YouTrack as SAML Identity Provider for Zendesk

When you configure your YouTrack server as the Identity Provider for your Zendesk instance, your users can log into Zendesk with their credentials in YouTrack or any other authentication module.

This configuration also enables single sign-on. When users log into one of the services connected to YouTrack, they are logged into all connected services.

Before you start, verify the following prerequisites:

You must have administrative privileges in both Zendesk and YouTrack.
An email address of the YouTrack administrator account that you use to configure SAML2.0 for Zendesk must differ from the email of the Zendesk instance owner. Otherwise, you might end-up in the redirecting loop when you test the SAML configuration.
YouTrack administrator account must have a verified email address.

To configure your Zendesk instance:

In your Zendesk instance, open the Settings > Security page.
Select the End-Users tab.
We describe how to set up YouTrack to authenticate end-users with SAML. However, you can set up YouTrack to authenticate Zendesk Agents, as well. To do so, select the Agents tab and provide the same parameters as described in the next step.

Enable the Single-sign-on option, select SAML, and configure the following parameters:

Parameter	Description
SAML SSO URL	Paste the content of the Sign In URL field on More Settings > SAML2.0 > Settings page of the YouTrack server.
Certificate fingerprint	Paste the SHA-256 fingerprint of the certificate packed into the SSL key store set for SAML in YouTrack. Copy from the Fingerprints field on the More Settings > SAML2.0 > Settings page.
Remote logout URL	Paste the content of the Sign Out URL field on More Settings > SAML2.0 > Settings page of the YouTrack server.
IP ranges	Requests from these IP addresses will always be routed through YouTrack for authentication. By default, we recommend that you use the `...` pattern to authenticate all end-users via YouTrack.

In YouTrack, select SAML 2.0 from the Access Management section of the Administration menu.
Select the Registered Service Providers tab.
Click the Register service provider button.

In the dialog, enter the parameters of your Zendesk instance:

Parameter	Description
Name	Enter a name to be displayed for the Zendesk instance in YouTrack.
Issuer	Use the name of your Zendesk instance in the format `<accountname>.zendesk.com`.
Description	Optionally, enter a description of the Zendesk instance.
Consumer URL	Paste the Access Consumer Service (ACS) URL of your Zendesk instance. The general format for the ACS URL in Zendesk is `https://<accountname>.zendesk.com/access/saml` (case-sensitive). You can find the actual ACS URL of your particular instance in the description of the SAML SSO URL field when you enable SAML in Zendesk.
YouTrack should send `LogoutResponse`	Make sure that the option is disabled.

Last modified: 07 June 2024