Single Sign On (SSO) with Zendesk Sell can be set up with any SAML 2.0 compliant identity provider, eliminating the need for your users to remember a separate password for Sell.
This article contains the following sections:
As an administrator, SSO helps simplify identity management and increases security compliance with your organization's policies.
If you're already using an identity provider such as Okta, OneLogin, or PingIdentity, setting up SSO with Zendesk Sell is straightforward.
You can choose any SAML compliant identity provider with Sell if you don't already have one set up.
Setting up SSO
Single Sign On can be enabled for your entire account from the Zendesk Sell Settings > Single Sign On page. You need administrator rights to access this page.
For guidance on setting up ADFS with Sell, see Configuring Microsoft ADFS Single Sign On (SSO) with Sell.
Set up SSO in Sell
- Go to Settings >Single Sign On, and click Configure. You'll see the Zendesk Sell account's UUID, Service Provider Issuer ID, and Service Provider Assertion Consumer Service URL information on this page. You'll need to provide this information to your identity provider.
- Select Automatic Setup or Manual Setup.
- If you select Automatic Setup, enter the metadata URL for your identity provider. Most identity providers offer one URL to transfer this information.
- If your Identity Provider doesn't provide a single URL for configuration, select Manual Setup, enter the following information:
- Click Save.
Logging in to Zendesk Sell with SSO enabled
the experience will be a little different.
With SSO enabled, users continue to log in to Zendesk Sell from our default login page, but you'll need to enter in the email address registered to Sell, that is, your login email.
Zendesk Sell automatically verifies the email address against your identity provider, and if you're already logged into your identity provider, you'll be automatically logged into Sell.
If you're not already logged into your identity provider, you'll be redirected to their login page to enter your login details. As soon as you're authenticated, you'll be automatically logged into Zendesk Sell.
If you're logging in from a Sell mobile app, enter your Zendesk Sell email address in order to begin the sign in process on your device. Depending on your device, you'll be redirected to your browser or your identity provider's app to complete sign in.
If you're an administrator on your Zendesk Sell account, you'll be able to select a "Log in with my Email and Password" option on the Sell login page. All non-administrator users will need to use SSO to log in.
You need to be an administrator to change the email address registered to Sell. Non-admin accounts will not be able to change the email address used to log in.
Understanding SSO settings
The following table lists the parameter name, parameter value and any comments about each SSO setting.
|Parameter Name||Parameter Value||Comments|
|Single Sign On URL||"Service Provider Assertion Consumer Service URL" value from Zendesk Sell settings||
This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.
The same value should be used for Recipient URL and Destination URL if these are defined independently.
|Audience Restriction||"Service Provider Issuer ID" value from Zendesk Sell settings||This is a custom URL for each Zendesk Sell account, based on UUID generated during SSO configuration.|
|Assertion||Signed & Encrypted|
|Single Log Out URL||Leave this empty, as it is not supported by Zendesk Sell.|
|Default RelayState||Leave this empty, as it is not supported by Zendesk Sell.|