Zendesk SAML Configuration

system

Introduction

This article outlines the information and steps you need to take in order to configure Zendesk to use the LogonBox SAML Identity Provider. Once configured your users will be redirected to your LogonBox Server to authenticate. 

 

Step 1 - Create the Resource from the Template

Log into your server as admin and navigate to Identity Services->SAML. Select Search Templates and select the Zendesk SAML template and click Next.

 

You will be asked for your Zendesk subdomain and Organization name.

Enter the subdomain name of your Zendesk account, for example if your zendesk domain is 'logonbox.zendesk.com' then your subdomain is simply 'logonbox'.

Enter your Organization name, this is the Organization within Zendesk where your Agents live. For example 'LogonBox Ltd'.

 

Click Next. At this point click close the templates window so that you can return to the list of SAML resources where your Zendesk SAML resource should now be present.

 

Edit the resource and in the Assignment tab, add users, groups or roles who will have permission to use this resource.

You can add the Everyone role to add all users.

 

Step 2 - Download SAML metadata

You will need a couple of things from your server in order to configure Zendesk. First you will need to download the SAML metadata.

In the table of SAML resources locate the Zendesk SAML resource, and click the options icon to activate the dropdown. Select Download Metadata; this is an XML file that contains information about the Identity Provider and its access points.


Next, navigate to Certificates and locate the SAML RSA certificate. Again using the options icon to activate the dropdown, select Download Certificate

 

Before proceeding to the next step, open the XML file containing the metadata and locate the logon and logoff service URLs. These are located towards the end of the document and will look like

https://demo.logonbox.com/app/api/sso/logon/123456

https://demo.logonbox.com/app/api/sso/logoff/123456

Copy the entire URL as these will be entered into the Zendesk settings.

You will also need your certificate's SHA1 fingerprint. You can get this after downloading the certificate file using the OpenSSL command line program.

Execute the command in the directory that contains your certificate file.

openssl x509 -in SAML_RSA.crt -sha1 -noout -fingerprint

This will output the fingerprint. You will need this to configure Zendesk.

 

Step 3 - Configure Zendesk

Once you have set up the SAML resource on your server you will now need to log into your Zendesk account as Administrator so that you can configure Zendesk Security to use a third-party Identity Provider.

First, once logged in, select Admin settings from the bottom of the left navigation bar.

 

This will take you to the Admin Console, where you will need to select Security in the Settings section.

 

In the Security section select the Single sign-on (SSO) option

 

You will now have a couple of options. You want to configure the first option SAML

 

This will present you with the SAML configuration.

 

In the SAML SSO URL settings, enter the logon URL we extracted from the metadata XML document earlier.

In the Certificate fingerprint setting, enter the fingerprint we obtained from the command line earlier.

In the Remote Logout URL setting, enter the logoff URL we extracted.

Click Save to commit the settings.

 

Step 4 - Final Checks

Each user's email address must match their Zendesk logon email as this is the primary link between accounts.

Once access is assigned log out of Zendesk and then access LogonBox as a user with the rights to use the new resource. In My Resources->Browser Resources click the launch icon to access Zendesk.

Alternatively, you can start from your Zendesk URL which should redirect to your LogonBox server for authentication.