Zendesk Single Sign-On Integration

The Zendesk Single Sign-on (SSO) Integration creates a client application that uses Auth0 for authentication and provides SSO capabilities for Zendesk. Your users log in to Zendesk with Auth0 identity providers, which means the identity provider performs the identity credentials verification.

Before you begin:

Sign up for a Zendesk account.
Set up a connection, which is a source of users. Connections can be databases, social identity providers, or enterprise identity providers, and can be shared among different applications. You may set up more than one connection for use with SSO integrations.

Zendesk requires that all users have an email address. When enabling enterprise or social connections, make sure that they will provide an email address that can be sent to Zendesk.

To configure a Zendesk SSO integration, you will:

Consent to Auth0 SSO integration
Configure Auth0 SSO integration
Configure integration with Zendesk
Enable connections

Navigate to Auth0 Dashboard > SSO Integrations, and click + Create SSO Integration.
Select Zendesk.
Click Continue to grant the integration access to the listed permissions.

Enter a name for your SSO Integration, configure the following settings, and click Save.

Setting	Description
Zendesk Account Name	Your Zendesk account name.
Use Auth0 instead of the IdP to do Single Sign-on (SSO). Legacy tenants only.	If enabled, Auth0 will handle SSO instead of Zendesk.

Save Integration

To configure the integration with Zendesk, follow the instructions listed in the Tutorial view.

This integration uses SAML, which works with only certain versions of Zendesk.

Before you continue, make sure you have your SSO integration Client ID. You will use the Client ID to replace the SSO_CLIENT_ID placeholders.

Locate Client ID

Log in to Zendesk as an administrator.
Go to Security > Single sign-on.
For SAML, select Configure.
Select the Enabled checkbox.
Enter the SAML SSO URL (be sure to replace the SSO_CLIENT_ID placeholder with the Client ID of your SSO Integration): https://YOUR_DOMAIN/samlp/SSO_CLIENT_ID
Enter the Certificate fingerprint: A6:14:84:AC:34:55:FA:14:87:19:15:81:67:77:D2:59:EB:13:4B:FC
Enter the Remote logout URL (be sure to replace the ACCOUNT_NAME placeholder with your Zendesk account name, which will usually be the first segment in your Zendesk URL (for example, https://{accountname}.zendesk.com)): https://YOUR_DOMAIN/v2/logout/?returnTo=https://ACCOUNT_NAME.zendesk.com

You can use any URL for the returnTo parameter, but you must set it as an Allowed Logout URL in Auth0 Dashboard > Tenant Settings > Advanced. The example above uses your Zendesk home.

Click Save. SAML SSO is now configured, but it is not automatically enabled for Zendesk users. To allow users to sign in with SSO, enable external authentication in Zendesk.

Choose the connections to use with your SSO integration. Users in enabled connections will be allowed to log in to Zendesk. By default, all configured connections are enabled.

Select the Connections view.
Toggle the sliders next to connection names to enable or disable them.

Docs