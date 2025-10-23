Zendesk
This guide covers how to configure Zendesk ↗ as a SAML application in Cloudflare Zero Trust.
- An identity provider configured in Cloudflare Zero Trust
- Admin access to your Zendesk account
Go to your Zendesk administrator dashboard, typically available at
<yourdomain>.zendesk.com/admin/security/sso.
In a separate tab or window, open Zero Trust ↗, select your account, and go to Access > Applications.
Select Add an application, then choose SaaS.
Input the following values in the Zero Trust application configuration:
Zero Trust field Value Entity ID
https://<yoursubdomain>.zendesk.com
Assertion Consumer Service URL contents of SAML SSO URL in Zendesk account Name ID Format
(Optional) Configure these Attribute Statements to include a user's first and last name:
Cloudflare attribute name IdP attribute value
<first name>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
<last name>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Zendesk will use the user's email address as their name ↗ if the name is not provided.
To determine who can access Zendesk, create an Access policy.
Copy the SSO Endpoint and Public Key.
Transform the public key into a fingerprint:
Open a fingerprint calculator ↗.
Paste the Public Key into X.509 cert.
Wrap the value with
-----BEGIN CERTIFICATE-----and
-----END CERTIFICATE-----.
Set Algorithm to SHA256 and select Calculate Fingerprint.
Copy the Formatted FingerPrint value.
Add the Cloudflare values to the following Zendesk fields:
Cloudflare IdP field Zendesk field SSO Endpoint SAML SSO URL Public Key (transformed to fingerprint) Certificate Fingerprint
Go to
https://<yourdomain>.zendesk.com/admin/security/staff_membersand enable External Authentication > Single Sign On.
Users should now be able to log in to Zendesk if their Email address exists in the Zendesk user list.
