Configuring Zendesk Sell with Microsoft ADFS Single Sign On (SSO)

If your organization uses ADFS, you may consider configuring Zendesk Sell for SSO. The following is a step-by-step guide to initial setup. 


Part 1 - Setting up a Relying Party Trust

Step 1 - The first step is to set up the ADFS connection with your Zendesk Sell account. The connection between ADFS and Sell is defined using a Relying Party Trust (RPT). Select the Relying Party Trusts folder from AD FS Management, and add a new Standard Relying Party Trust from the Actions sidebar. This starts the configuration wizard for a new trust, like so:


Step 2 - After starting the configuration wizard, the next step is to configure the data source. In the Select Data Source screen, select the last option, Enter Data About the Party Manually, like so:


Step 3 - On the next screen, enter a Display name that you'll recognize in the future, and any notes you want to make.


Step 4 - On the next screen, select the ADFS FS profile button.


Step 5 - On the next screen, leave the certificate settings at their defaults.


Step 6 - Next, check the box labeled Enable Support for the SAML 2.0 WebSSO protocol. The service URL will be your Zendesk Sell Service Provider Assertion Consumer Service URL (found in the SSO settings of your account). Note - There should be no trailing slash at the end of the URL.


Step 7 - On the next screen, add a Relying party trust identifier using your Zendesk Sell Service Provider Issuer ID (found in the SSO settings of your account).


Step 8 - On the next screen, you may choose configure multi-factor authentication. However, this process is beyond the scope of this specific guide. 


Step 9 - On the next screen, select the Permit all users to access this relying party button.


Step 10 - On the next two screens, the wizard will display an overview of your settings. On the final screen use the Close button to exit and open the Claim Rules editor.


Part 2 - Creating Claim Rules

Once the relying party trust has been created, you can create the claim rules and update the RPT with minor changes that you did not configure in the previous wizard. Configure the claim rules according to your current ADFS set-up.


Part 3 - Adjusting the Trust Settings

Finally, adjust a few settings on your relying party trust. To access these settings, select Properties from the Actions sidebar while you have the RPT selected.

  • In the Advanced tab, make sure SHA-256 or SHA-1 is specified as the secure hash algorithm.


Part 4 - Configuring SSO In Sell

Lastly, navigate to the SSO settings in your Sell account.

After selecting Manual Setup, fill in the following:

a) Identity Provider Issuer Id (ex. http://yourdomain/adfs/services/trust)
b) Identity Provider SSO URL (ex. https://yourdomain/adfs/ls)
c) SHA-1 Thumbprint of the token signing certificate installed in ADFS instance)