Single sign-on (SSO) for Zendesk
UserLock single sign-on (SSO) for Zendesk allows users to authenticate to Zendesk with their on-prem Active Directory credentials.
Published October 2, 2025)
)
)
)
Zendesk is a customer service and sales platform delivered via software-as-a-service (SaaS). As with other customer relationship management (CRM) tools, its user base inside organizations has expanded over time from customer service to sales.
This centralizes a lot of potentially sensitive customer data, making the platform an attractive target for attackers. That’s why defending SaaS apps always requires additional layers of security, such as multi-factor authentication (MFA), user access controls, and continuous monitoring.
Because teams usually use Zendesk alongside other SaaS apps, access is often consolidated using single sign-on (SSO).
The challenge for IT is to balance security and usability, while minimizing attack surface.
Most SSO services use a cloud-based identity provider. In an on-prem environment, in practice this means SaaS access actually requires two sets of credentials:
The AD credentials to logon
The "SSO" credentials to access the SSO portal, which then grants access to SaaS apps (exact setups vary)
Usability challenges can quickly become security risks. Understandably, end users may balk at completing multi-factor authentication (MFA) on logon, then again for SSO later. This can result in security compromises, such as removing MFA for SSO.
There's also the constraint that not all teams can or want to outsource identity data and credential storage to a cloud platform. While convenient, they're not immune to breaches or outages.
Last but not least, SSO often means changing or adding infrastructure, which is not always cheap or easy to implement. If organizations aren’t careful, SSO can add cost and complexity to a technology that was supposed to make life easier.
UserLock SSO is designed for organizations that run primarily on Active Directory. Implementing UserLock SSO allows organizations to continue using Active Directory to authenticate AD identities, which simplifies the time and cost of any integration with a third-party platform.
Admins can set up Active Directory SSO alongside UserLock's other access control layers, including granular MFA, concurrent session restrictions, and more. Plus, the policy configuration wizard turns implementation into a manageable project.
With UserLock SSO, the Zendesk login is no longer required. Instead, the permission to access Zendesk becomes part of the SSO login, which gives them access to multiple SaaS resources under one credential. UserLock SSO verifies an employee’s permission to access Zendesk using UserLock policies.
Enable Zendesk as a provider in the UserLock SSO console’s single sign-on configuration before restarting the service.
Navigate to Zendesk Admin Console → Settings → Single sign-on and add the values listed in the UserLock SSO for Zendesk configuration guide.
For teams tasked with defending on-prem AD, bringing SaaS access under IT's control can be a big headache.
SSO helps by consolidating multiple logins under one set of credentials, but only if it's implemented with a balance of simplicity, cost-efficiency, and control.
For Active Directory teams, that balance can be hard to hit. Many cloud-based SSO solutions shift identity security and risk outside the organization's security perimeter.
UserLock SSO offers a straightforward approach that keeps authentication anchored on-premises in Active Directory. It extends secure authentication to SaaS apps like Zendesk, combining MFA and granular access controls to ensure convenience and security that adapts to your team.