Zendesk SAML Integration
This document explains how to implement MonoSign with Zendesk. It covers Single Sign-On. Before you continue, it is better to start with Zendesk’s Single Sign-On implementation page.
View Zendesk SSO Metadata
In order to configure the SAML key on MonoSign for Zendesk SSO, you need to have various information provided by Zendesk. First, navigate to Account > Single sign-on and click Configure next to the SAML section on the Admin Center.
You will see Service Provider Details as follows.
For now, stop here on the Zendesk side and create a MonoSign application and related SAML key by using the information provided by Zendesk.
Creating an Application and Access Key on MonoSign
Create the application on MonoSign and configure the access policy. Once it is created, click Keys and Add New Key to create a SAML access key.
In the opened modal, choose SAML as Key Type and switch to SAML2 Settings. Fill in the necessary fields according to the information provided by Zendesk. Correspondings of the fields are as below.
Field | Value |
|---|---|
Assertion Consumer Url | Assertion Consumer Url from Service provider details |
Click Save and you are gonna see your configuration for your access key as follows.
Configuration Single Sign-On for Zendesk
We are gonna move on to where we left off on the Zendesk Single Sign-On page which is mentioned in the first chapter. Fill in the SAML configuration form according to the access key created on MonoSign. Correspondings of the fields are as below.
Field | Value |
|---|---|
SAML SSO URL | Sign On Service from the SAML access key |
Certificate fingerprint | SHA256 Fingerprint of the certificate issued to SAML access key - the certificate can be downloadable from the key detail |
Remote logout URL | Logout Service from the SAML access key |
You need to view your certificate fingerprint. in that case, we prefer using OpenSSL - “a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.”
Use the command below to view the certificate.
openssl x509 -in {path of your certificate} -noout -fingerprint -sha256The SAML configuration should be as follows.
Next, assign the SSO option to end users, team members, or both. Navigate to the Account > Security > Team member authentication or Account > Security > End user authentication. Select External authentication to show the authentication options. Choose SAML as the Single sign-on (SSO) option in the External authentication section.
For team members, single sign-on might not cover all use cases, so you have a choice to keep both authentication methods. For example, a Zendesk password is required to access your Support account from many Zendesk integrations, or to use the Zendesk API or Apps framework.
If you disabled Zendesk passwords, click Account > Advanced > Authentication and select an SSO bypass option. You can choose whether only the Account owner or all Admins (including the account owner) can be granted access to the account in case the sign-in provider goes down.