>
    Strata Copilot
    Onboard a Zendesk App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Onboard SaaS Apps Supported by SSPM
    4. Onboard a Zendesk App to SSPM
    Download PDF
    SaaS Security

    Onboard a Zendesk App to SSPM

    Table of Contents

    Onboard a Zendesk App to SSPM

    Onboard a Zendesk app to SSPM to detect posture risks.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    For SSPM to detect posture risks in your Zendesk instance, you must onboard your Zendesk instance to SSPM. Through the onboarding process, SSPM connects to a Zendesk API and, through the API, scans your Zendesk instance for misconfigured settings and account risks.
    SSPM gets access to your Zendesk instance through OAuth 2.0 authorization. To enable OAuth 2.0 authorization, you first create an OAuth 2.0 client app in Zendesk before onboarding your Zendesk instance in SSPM. During the onboarding process, SSPM will redirect you to log in to Zendesk. After you log in, Zendesk will prompt you to grant SSPM the access it needs to your Zendesk instance.
    To access your Zendesk instance, SSPM requires the following information, which you will specify during the onboarding process.
    ItemDescription
    Client ID
    SSPM will access a Zendesk API through an OAuth 2.0 client app that you create in Zendesk. Zendesk generates the Client ID to uniquely identify this client app.
    Client Secret
    SSPM will access a Zendesk API through an OAuth 2.0 client app that you create in Zendesk. Zendesk generates the Client Secret, which SSPM uses to authenticate to the API.
    Zendesk subdomain
    A character string that uniquely identifies your Zendesk account. By default, your subdomain appears in the URL that you use to access your Zendesk account. Your subdomain is also shown in the Admin Center in Zendesk.
    To onboard your Zendesk instance, you complete the following actions:
    1. From SSPM, get a redirect URL. You will specify this redirect URL in the OAuth 2.0 client app that you will create in Zendesk. To get this information, you will begin the onboarding process in SSPM, but you will not complete the process.
      1. Log in to Strata Cloud Manager.
      2. Select ConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Zendesk tile.
      3. On the Posture Security tab, Add New instance.
      4. Log in with Credentials.
        SSPM displays a connection page for onboarding a Zendesk instance. The Redirect URL field displays the redirect URL value.
      5. Copy the URL and paste it into a text file.
        Don’t continue to the next step unless you have copied the redirect URL. You will need to specify this URL later when you're configuring your OAuth 2.0 client app.
      6. Because you won't be completing the onboarding process until after you have gathered the necessary configuration information, return to the Apps Onboarding page.
    2. Create the OAuth 2.0 client app that SSPM will use to access your Zendesk instance.
      1. Identify the Zendesk account that you will use to create the OAuth 2.0 client app.
        Required Permissions: You must create the OAuth 2.0 client app from an account that is assigned to the Admin role in Zendesk.
      2. Open a web browser to the Zendesk login page and log in to the Admin account you identified.
      3. Navigate to the Zendesk Admin Center. To navigate to the Admin Center, click the settings icon (gear icon) in the left navigation pane.
      4. In the left navigation pane of the Admin Center, select Apps and Integrations OAuth clients. The OAuth clients item is located in the APIs section of the menu.
        The OAuth clients page lists any OAuth clients that you have created.
      5. On the OAuth clients page, click Add OAuth client.
      6. On the Create a new OAuth client page, complete the following actions:
        1. Specify a Client name. This name will appear in the list of clients on the OAuth clients page, so give it a meaningful name, such as SSPM Integration.
        2. Specify a short Description of the client. This description will appear in the entry for your client on the OAuth clients page. The description will also appear in the access permissions consent form that Zendesk displays when you're onboarding your Zendesk instance to SSPM.
        3. Copy the identifier from the Identifier field and paste it into a text file. This is the Client ID of your OAuth 2.0 client app.
          Don’t continue to the next step unless you have copied the Client ID. You must provide this information to SSPM during the onboarding process.
        4. In the Client kind field, select Confidential.
        5. In the Redirect URLs field, specify the redirect URL that you obtained from SSPM.
      7. Save your OAuth 2.0 client app.
        Zendesk saves your OAuth 2.0 client app and displays the Client Secret that SSPM will use to authenticate to the client app.
      8. Copy the Client Secret and paste it into a text file.
        Don’t continue to the next step unless you have copied the Client Secret. You will provide this information to SSPM during the onboarding process.
    3. Identify your Zendesk subdomain.
      Unless you enabled the host-mapping feature in Zendesk, your subdomain is included in your account's URL. The URL format is <subdomain>.zendesk.com.
      If you have enabled the host-mapping feature in Zendesk, then the subdomain is mapped to your own domain, and you can’t identify the subdomain from your account's URL. In this case, you can identify your Zendesk subdomain from the Admin Center in Zendesk.
      1. To navigate to the Admin Center, click the settings icon (gear icon) in the left navigation pane.
      2. Locate the account domain name in the upper right corner of the Admin Center page. This account domain name contains your subdomain in the format <subdomain>.zendesk.com.
    4. Connect SSPM to your Zendesk instance.
      In SSPM, complete the following steps to enable SSPM to connect to your Zendesk instance.
      1. Log in to Strata Cloud Manager.
      2. Select ConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Zendesk tile.
      3. On the Posture Security tab, Add New instance.
      4. Log in with Credentials.
      5. Enter the application credentials (Client ID and Client Secret) for your OAuth 2.0 client app, and your Zendesk subdomain.
      6. Connect.
        SSPM redirects you to the Zendesk log in page.
      7. Log in to the Zendesk Admin account.
        Zendesk displays a consent form that details the access permissions that SSPM requires.
      8. Review the consent form and allow the requested access.

    © 2026 Palo Alto Networks, Inc. All rights reserved.