1. Bookmark SendSafely Zendesk Integration Resources

The SendSafely Online Help Center provides numerous Zendesk integration setup resources, along with a recorded demo of the SendSafely Zendesk integration for reference.

The SendSafely Blog & Developer Center also provide updates on new features as they are released and also proof-of-concept code examples that may be useful in your environment. Please also review the Set Up Checklist for SendSafely Administrators.

Lastly, you can also email support@sendsafely.com with any questions or issues. 

2. Install the SendSafely Zendesk Sidebar App

The Zendesk Sidebar App allows agents to view and download received files associated with individual tickets within the Zendesk Agent Console. The App also allows agents to securely send files and messages outbound to customers.

The sidebar app can be installed from the Zendesk Marketplace, and installation instructions can be found here. The following configuration options are available (under Apps -> Manage -> SendSafely within the Admin Home sidebar of the Zendesk Admin Center):

• Require authentication by default for outbound files (recommended)
• Add all agents as recipients for outbound files 
• Insert a hyperlink to access files instead of a URL
• Specify a portal host name (recommended for organizations with multiple SendSafely portals)
• Enable Role and Group Restrictions 

The default settings are usually appropriate for most organizations as they get started. Note - files up to 10GB in size can be sent by agents via the SendSafely Zendesk Sidebar App.

3. Configure your Inbound Workflow

SendSafely provides several options for collecting sensitive files from customers and other external parties, all leveraging the SendSafely Dropzone.  

• SendSafely Hosted Dropzone to Zendesk: The SendSafely Hosted Dropzone is a turn-key, stand alone web page for secure file submission. Hosted Dropzone setup instructions are located here, and you can connect your Hosted Dropzone to Zendesk using one of our pre-built connectors (see step 7 below). Submitted files will either open a new ticket, or be attached to an existing ticket.   
• Zendesk Help Center Widget:  Our Dropzone widget integrates SendSafely’s secure file upload capabilities with the Zendesk Help Center New Ticket and Ticket Reply screens. Installation instructions are here. 
• Zendesk Ticket Category Forms: The Dropzone widget can be used in conjunction with Zendesk Ticket Forms to enable SendSafely uploads only for selected ticket categories.
• Custom Form / Dropzone to Zendesk:  You can also build custom forms that use the SendSafely API to securely receive files for tracking via Zendesk tickets.

Most organizations utilize several of the different methods described above.  Note - your customers can submit very large files (> 10 GB) via a SendSafely Dropzone. 

4. Zendesk Dropzone Macro Setup

The Agent Macro feature of Zendesk allows your agents to easily generate ticket-specific links to Hosted Dropzones that customers will utilize for file submission. Instructions are in this article under the "Add a Macro to Zendesk for Inserting the Dropzone Link" section.

5. Ensure Dropzones are Production Ready

For any system integration, we recommend setting up a Dropzone under a Service Account, using a team alias such as support@company.com. SendSafely Administrators can then manage the Service Account Dropzone via the SendSafely Enterprise Console. 

Be sure to add your Zendesk agents to the Dropzone recipient list by following the steps outlined under "Initial Dropzone Setup - Step 3 - Configure Additional Recipients".

SendSafely provides many configuration options on the Dropzone Profile that may be useful within your workflow:

• Custom Form Input Label (for Hosted Dropzone)
• Expiration Settings - for inbound files
• Restrict File Download (view only mode)
• Only allow files with certain extensions

Lastly, if you are not using a Service Account to host your Dropzone, we recommend backing up the initial Trusted Browser Key for the Dropzone Owner account. This initial key can be used to access all historical packages received via that Dropzone - which is especially useful if you choose to automate the download/export of received files in the future.

6. Synchronize your Dropzone Recipients with your Agent List

If you add or remove Zendesk agents on a frequent basis, you may want to consider using an automated process to synchronize your Dropzone Recipient List with the Agent List from Zendesk.

SendSafely provides instructions and a simple command line JAR file that allows you to do just that. 

7. Finalize your Dropzone Connector Production Configuration

For customer pilots, SendSafely may host the connector on your behalf for ease of setup and to facilitate testing. However, for production rollouts SendSafely recommends connectors be hosted within your own environment, for example, in your AWS, Azure, or Google environment. As part of the pilot process, plans should be put in place for transitioning the connector to self-hosting.

Resources for hosting your own SendSafely Zendesk connector can be found here:

• AWS Lambda Connector
• Microsoft Azure Connector
• Google Apps Script Connector  
• Zapier 

8. Configure SendSafely Data Retention Settings

Determine your organization’s data retention requirements with regard to the Zendesk ticket attachments and messages protected by SendSafely.  By default, all secured attachments and messages sent or received via SendSafely are subject to the expiration and deletion settings configured for your SendSafely portal. SendSafely does provide several additional options for long-term storage of data for historical record keeping, compliance, and/or regulatory requirements. Please review the following available options described in the Set Up Checklist for SendSafely Administrators:

• SendSafely Platform Expiration Settings 
• Master Key Setup
• Using your own AWS S3 Bucket
• API Export Options

Additional Zendesk Integration file expiration information:  

• Inbound Files Received by Agents: The file expiration configured in the Dropzone Profile controls the lifetime of inbound files and is managed within the SendSafely web portal.
• Outbound Files Sent by Agents: The lifetime of outbound files sent by an Agent using the Sidebar App is controlled by the default expiration configured in the Agent’s individual SendSafely User Profile and/or the Organization Wide Expiration Settings. 

Expiry Settings Administration - SendSafely Administrators can set a default, min and max expiration for all Agents in the SendSafely Enterprise Console. Please note - Dropzone expiration settings are not controlled by the min/max values set in the Enterprise Console.  Instead, they are managed individually by portal Admins.

9. Do your Agents need Email Address Masking?

The SendSafely Masking feature is useful for organizations who do not want to disclose the real email address of agents that send files using SendSafely. The masking feature replaces externally displayed email addresses with the text configured in the user profile First Name, and the first character of the Last Name field. (Users can edit their SendSafely profile from the Account Icon Badge in the top right hand corner -> Edit Profile option). 

You can read more here:  Masking User Email Addresses

Please Note - Using the “Email Address Masking” option automatically disables the Reply feature, since it would otherwise expose the Zendesk Agent email address to the external user.

10. Disable Reply Feature 

By default, customers receiving secure files from an agent have the option to reply to that agent via SendSafely.  However, to keep all communications associated with a Zendesk ticket we recommend requesting support@sendsafely.com disable the Reply function in your SendSafely portal, and encourage customers to perform all replies/secure file uploads via the connected Dropzone.

11. Assess if you need the SEG to keep PII out of Zendesk

The SendSafely Serverless Email Gateway (SEG) can be used to shield your Zendesk instance from inadvertently collecting and storing unsolicited Personally Identifiable Information (PII) submitted by customers via plain text email to your support email address. 

The SEG intercepts and encrypts these inbound email attachments before they touch Zendesk. When combined with the Sidebar App and Dropzone, the SEG provides an end-to-end solution for protecting sensitive information in Zendesk.

• Keeping Unwanted PII out of your Service Desk

12. Plan for Agent Onboarding

SendSafely recommends preparing and providing internal guidance to your team with regard to how to register their SendSafely accounts as part of the new Zendesk Agent onboarding process.  

Note - The exact instructions to onboard your new Zendesk agents will depend on the authentication mechanism configured for your SendSafely platform.  SendSafely always recommends using your Single Sign On (SSO) infrastructure to authenticate your employees whenever possible.  We provide support for multiple providers as part of our base subscription.  Importantly,  Zendesk also supports SAML SSO, so if you are using their implementation for your agents, you can also configure your SendSafely platform to use the same IdP (or vice versa).  

Typically, the best way for your Zendesk agents to register their SendSafely account is via the SendSafely Zendesk Sidebar App installed in their Zendesk Agent Console.  They should be informed to use the “Activate new Account” button, which will then automatically take them to your company SendSafely instance.  Depending on the user Authentication method implemented by your SendSafely Admin the guidance instructions should inform them which option to choose next (i.e. use either the "Login using Single Sign-on" or "Register Now" button). 

Remember to add your Zendesk agents to the Dropzone recipient list so they are authorized to decrypt files.

We also recommend new Zendesk agents watch this recorded demo of the SendSafely Zendesk integration as part of their onboarding training.