Cloudflare Docs
Cloudflare-One
Cloudflare Docs
Cloudflare Zero Trust
Search icon (depiction of a magnifying glass)
GitHub icon
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Configure Zendesk SSO with Access for SaaS

This tutorial covers how to configure Zendesk SSO with Access for SaaS.

⏲️ Time to complete:

20 minutes

Configure Zendesk and Cloudflare

  1. To begin, navigate to your Zendesk administrator dashboard, typically available at <yourdomain>.zendesk.com/admin/security/sso.

  2. In a separate tab or window, open the Zero Trust Dashboard and navigate to Access > Applications.

  3. Select SaaS as the application type to begin creating a SaaS application.

  4. Copy the following fields from your Zendesk account and input them in the Zero Trust application configuration:

    • Assertion Consumer Service URL. This URL appears as SAML SSO URL in your Zendesk account.
    • Entity ID: https://yoursubdomain.zendesk.com
    • NameID: Email

  5. Configure these Attribute Statements to include a user’s first and last name:

    • <Cloudflare Firstname attribute name> => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    • <Cloudflare Last name attribute name> => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

    Zendesk attributes

  6. Create an Access policy to determine who can access Zendesk.

    Zendesk policy

  7. Copy the Cloudflare IdP values and add them to the following Zendesk Fields:

    • SSO Endpoint => SAML SSO URL
    • Public Key => Certificate Fingerprint

    Zendesk fingerprint

  8. Go to https://<yourdomain>.zendesk.com/admin/security/staff_members and enable External Authentication > Single Sign On.

    Zendesk external authentication

Users should now be able to log in to Zendesk if their Email address exists in the Zendesk user list.