This checklist is designed to assist new SendSafely Administrators to configure the SendSafely Zendesk integration.
Important Note - This is the second of two checklists designed to ensure you are up and running efficiently with the SendSafely platform. This checklist builds on the Set Up Checklist for SendSafely Administrators and we recommend you complete those steps prior to starting on the below.
1. Bookmark SendSafely Zendesk Integration Resources
The SendSafely Online Help Center provides numerous Zendesk integration setup resources, along with a recorded demo of the SendSafely Zendesk integration for reference.
The SendSafely Blog & Developer Center also provide updates on new features as they are released and also proof-of-concept code examples that may be useful in your environment. Please also review the Set Up Checklist for SendSafely Administrators.
Lastly, you can also email firstname.lastname@example.org with any questions or issues.
2. Install the SendSafely Zendesk Sidebar App
The Zendesk Sidebar App allows agents to view and download received files associated with individual tickets within the Zendesk Agent Console. The App also allows agents to securely send files and messages outbound to customers.
The sidebar app can be installed from the Zendesk Marketplace, and installation instructions can be found here. The following configuration options are available (under Apps -> Manage -> SendSafely within the Admin Home sidebar of the Zendesk Admin Center):
The default settings are usually appropriate for most organizations as they get started. Note - files up to 10GB in size can be sent by agents via the SendSafely Zendesk Sidebar App.
3. Configure your Inbound Workflow
SendSafely provides several options for collecting sensitive files from customers and other external parties, all leveraging the SendSafely Dropzone.
Most organizations utilize several of the different methods described above. Note - your customers can submit very large files (> 10 GB) via a SendSafely Dropzone.
4. Zendesk Dropzone Macro Setup
The Agent Macro feature of Zendesk allows your agents to easily generate ticket-specific links to Hosted Dropzones that customers will utilize for file submission. Instructions are in this article under the "Add a Macro to Zendesk for Inserting the Dropzone Link" section.
5. Ensure Dropzones are Production Ready
For any system integration, we recommend setting up a Dropzone under a Service Account, using a team alias such as email@example.com. SendSafely Administrators can then manage the Service Account Dropzone via the SendSafely Enterprise Console.
Be sure to add your Zendesk agents to the Dropzone recipient list by following the steps outlined under "Initial Dropzone Setup - Step 3 - Configure Additional Recipients".
SendSafely provides many configuration options on the Dropzone Profile that may be useful within your workflow:
Lastly, if you are not using a Service Account to host your Dropzone, we recommend backing up the initial Trusted Browser Key for the Dropzone Owner account. This initial key can be used to access all historical packages received via that Dropzone - which is especially useful if you choose to automate the download/export of received files in the future.
6. Synchronize your Dropzone Recipients with your Agent List
If you add or remove Zendesk agents on a frequent basis, you may want to consider using an automated process to synchronize your Dropzone Recipient List with the Agent List from Zendesk.
SendSafely provides instructions and a simple command line JAR file that allows you to do just that.
7. Finalize your Dropzone Connector Production Configuration
For customer pilots, SendSafely may host the connector on your behalf for ease of setup and to facilitate testing. However, for production rollouts SendSafely recommends connectors be hosted within your own environment, for example, in your AWS, Azure, or Google environment. As part of the pilot process, plans should be put in place for transitioning the connector to self-hosting.
Resources for hosting your own SendSafely Zendesk connector can be found here:
8. Configure SendSafely Data Retention Settings
Determine your organization’s data retention requirements with regard to the Zendesk ticket attachments and messages protected by SendSafely. By default, all secured attachments and messages sent or received via SendSafely are subject to the expiration and deletion settings configured for your SendSafely portal. SendSafely does provide several additional options for long-term storage of data for historical record keeping, compliance, and/or regulatory requirements. Please review the following available options described in the Set Up Checklist for SendSafely Administrators:
Additional Zendesk Integration file expiration information:
Expiry Settings Administration - SendSafely Administrators can set a default, min and max expiration for all Agents in the SendSafely Enterprise Console. Please note - Dropzone expiration settings are not controlled by the min/max values set in the Enterprise Console. Instead, they are managed individually by portal Admins.
9. Do your Agents need Email Address Masking?
The SendSafely Masking feature is useful for organizations who do not want to disclose the real email address of agents that send files using SendSafely. The masking feature replaces externally displayed email addresses with the text configured in the user profile First Name, and the first character of the Last Name field. (Users can edit their SendSafely profile from the Account Icon Badge in the top right hand corner -> Edit Profile option).
You can read more here: Masking User Email Addresses
Please Note - Using the “Email Address Masking” option automatically disables the Reply feature, since it would otherwise expose the Zendesk Agent email address to the external user.
10. Disable Reply Feature
By default, customers receiving secure files from an agent have the option to reply to that agent via SendSafely. However, to keep all communications associated with a Zendesk ticket we recommend requesting firstname.lastname@example.org disable the Reply function in your SendSafely portal, and encourage customers to perform all replies/secure file uploads via the connected Dropzone.
11. Assess if you need the SEG to keep PII out of Zendesk
The SendSafely Serverless Email Gateway (SEG) can be used to shield your Zendesk instance from inadvertently collecting and storing unsolicited Personally Identifiable Information (PII) submitted by customers via plain text email to your support email address.
The SEG intercepts and encrypts these inbound email attachments before they touch Zendesk. When combined with the Sidebar App and Dropzone, the SEG provides an end-to-end solution for protecting sensitive information in Zendesk.
12. Plan for Agent Onboarding
SendSafely recommends preparing and providing internal guidance to your team with regard to how to register their SendSafely accounts as part of the new Zendesk Agent onboarding process.
Note - The exact instructions to onboard your new Zendesk agents will depend on the authentication mechanism configured for your SendSafely platform. SendSafely always recommends using your Single Sign On (SSO) infrastructure to authenticate your employees whenever possible. We provide support for multiple providers as part of our base subscription. Importantly, Zendesk also supports SAML SSO, so if you are using their implementation for your agents, you can also configure your SendSafely platform to use the same IdP (or vice versa).
Typically, the best way for your Zendesk agents to register their SendSafely account is via the SendSafely Zendesk Sidebar App installed in their Zendesk Agent Console. They should be informed to use the “Activate new Account” button, which will then automatically take them to your company SendSafely instance. Depending on the user Authentication method implemented by your SendSafely Admin the guidance instructions should inform them which option to choose next (i.e. use either the "Login using Single Sign-on" or "Register Now" button).
Remember to add your Zendesk agents to the Dropzone recipient list so they are authorized to decrypt files.
We also recommend new Zendesk agents watch this recorded demo of the SendSafely Zendesk integration as part of their onboarding training.
- Set Up Checklist for SendSafely Administrators
- SendSafely Online Help Center
- Zendesk Integration Setup Resources
- Recorded Demo of the SendSafely Zendesk Integration
- The SendSafely Blog
- SendSafely Developer Center
- Zendesk Marketplace
- Installing the Zendesk Agent App
- Installing the Dropzone Connector for Zendesk (AWS Lambda)
- Installing the Dropzone Connector for Zendesk (Microsoft Azure)
- Installing the Dropzone Connector for Zendesk (Google Apps Script)
- Installing the Portal Widget for Zendesk
- Using the Portal Widget with Custom Ticket Forms
- Building a Encrypted Web Form using the SendSafely Dropzone API
- Hosted Dropzone Set Up
- Dropzone Management for Portal Administrators
- Synchronizing Dropzone Recipients with your Agent List
- SendSafely Zapier Quick Start Guide
- Masking User Email Addresses
- Keeping Unwanted PII out of your Service Desk
- Setup Single Sign-On (SSO) with SAML