Integrating Trusona and Zendesk

This guide details the steps required to configure Trusona as a passwordless authentication solution for Zendesk.

By Clayton Lengel-Zigich
Updated Dec 23, 2019

• 1. Getting started
• 2. Set up integration
  • 2.1. Log into Trusona
  • 2.2. Navigate to the generic integration option(s)
  • 2.3. Creating a new generic integration
• 3. Customize & Upload Data
• 4. Additional actions for integrations
• 5. Identity provider setup
• 6. Adding SAML SSO Users in ZenDesk
  • 6.1. SSO for staff members
  • 6.2. SSO for end users
• 7. Testing the configuration
  • 7.1. Vanity URL setup

1. Getting started

Gather your Zendesk assertion consumer service URL. It takes the following form: https://<your subdomain>.zendesk.com/access/saml

2. Set up integration

2.1. Log into Trusona

Log into your Trusona account at trusona.dashboard.com

Log into the Trusona dashboard

2.2. Navigate to the generic integration option(s)

Locate the navigation bar on the left side of the main page, and click on the Generic SAML tab

Navigate to the correct tab

2.3. Creating a new generic integration

Click on the Create button to begin

Navigate to the correct tab

3. Customize & Upload Data

Be sure to fill in all the necessary information requested, and upload any files/documents needed. Failure to do so may prevent Trusona from creating the integration successfully

Fill out all the necessary information carefully

4. Additional actions for integrations

Once you have created your integration, you will be redirected back to the integration dashboard. From there, you should be able to see your new integration listed.

To the right of it, click on the Actions button. You will be presented with a number of different options you can select, depending on your requirements.

Click on the Actions button for further configuration details

5. Identity provider setup

1. Navigate to the Zendesk Admin Center
2. Click “Security Settings” in the Security section
3. Click the “Single sign-on” navigation item
4. Click “Configure” in the SAML section
5. Ensure that the “Enabled” checkbox is checked
6. Enter the SAML SSO URL from Trusona
7. Enter the Certificate Fingerprint from Trusona
8. Click the “Save” button

6. Adding SAML SSO Users in ZenDesk

1. Navigate to the Zendesk Admin Center
2. Choose Staff Members (for your employees) or End users (for your support users)
3. Enabled the “External authentication” checkbox
4. Select SAML as the Single Sign-on(SSO) option

6.1. SSO for staff members

When using SSO for “Staff members” Zendesk authentication is still available as an option. When you disable Zendesk authentication for staff members, all Zendesk passwords are deleted from the staff members’ accounts in 24 hours by Zendesk.

If you have disabled Zendesk authentication for staff members, you can specify who is allowed to use the SSO bypass URL (Account owner or Account owner and all Admins.) Your backup URL takes the form of https://<your subdomain>.zendesk.com/access/normal.

6.2. SSO for end users

When using SSO for “End users”, all other authentication options are disabled.

7. Testing the configuration

1. Open a private browsing window
2. Navigate to https://www.zendesk.com/
3. Click “Log in”
4. Enter your subdomain
5. Click “Sign in”

Complete the authentication in the Trusona App to access your Zendesk instance.

7.1. Vanity URL setup

Add a new CNAME DNS record for your domain.

1. Set the “host” value to the URL you’d like users to see when logging in
2. Set the “Answer” value to ssl.trusona.net
3. Set the TTL to 300

Here’s an example of a CNAME answer when retrieved by dig tada.trusona.com.

tada.trusona.com. 3600 IN CNAME ssl.trusona.net.

---