SaaS Security
Onboard a Zendesk App to SSPM
Table of Contents
Expand All
|
Collapse All
SaaS Security Docs
Onboard a Zendesk App to SSPM
Onboard a Zendesk app to SSPM to detect posture risks.
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Data Security license:
|
For SSPM to detect posture risks in your Zendesk instance, you must onboard your
Zendesk instance to SSPM. Through the onboarding process, SSPM connects to a Zendesk
API and, through the API, scans your Zendesk instance for misconfigured settings and
account risks.
SSPM gets access to your Zendesk instance through OAuth 2.0 authorization. To enable
OAuth 2.0 authorization, you first create an OAuth 2.0 client app in Zendesk before
onboarding your Zendesk instance in SSPM. During the onboarding process, SSPM will
redirect you to log in to Zendesk. After you log in, Zendesk will prompt you to
grant SSPM the access it needs to your Zendesk instance.
To access your Zendesk instance, SSPM requires the following information, which you
will specify during the onboarding process.
Item | Description |
---|---|
Client ID
|
SSPM will access a Zendesk API through an OAuth 2.0 client app
that you create in Zendesk. Zendesk generates the Client ID to
uniquely identify this client app.
|
Client Secret
|
SSPM will access a Zendesk API through an OAuth 2.0 client app
that you create in Zendesk. Zendesk generates the Client Secret,
which SSPM uses to authenticate to the API.
|
Zendesk subdomain
|
A character string that uniquely identifies your Zendesk account.
By default, your subdomain appears in the URL that you use to
access your Zendesk account. Your subdomain is also shown in the
Admin Center in Zendesk.
|
To onboard your Zendesk instance, you complete the following actions:
- From SSPM, get a redirect URL. You will specify this redirect URL in the OAuth 2.0 client app that you will create in Zendesk. To get this information, you will begin the onboarding process in SSPM, but you will not complete the process.
- Log in to Strata Cloud Manager.Select ManageConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Zendesk tile.On the Posture Security tab, Add New instance.Log in with Credentials.SSPM displays a connection page for onboarding a Zendesk instance. The Redirect URL field displays the redirect URL value.Copy the URL and paste it into a text file.Don’t continue to the next step unless you have copied the redirect URL. You will need to specify this URL later when you're configuring your OAuth 2.0 client app.Because you won't be completing the onboarding process until after you have gathered the necessary configuration information, return to the Apps Onboarding page.Create the OAuth 2.0 client app that SSPM will use to access your Zendesk instance.
- Identify the Zendesk account that you will use to create the OAuth 2.0 client app.Required Permissions: You must create the OAuth 2.0 client app from an account that is assigned to the Admin role in Zendesk.Open a web browser to the Zendesk login page and log in to the Admin account you identified.Navigate to the Zendesk Admin Center. To navigate to the Admin Center, click the settings icon (gear icon) in the left navigation pane.In the left navigation pane of the Admin Center, select Apps and Integrations OAuth clients. The OAuth clients item is located in the APIs section of the menu.The OAuth clients page lists any OAuth clients that you have created.On the OAuth clients page, click Add OAuth client.On the Create a new OAuth client page, complete the following actions:
- Specify a Client name. This name will appear in the list of clients on the OAuth clients page, so give it a meaningful name, such as SSPM Integration.
- Specify a short Description of the client. This description will appear in the entry for your client on the OAuth clients page. The description will also appear in the access permissions consent form that Zendesk displays when you're onboarding your Zendesk instance to SSPM.
- Copy the identifier from the Identifier
field and paste it into a text file. This is the Client ID of
your OAuth 2.0 client app. Don’t continue to the next step unless you have copied the Client ID. You must provide this information to SSPM during the onboarding process.
- In the Client kind field, select Confidential.
- In the Redirect URLs field, specify the redirect URL that you obtained from SSPM.
Save your OAuth 2.0 client app.Zendesk saves your OAuth 2.0 client app and displays the Client Secret that SSPM will use to authenticate to the client app.Copy the Client Secret and paste it into a text file.Don’t continue to the next step unless you have copied the Client Secret. You will provide this information to SSPM during the onboarding process.Identify your Zendesk subdomain.Unless you enabled the host-mapping feature in Zendesk, your subdomain is included in your account's URL. The URL format is <subdomain>.zendesk.com.If you have enabled the host-mapping feature in Zendesk, then the subdomain is mapped to your own domain, and you can’t identify the subdomain from your account's URL. In this case, you can identify your Zendesk subdomain from the Admin Center in Zendesk.- To navigate to the Admin Center, click the settings icon (gear icon) in the left navigation pane.
- Locate the account domain name in the upper right corner of the Admin Center page. This account domain name contains your subdomain in the format <subdomain>.zendesk.com.
Connect SSPM to your Zendesk instance.In SSPM, complete the following steps to enable SSPM to connect to your Zendesk instance.- Log in to Strata Cloud Manager.Select ManageConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Zendesk tile.On the Posture Security tab, Add New instance.Log in with Credentials.Enter the application credentials (Client ID and Client Secret) for your OAuth 2.0 client app, and your Zendesk subdomain.Connect.SSPM redirects you to the Zendesk log in page.Log in to the Zendesk Admin account.Zendesk displays a consent form that details the access permissions that SSPM requires.Review the consent form and allow the requested access.