Zendesk Authentication Using JWT And Azure Active Directory

It’s been a while since my last post, so this is why this post will be a bit longer than usual, I hope that it can help you.

Today we’re going to learn how to build a Zendesk SSO (Single Sign-On) authentication using JWT (JSON Web Token) and AzureAD (Azure Active Directory) as an Identity Provider.

In this post, we will go through several steps, which are,

  • Zendesk sign up and configuration,
  • Azure Active Directory configuration,
  • ASP.NET Core 2.0 application.


Microsoft Azure account (you can start your free trial from here.

Zendesk account (we’re going to understand how to create one).

Visual Studio 2017 (Community edition is free, click here to download it.

Zendesk signup

Zendesk is a customer service platform. It’s designed for companies that want to create customer relationships that are more meaningful, personal, and productive.

Zendesk provides a free trial to test all the product functionalities. To start your free trial, you should go to this link.

Rather than registering using your email address and your password, Zendesk provides other authentication options. You can use your Microsoft credentials or Google credentials to authenticate.


After choosing your preferred method, you will be asked to choose your subdomain (SUBSOMAIN.zendesk.com).


And that’s it, congratulations --  you have a Zendesk free account available for the next 30 days.


You have to verify your account by clicking on the link sent to your email address.

Zendesk JWT configuration

After creating a Zendesk account, now we have to configure it in order to be able to authenticate using JWT.

By following this steps, we’ll be able to authenticate to our Zendesk using JWT authentication mode.

  • Go to Admin tab


  • Go to Settings > Security


By default, you will see your preferred authentication mode selected (in my case, I signed up using my Microsoft credentials).

Now, select single sign-on (SOO) , in this section you will find two SSO authentication types, please ignore SAML authentication and choose JWT (JSON Web Token).

We have to fill the login and the sign-out URL(s) but don’t worry we will finish this step later after we configure our Azure Active Directory (Azure AD).

And that’s it for Zendesk configuration.

In order to use Single Sign-On authentication, we have to add a new Zendesk user. Go to Dashboard > People and then add user.


And here, fill in the 3 required fields, but please in the email field choose one of your Azure Active Directory user's username. For example, I’m using this username: saibimajdi@outlook.com as an email, and pick Agent as a role.


Now we have to focus on configuring our Azure AD and get it ready to use it as an identity provider.

Microsoft Azure Active Directory configuration

First of all, we have to get an active Microsoft Azure account, if you don’t have one you can easily create a free trial account from here.

After getting an Azure account up and running, we have to go to https://ad.portal.azure.com/ in order to configure our AzureAD. In order to add a user, you can just add an existing Microsoft account by clicking New Guest User. Enter a valid email address, saibimajdi@outlook.com in my case, remember to add the same username that you already used as email in the Zendesk account that we created previously.

Now we’re done with Azure Active Directory, let’s jump to how to build the ASP.NET Core 2 application and connect it to Azure AD and Zendesk.

ASP.NET Core 2.0 application

Launch Visual Studio 2017, and go to File > New > Project and choose ASP.NET Core Web Application under Web section.


And then, please choose Web Application (MVC) and change the authentication to Work or School accounts with Cloud – Single Organization option. Before hitting OK, please enter your Active Directory Domain.

Visual Studio will generate a new ASP.NET Core application that supports AD authentication to your Azure AD. You can check the AccountController and the Startup class, you will find that everything related to the authentication process is in place. Run the project and try to authenticate using your Azure AD account.

OK, so one more step to go. Now, we have to connect our application to Zendesk and configure the JWT authentication. In this part, we will need to write some code. Let’s go to the home controller, specifically to the Index action, and change it a bit.

  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Diagnostics;  
  4. using System.Linq;  
  5. using System.Security.Claims;  
  6. using System.Threading.Tasks;  
  7. using System.Web;  
  8. using Microsoft.AspNetCore.Authorization;  
  9. using Microsoft.AspNetCore.Mvc;  
  10. using JWT;  
  11. using JWT.Algorithms;  
  12. using JWT.Serializers;  
  13. using Microsoft.Extensions.Configuration;  
  14. namespace ZendeskJWT.Controllers {  
  15.     [Authorize]  
  16.     public class HomeController: Controller {  
  17.         private IConfiguration configuration;  
  18.         private string SUBDOMAIN => "YOUR_ZENDESK_SUBDOMAIN";  
  19.         private string SHARED_KEY => "YOUR_ZENDESK_SHARED_KEY";  
  20.         public IActionResult Index() {  
  21.             TimeSpan t = (DateTime.UtcNow - new DateTime(1970, 1, 1));  
  22.             int timestamp = (int) t.TotalSeconds;  
  23.             var email = HttpContext.User.Claims.Where(c => c.Type == ClaimTypes.Email).Select(c => c.Value).SingleOrDefault();  
  24.             var payload = new Dictionary < string,  
  25.                 object > () {  
  26.                     {  
  27.                         "alg",  
  28.                         "HS256"  
  29.                     }, {  
  30.                         "typ",  
  31.                         "JWT"  
  32.                     }, {  
  33.                         "iat",  
  34.                         timestamp  
  35.                     }, {  
  36.                         "jti",  
  37.                         Guid.NewGuid().ToString()  
  38.                     }, {  
  39.                         "name",  
  40.                         HttpContext.User.Identity.Name  
  41.                     }, {  
  42.                         "email",  
  43.                         email  
  44.                     }  
  45.                 };  
  46.             IJwtAlgorithm algorithm = new HMACSHA256Algorithm();  
  47.             IJsonSerializer serializer = new JsonNetSerializer();  
  48.             IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();  
  49.             IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);  
  50.             string token = encoder.Encode(payload, SHARED_KEY);  
  51.             string redirectUrl = "https://" + SUBDOMAIN + ".zendesk.com/access/jwt?jwt=" + token;  
  52.             string returnTo = HttpContext.Request.Query["return_to"].ToString();  
  53.             if (returnTo != null) {  
  54.                 redirectUrl += "&return_to=" + HttpUtility.UrlEncode(returnTo);  
  55.             }  
  56.             return Redirect(redirectUrl);  
  57.         }  
  58.         public IActionResult Error() {  
  59.             return View(new ErrorViewModel {  
  60.                 RequestId = Activity.Current ? .Id ? ? HttpContext.TraceIdentifier  
  61.             });  
  62.         }  
  63.     }  
  64. }  

You can get your ZENDESK_SUBDOMAIN and ZENDESK_SHARED_KEY from the Zendesk configuration, the security section. Please make sure to install the JWT NuGet package by taping

Install-Package JWT -Version 4.0.0

in the NuGet package manager console.

Let me explain what this piece of code does.

  1. var email = HttpContext.User.Claims.Where(c => c.Type == ClaimTypes.Email).Select(c => c.Value).SingleOrDefault();  

Here we get the current 'authenticated user’ email address from the Identity Claims object.

  1. var payload = new Dictionary < string,  
  2.     object > () {  
  3.         {  
  4.             "alg",  
  5.             "HS256"  
  6.         }, {  
  7.             "typ",  
  8.             "JWT"  
  9.         }, {  
  10.             "iat",  
  11.             timestamp  
  12.         }, {  
  13.             "jti",  
  14.             Guid.NewGuid().ToString()  
  15.         }, {  
  16.             "name",  
  17.             HttpContext.User.Identity.Name  
  18.         }, {  
  19.             "email",  
  20.             email  
  21.         }  
  22.     };  

We are preparing our payload which is the data that we should send to Zendesk in order to authenticate our user, which is an Azure AD user.

  1. IJwtAlgorithm algorithm = new HMACSHA256Algorithm();  
  2. IJsonSerializer serializer = new JsonNetSerializer();  
  3. IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();  
  4. IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);  
  5. string token = encoder.Encode(payload, SHARED_KEY);  

This part aims to build our JSON Web Token (JWT), which contains the payload and the Zendesk shared key encrypted using SHA256 encryption algorithm.

  1. string redirectUrl = $"https://{SUBDOMAIN}.zendesk.com/access/jwt?jwt={token}";  

Now, all that we have to do is to redirect to Zendesk with our JWT token that contains all the required information to ensure the authentication process.

Finally, run the project and you will be redirected to Microsoft authentication page.


Voila!! We’re logged in to Zendesk using our Azure AD account.


Thank you for your attention and please let me know if this post helped you or if you have any questions. Don’t hesitate to share this post with your friends.