Integrating Trusona and Zendesk

This guide details the steps required to configure Trusona as a passwordless authentication solution for Zendesk.

1. Getting started

Gather your Zendesk assertion consumer service URL. It takes the following form: https://<your subdomain>.zendesk.com/access/saml

2. Step 1: Email Trusona

Send an email to support@trusona.com with the following information:

Subject: Zendesk Integration

  • Required:
    • Company name
    • Email domain(s) associated with your Zendesk users. (e.g. yourcompany.com)
    • Zendesk assertion consumer service URL
  • Optional
    • A vanity url you would like users to see when using Trusona to login to Zendesk (e.g. https://zendesk.yourcompany.com)

2.1. Sent by Trusona

Trusona will send you the following via email:

  • IdP XML Metadata
  • SAML SSO URL
  • Certificate fingerprint

3. Step 2: Identity provider setup

  1. Navigate to the Zendesk Admin Center
  2. Click “Security Settings” in the Security section
  3. Click the “Single sign-on” navigation item
  4. Click “Configure” in the SAML section
  5. Ensure that the “Enabled” checkbox is checked
  6. Enter the SAML SSO URL from Trusona
  7. Enter the Certificate Fingerprint from Trusona
  8. Click the “Save” button

4. Step 3: Adding SAML SSO Users in ZenDesk

  1. Navigate to the Zendesk Admin Center
  2. Choose Staff Members (for your employees) or End users (for your support users)
  3. Enabled the “External authentication” checkbox
  4. Select SAML as the Single Sign-on(SSO) option

4.1. SSO for staff members

When using SSO for “Staff members” Zendesk authentication is still available as an option. When you disable Zendesk authentication for staff members, all Zendesk passwords are deleted from the staff members’ accounts in 24 hours by Zendesk.

If you have disabled Zendesk authentication for staff members, you can specify who is allowed to use the SSO bypass URL (Account owner or Account owner and all Admins.) Your backup URL takes the form of https://<your subdomain>.zendesk.com/access/normal.

4.2. SSO for end users

When using SSO for “End users”, all other authentication options are disabled.

5. Step 4: Testing the configuration

  1. Open a private browsing window
  2. Navigate to https://www.zendesk.com/
  3. Click “Log in”
  4. Enter your subdomain
  5. Click “Sign in”

Complete the authentication in the Trusona App to access your Zendesk instance.

5.1. Vanity URL setup

Add a new CNAME DNS record for your domain.

  1. Set the “host” value to the URL you’d like users to see when logging in
  2. Set the “Answer” value to ssl.trusona.net
  3. Set the TTL to 300

Here’s an example of a CNAME answer when retrieved by dig tada.trusona.com.

tada.trusona.com. 3600 IN CNAME ssl.trusona.net.

Integrations

Desktop
IAM and SSO
PAM
Productivity
RADIUS
VPN

Guides

Get started guides
Implementation guides
Users guides

SDKs

Mobile SDKs
Server SDKs
Web SDKs

APIs

Authentication Service
ID Proofing Service

TOTP

Business
E-commerce
Finance
Productivity
Social
Gaming
Other