Hub 2017.4 Help

Hub as SAML Identity Provider for Zendesk

When you configure your Hub server as the Identity Provider for your Zendesk instance, your users can log into Zendesk with their credentials in Hub or any other authentication module.

This configuration also enables single-sign-on. When a user logs into one of the services that is connected to Hub, they are logged into all connected services.

Prerequisites

  • You must have administrative privileges in both Zendesk and Hub.
  • An email address of the Hub administrator account that you use to configure SAML 2.0 for Zendesk must differ from the email of the Zendesk instance owner. Otherwise, you might end-up in the redirecting loop when you test the SAML configuration.
  • Hub administrator account must have a verified email address.

Configuring your Zendesk Instance

  1. In your Zendesk instance, open the Settings > Security page.
  2. Select the End-Users tab.

    We describe how to set up Hub to authenticate end-users with SAML. However, you can set up Hub to authenticate Zendesk Agents, as well. To do so, select the Agents tab and provide the same parameters as described in the next step.

  3. Enable Single-sign-on option, select SAML, and configure the parameters:
    ParameterDescription
    SAML SSO URLPaste the content of the Sign In URL field on More Settings > SAML2.0 > Settings page of the Hub server.
    Certificate fingerprintPaste the SHA-256 fingerprint of the certificate packed into the SSL key store set for SAML in Hub. Copy from the Fingerprints field on the More Settings > SAML2.0 > Settings page.
    Remote logout URLPaste the content of the Sign Out URL field on More Settings > SAML2.0 > Settings page of the Hub server.
    IP rangesRequests from these IP addresses will always be routed through Hub for authentication. By default, we recommend that you use the *.*.*.* pattern to authenticate all end-users via Hub.
  4. In Hub, select SAML 2.0 from the Access Management section of the Administration menu.
  5. Select the Registered Service Providers tab.
  6. Click the Register service provider button.
  7. In the dialog, enter the parameters of your Zendesk instance:
    ParameterDescription
    NameEnter a name to be displayed for the Zendesk instance in Hub.
    IssuerUse the name of your Zendesk instance in the format <accountname>.zendesk.com.
    DescriptionOptionally, enter a description of the Zendesk instance.
    Consumer URLPaste the Access Consumer Service (ACS) URL of your Zendesk instance. The general format for the ACS URL in Zendesk is https://<accountname>.zendesk.com/access/saml (case sensitive).

    You can find the actual ACS URL of your particular instance in the description of the SAML SSO URL field when you enable SAML in Zendesk.

    Hub should send LogoutResponseMake sure that the option is disabled.
Last modified: 21 February 2018