Configuring SAML SSO for Zendesk

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Zendesk.

Prerequisite

1. Login to ADSelfService Plus as an administrator.
2. Navigate to  Configuration > Self-Service > Password Sync/Single Sign On > Add Application, and select Zendesk from the applications displayed.
   Note: You can also find the application that you need from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.
3. Click IdP details at the top-right corner of the screen.
4. In the pop-up that appears, copy the Login URL, Logout URL and SHA256 Fingerprint values.

Zendesk (Service Provider) configuration steps

1. Log in to Zendesk with administrator credentials.
2. Navigate to Admin Center by clicking the box-menu icon at the top-right corner of the page.



3. In Admin Center pane, Navigate to Account > Security > Single sign-on.



4. Click Create SSO configuration > SAML.
5. In the Create SAML configuration screen that opens:
   1. Enter a recognizable Configuration name (such as ADSelfService Plus SAML configuration).
   2. Enter the Login URL copied in step 4 of the prerequisites in the SAML SSO URL field
   3. Under Certificate fingerprint, paste the SHA256 FingerPrint copied in step 4 of the prerequisites.
   4. Enter the Logout URL copied in step 4 of the prerequisites in the Remote Logout URL field.

   

6. Make note of the Assertion Consumer Service (ACS) URL.



7. Click Save.
8. Enable SAML Single sign-on for end users by navigating to Security > End User authentication
9. Deselect Zendesk Authentication if you want your users to sign-in using ADSelfService Plus SSO alone, and select External Authentication.



10. Select the SAML configuration you set up in the previous steps.
11. Choose Redirect to SSO under How end users sign in.
12. Click Save.

ADSelfService Plus (Identity Provider) configuration steps

1. Now, switch to ADSelfService Plus’ Zendesk configuration page.



2. Enter the Application Name and Description.
3. In the Assign Policies field, select the policies for which SSO need to be enabled.
   Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.
4. Select Enable Single Sign-On.
5. Enter the Domain Name of your Zendesk account. For example, if you use johndoe@thinktodaytech.com to log in to Zendesk, then thinktodaytech.com is the domain name.
6. Enter Zendesk's Assertion Consumer Service (ACS) URL till the domain name as the SP Login Initiate URL. It should be in this format: https://<org_domain_name>.zendesk.com



7. Enter the ACS URL copied in step 6 of the SP configuration in the Assertion Consumer Service URL field.
8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.

Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application

9. Click Add Application
10. Your users should now be able to sign in to Zendesk through ADSelfService Plus.
Note:
• For Zendesk, both SP and IDP-initiated flows are supported.
• Zendesk SAML login SSO will be bypassed if the login URL is in this format: https://<org_domain_name>.zendesk.com/access/normal