingerprint.  This is the SHA-1 fingerprint of the token signing certificate installed in the ADFS instance.
  5. Click Save.

Logging in to Zendesk Sell with SSO enabled

 the experience will be a little different. 

With SSO enabled, users continue to log in to Zendesk Sell from our default login page, but you'll need to enter in the email address registered to Sell, that is, your login email.

Zendesk Sell automatically verifies the email address against your identity provider, and if you're already logged into your identity provider, you'll be automatically logged into Sell.

If you're not already logged into your identity provider, you'll be redirected to their login page to enter your login details. As soon as you're authenticated, you'll be automatically logged into Zendesk Sell. 

If you're logging in from a Sell mobile app, enter your Zendesk Sell email address in order to begin the sign in process on your device. Depending on your device, you'll be redirected to your browser or your identity provider's app to complete sign in. 

If you're an administrator on your Zendesk Sell account, you'll be able to select a "Log in with my Email and Password" option on the Sell login page. All non-administrator users will need to use SSO to log in. 

You need to be an administrator to change the email address registered to Sell. Non-admin accounts will not be able to change the email address used to log in. 

Understanding SSO settings

The following table lists the parameter name, parameter value and any comments about each SSO setting.

Parameter Name Parameter Value Comments
Single Sign On URL "Service Provider Assertion Consumer Service URL" value from Zendesk Sell settings

This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.

The same value should be used for Recipient URL and Destination URL if these are defined independently.

Audience Restriction "Service Provider Issuer ID" value from Zendesk Sell settings This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.
NameID Format EmailAddress  
Application Username Email  
Response Signed  
Assertion Signed & Encrypted  
Signature Algorithm RSA-SHA1  
Digest Algorithm SHA1  
Single Log Out URL    Leave this empty, as it is not supported by Zendesk Sell.
Default RelayState   Leave this empty, as it is not supported by Zendesk Sell.