YouTrack Server 2024.3 Help

YouTrack as SAML Identity Provider for Zendesk

When you configure your YouTrack server as the Identity Provider for your Zendesk instance, your users can log into Zendesk with their credentials in YouTrack or any other authentication module.

This configuration also enables single sign-on. When users log into one of the services connected to YouTrack, they are logged into all connected services.

Before you start, verify the following prerequisites:

  • You must have administrative privileges in both Zendesk and YouTrack.

  • An email address of the YouTrack administrator account that you use to configure SAML2.0 for Zendesk must differ from the email of the Zendesk instance owner. Otherwise, you might end-up in the redirecting loop when you test the SAML configuration.

  • YouTrack administrator account must have a verified email address.

To configure your Zendesk instance:

  1. In your Zendesk instance, open the Settings > Security page.

  2. Select the End-Users tab.

    We describe how to set up YouTrack to authenticate end-users with SAML. However, you can set up YouTrack to authenticate Zendesk Agents, as well. To do so, select the Agents tab and provide the same parameters as described in the next step.

  3. Enable the Single-sign-on option, select SAML, and configure the following parameters:

    Parameter

    Description

    SAML SSO URL

    Paste the content of the Sign In URL field on More Settings > SAML2.0 > Settings page of the YouTrack server.

    Certificate fingerprint

    Paste the SHA-256 fingerprint of the certificate packed into the SSL key store set for SAML in YouTrack. Copy from the Fingerprints field on the More Settings > SAML2.0 > Settings page.

    Remote logout URL

    Paste the content of the Sign Out URL field on More Settings > SAML2.0 > Settings page of the YouTrack server.

    IP ranges

    Requests from these IP addresses will always be routed through YouTrack for authentication. By default, we recommend that you use the *.*.*.* pattern to authenticate all end-users via YouTrack.

  4. In YouTrack, select SAML 2.0 from the Access Management section of the Administration menu.

  5. Select the Registered Service Providers tab.

  6. Click the Register service provider button.

  7. In the dialog, enter the parameters of your Zendesk instance:

    Parameter

    Description

    Name

    Enter a name to be displayed for the Zendesk instance in YouTrack.

    Issuer

    Use the name of your Zendesk instance in the format <accountname>.zendesk.com.

    Description

    Optionally, enter a description of the Zendesk instance.

    Consumer URL

    Paste the Access Consumer Service (ACS) URL of your Zendesk instance. The general format for the ACS URL in Zendesk is https://<accountname>.zendesk.com/access/saml (case-sensitive).

    YouTrack should send LogoutResponse

    Make sure that the option is disabled.

Last modified: 07 June 2024