Configure Zendesk SSO with Access for SaaS
This guide covers how to configure Zendesk SSO with Access for SaaS.
Prerequisites
- A Zero Trust Account
- An integrated identity provider (IdP)
- Admin access to your Zendesk account
Configure Zendesk and Cloudflare
Go to your Zendesk administrator dashboard, typically available at
<yourdomain>.zendesk.com/admin/security/sso
.In a separate tab or window, open Zero Trust, select your account, and go to Access > Applications.
Select Add an application, then choose SaaS.
Input the following values in the Zero Trust application configuration:
Zero Trust field Value Entity ID https://<yoursubdomain>.zendesk.com
Assertion Consumer Service URL contents of SAML SSO URL in Zendesk account Name ID Format Email (Optional) Configure these Attribute Statements to include a user’s first and last name:
Cloudflare attribute name IdP attribute value <first name>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
<last name>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Zendesk will use the user’s email address as their name if the name is not provided.
To determine who can access Zendesk, create an Access policy.
Copy the values from the Cloudflare IdP fields and add them to the following Zendesk fields:
Cloudflare IdP field Zendesk field SSO Endpoint SAML SSO URL Public Key (transformed to fingerprint) Certificate Fingerprint To transform the public key into a fingerprint, use a fingerprint calculator:
Copy the public key value and paste it into X.509 cert.
Wrap the value with
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
.Set Algorithm to SHA256 and select Calculate Fingerprint.
Copy the Formatted FingerPrint value.
Go to
https://<yourdomain>.zendesk.com/admin/security/staff_members
and enable External Authentication > Single Sign On.
Users should now be able to log in to Zendesk if their Email address exists in the Zendesk user list.