Zendesk Provisioner

Creating a connection

To allow PingFederate to act as an identity provider and manage users in Zendesk, create a service provider (SP) connection.

Steps

  1. In the PingFederate administrator console, create a new SP connection:

    1. For PingFederate 10.1 or later: go to Applications → Integration → SP Connections. Click Create Connection.

    2. For PingFederate 10.0 or earlier: go to Identity Provider → SP Connections. Click Create Connection.

  2. Configure the basic connection details with the Zendesk quick connection template.

    1. On the Connection Template tab, select Use a template for this connection.

    2. In the Connection Template list, select Zendesk Provisioner.

    3. In the Metadata File row, upload the zendesk-saml-metadata.xml file that you saved in Obtain your Zendesk SAML 2.0 metadata XML file. Click Next.

    4. On the Connection Type tab, select Browser SSO Profiles and Outbound Provisioning. Click Next.

    5. On the Connection Options tab, click Next.

    6. On the General Info tab, in the Connection Name field, enter a name of your choosing. Click Next.

  3. On the Browser SSO tab, configure your browser SSO settings as shown in Configuring IdP Browser SSO in the PingFederate documentation.

    1. On the Browser SSO → SAML Profiles tab, select only IdP-Initiated SSO and SP-Initiated SSO.

    2. On the Browser SSO → Assertion Creation → Attribute Contract tab, set the following name format.

      Attribute Contract Subject Name Format

      SAML_SUBJECT

      [.codeph]urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified````

    3. On the Browser SSO → Protocol Settings → Signature Policy tab, select the Always Sign Assertion check box.

  4. On the Credentials tab, configure the connection credentials as shown in Configuring credentials in the PingFederate documentation. Click Next.

  5. On the Credentials → Digital Signature Settings tab, select the Include the certificate in the signature <KEYINFO> element check box.

  6. On the Outbound Provisioning tab, configure provisioning as shown in Configuring outbound provisioning in the PingFederate documentation:

    1. On the Target tab, enter the Zendesk Administator email, Sub-domain and API Token you obtained in Obtain required information.

    2. On the Manage Channels → Attribute Mapping tab, complete the attribute mappings as shown in Managing channels in the PingFederate documentation.

      Provide a source of data or provide a default value for the role attribute. This attribute only accepts specific values, which are explained in the Supported attributes reference.

  7. On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.