Skip to content
Cloudflare for Teams
Visit Cloudflare for Teams on GitHub
Set theme to dark (⇧+D)

Configure Zendesk SSO with Access for SaaS

This tutorial covers how to configure Zendesk SSO with Access for SaaS.

⏲️ Time to complete:

20 minutes

Configure Zendesk and Cloudflare

  1. To begin, navigate to your Zendesk administrator dashboard, typically available at <yourdomain>.zendesk.com/admin/security/sso.

  2. In a separate tab or window, open the Cloudflare for Teams Dashboard and navigate to Access > Applications.

  3. Select SaaS as the application type to begin creating a SaaS application.

  4. Copy the following fields from your Zendesk account and input them in the Cloudflare for Teams application configuration:

    • Assertion Consumer Service URL. This URL appears as SAML SSO URL in your Zendesk account.
    • Entity ID: https://yoursubdomain.zendesk.com
    • NameID: Email
  5. Configure these Attribute Statements to include a user’s first and last name:

    • <Cloudflare Firstname attribute name> => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    • <Cloudflare Last name attribute name> => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

    Additional Attributes can also be synchronized with Zendesk.

    Zendesk attributes

  6. Create an Access policy to determine who can access Zendesk.

    Zendesk policy

  7. Copy the Cloudflare IdP values and add them to the following Zendesk Fields:

    • SSO Endpoint => SAML SSO URL
    • Public Key => Certificate Fingerprint

    Zendesk fingerprint

  8. Go to https://<yourdomain>.zendesk.com/admin/security/staff_members and enable External Authentication > Single Sign On.

    Zendesk external authentication

Users should now be able to log into Zendesk if their Email address exists in the Zendesk user list.