Integrating Trusona and Zendesk

This guide details the steps required to configure Trusona as a passwordless authentication solution for Zendesk.

1. What’s in this doc

1. Getting started

Gather your Zendesk assertion consumer service URL. It takes the following form: https://<your subdomain>

2. Step 1: Email Trusona

Send an email to with the following information:

Subject: Zendesk Integration

  • Required:
    • Company name
    • Email domain(s) associated with your Zendesk users. (e.g.
    • Zendesk assertion consumer service URL
  • Optional
    • A vanity url you would like users to see when using Trusona to login to Zendesk (e.g.

2.1. Sent by Trusona

Trusona will send you the following via email:

  • IdP XML Metadata
  • Certificate fingerprint

3. Step 2: Identity provider setup

  1. Navigate to the Zendesk Admin Center
  2. Click “Security Settings” in the Security section
  3. Click the “Single sign-on” navigation item
  4. Click “Configure” in the SAML section
  5. Ensure that the “Enabled” checkbox is checked
  6. Enter the SAML SSO URL from Trusona
  7. Enter the Certificate Fingerprint from Trusona
  8. Click the “Save” button

4. Step 3: Adding SAML SSO Users in ZenDesk

  1. Navigate to the Zendesk Admin Center
  2. Choose Staff Members (for your employees) or End users (for your support users)
  3. Enabled the “External authentication” checkbox
  4. Select SAML as the Single Sign-on(SSO) option

4.1. SSO for staff members

When using SSO for “Staff members” Zendesk authentication is still available as an option. When you disable Zendesk authentication for staff members, all Zendesk passwords are deleted from the staff members’ accounts in 24 hours by Zendesk.

If you have disabled Zendesk authentication for staff members, you can specify who is allowed to use the SSO bypass URL (Account owner or Account owner and all Admins.) Your backup URL takes the form of https://<your subdomain>

4.2. SSO for end users

When using SSO for “End users”, all other authentication options are disabled.

5. Step 4: Testing the configuration

  1. Open a private browsing window
  2. Navigate to
  3. Click “Log in”
  4. Enter your subdomain
  5. Click “Sign in”

Complete the authentication in the Trusona App to access your Zendesk instance.

5.1. Vanity URL setup

Add a new CNAME DNS record for your domain.

  1. Set the “host” value to the URL you’d like users to see when logging in
  2. Set the “Answer” value to
  3. Set the TTL to 300

Here’s an example of a CNAME answer when retrieved by dig 3600 IN CNAME

Mobile SDKs
Server SDKs
Web SDKs
Users Guides
Implementation Guides