This section describes how to integrate Zendesk with RSA Cloud Authentication Service using IDR SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using IDR SSO.

Procedure

1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
2. Click Create From Template.
3. Click Select against SAML Direct.
4. On the Basic Information page, choose Identity Router.
5. In the Name field, enter a name for the application and click Next Step.
   
6. Choose SP-Initiated under Initiate SAML Workflow section.
   1. Specify https://<domainname>.zendesk.com/login as the connection URL.
   2. Select POST under Binding Method for SAML Request.
       
      
7.  Scroll down to the Identity Provider section.
   
   1. Identity Provider URL is automatically generated.
   2. Identity Provider Entity ID is automatically generated.
   3. Click Generate Cert Bundle, and set a common name for your company certificate.
   4. Click Generate and Download.
   5. Click Choose File and upload the private key from the generated certificate bundle.
   6. Select Choose File and upload the cert from the generated certificate bundle.
   7. Select Include Certificate in Outgoing Assertion.
8. Scroll down to the Service Provider section and enter the following details:
   1. Assertion Consumer Service (ACS) – This will be specified on the Zendesk SSO SAML configuration form.
   2. Audience (Service Provider Issuer ID) – https://< Domain name>.zendesk.com.
      
9. Scroll down to the User Identity section.
10. Verify that the settings are correct for your environment.
    In this example, the username will be presented in email format and the user account will be validated against the User Store selected.
11. Click Next Step.
12. On the User Access page, select the access policy that the identity router will use to determine which users can access the application.
    
13. Click Next Step.
14. On the Access Policy page, select the appropriate policy and click Next Step.
15. Provide an appropriate name for the Application Tooltip.
16. Click Save and Finish.
17. Click Publish Changes.
    

Configure Zendesk 

Perform these steps to configure Zendesk.

Procedure 

1. Log on to Zendesk.
2. Access the Admin Center by clicking on the tiles icon.
   
3. Go to Account > Security > Single sign-on.
4. Click Create SSO Configuration > SAML.
5. Provide the following values:
   
   1. SAML SSO URL - This URL is the identity provider URL from the previous section.
   2. Certificate fingerprint - This is the SHA256 fingerprint of the SAML certificate that is used in the previous section. Refer to the notes provided at the end of this section for the steps to generate SHA 256 fingerprint.
   3. Remote Logout URL - The portal address.
6. Click Save.
7. Go to Account > Security > Team member authentication.

8. Select External authentication and click Single sign-on (SSO).

9. Select the SAML configuration created above.

   
10.  Select the option of Redirect to SSO.
    
11. Go to Account > Security > End user authentication.
12. Select External authentication and click Single sign-on (SSO).
13. Select the SAML configuration created above and select Redirect to SSO.
    

Notes:

Create SHA256 fingerprint

1. To generate an SHA256 fingerprint of your SAML certificate, you must use openssl.
2.  Open your terminal or command prompt and navigate to the file location in which your cert.pem file resides.
3. Enter the following command in a terminal or command prompt (Windows users must install openssl) to obtain your SHA256 fingerprint: openssl x509 -sha256 -noout -fingerprint -in cert.pem.
4. After entering the preceding command, your terminal or command window will display, SHA256 Fingerprint= yourSHA256_Fingerprint.
5. Copy the value of your SHA256 fingerprint and paste it into a text editor for use later.

Configuration is complete.

Return to main page .