Hub as SAML Identity Provider for Zendesk
When you configure your Hub server as the Identity Provider for your Zendesk instance, your users can log into Zendesk with their credentials in Hub or any other authentication module.
This configuration also enables single-sign-on. When a user logs into one of the services that is connected to Hub, they are logged into all connected services.
- You must have administrative privileges in both Zendesk and Hub.
- An email address of the Hub administrator account that you use to configure SAML 2.0 for Zendesk must differ from the email of the Zendesk instance owner. Otherwise, you might end-up in the redirecting loop when you test the SAML configuration.
- Hub administrator account must have a verified email address.
Configuring your Zendesk Instance
- In your Zendesk instance, open the page.
- Select the End-Users tab.
We describe how to set up Hub to authenticate end-users with SAML. However, you can set up Hub to authenticate Zendesk Agents, as well. To do so, select the Agents tab and provide the same parameters as described in the next step.
- Enable Single-sign-on option, select SAML, and configure the parameters:
Parameter Description SAML SSO URL Paste the content of the Sign In URL field on page of the Hub server. Certificate fingerprint Paste the SHA-256 fingerprint of the certificate packed into the SSL key store set for SAML in Hub. Copy from the Fingerprints field on the page. Remote logout URL Paste the content of the Sign Out URL field on page of the Hub server. IP ranges Requests from these IP addresses will always be routed through Hub for authentication. By default, we recommend that you use the
*.*.*.*pattern to authenticate all end-users via Hub.
- In Hub, select Access Management section of the Administration menu. from the
- Select the Registered Service Providers tab.
- Click the Register service provider button.
- In the dialog, enter the parameters of your Zendesk instance:
Parameter Description Name Enter a name to be displayed for the Zendesk instance in Hub. Issuer Use the name of your Zendesk instance in the format
Description Optionally, enter a description of the Zendesk instance. Consumer URL Paste the Access Consumer Service (ACS) URL of your Zendesk instance. The general format for the ACS URL in Zendesk is
You can find the actual ACS URL of your particular instance in the description of the SAML SSO URL field when you enable SAML in Zendesk.
Hub should send
Make sure that the option is disabled.