Alert on approaching SLA breaches using Zendesk automations
Prerequisites
- Zendesk account on Professional plan or above (SLA policies require this tier)
- SLA policies configured in Admin Center with first reply and resolution targets
- An email notification target or webhook target for sending alerts
Overview
Zendesk automations can check "hours until next SLA breach" to fire actions before a breach occurs. This makes them a zero-cost starting point for SLA monitoring. However, automations run hourly with up to 1-hour timing variance, and they cannot send rich Slack messages natively. For tighter timing or Slack Block Kit alerts, use the n8n approach.
This guide sets up two automations: a pre-breach warning that fires when a ticket is 2 hours from breach, and a post-breach notification that fires immediately after a breach occurs.
Step 1: Verify SLA policies are active
Navigate to Admin Center → Objects and rules → Service level agreements. Confirm you have at least one active policy with targets defined for first reply time and resolution time.
If you don't have SLA policies yet, click Add policy and define targets per priority level:
| Priority | First Reply | Resolution |
|---|---|---|
| Urgent | 1 hour | 4 hours |
| High | 4 hours | 8 hours |
| Normal | 8 hours | 24 hours |
| Low | 24 hours | 48 hours |
Adjust these targets to match your actual response commitments.
Step 2: Create the pre-breach automation
Navigate to Admin Center → Objects and rules → Business rules → Automations. Click Add automation.
Automation name: SLA Warning: Approaching Breach
Conditions — Meet ALL of the following:
| Condition | Field | Operator | Value |
|---|---|---|---|
| Ticket | Status | Is not | Solved |
| Ticket | Status | Is not | Closed |
| Ticket | Hours until next SLA breach | Is | 2 |
| Ticket | Tags | Does not contain | sla-warning-sent |
Actions:
| Action | Value |
|---|---|
| Add tags | sla-warning-sent |
| Priority | Urgent |
| Notify by email | (your team lead or support managers group) |
| (Optional) Notify webhook | Slack incoming webhook URL or n8n webhook URL |
Click Create automation.
Without the sla-warning-sent tag condition, this automation fires every hour as long as the "hours until breach" condition is met. The tag acts as a deduplication flag — once the warning fires, the tag prevents it from triggering again on subsequent hourly runs.
Step 3: Create the post-breach automation
Create a second automation to alert when a breach has already occurred.
Automation name: SLA Alert: Breach Occurred
Conditions — Meet ALL of the following:
| Condition | Field | Operator | Value |
|---|---|---|---|
| Ticket | Status | Is not | Solved |
| Ticket | Status | Is not | Closed |
| Ticket | Hours since last SLA breach | Is | 0 |
| Ticket | Tags | Does not contain | sla-breach-notified |
Actions:
| Action | Value |
|---|---|
| Add tags | sla-breach-notified |
| Notify by email | (manager group or escalation alias) |
| (Optional) Notify webhook | External system webhook URL |
This automation catches any ticket that has just breached its SLA and sends an escalation notification to the management group.
Step 4: Test the automations
- Create a test ticket with Normal priority
- Set a temporary SLA policy with a very short first reply target (e.g., 3 hours) for testing purposes
- Leave the ticket unanswered and wait for the automation to fire
- Check the ticket's Events log to verify the automation ran, the tag was applied, and the notification was sent
- Revert your SLA policy to production targets after testing
Zendesk processes automations in a batch cycle, roughly once per hour. A "2 hours until breach" condition might fire anywhere from 2 hours to just over 1 hour before the actual breach. For tighter timing (15-minute precision), use the n8n approach with a Schedule Trigger instead.
If you try to create a trigger with "hours until breach," you won't find that condition. SLA-based timing conditions (hours until breach, hours since breach) are exclusive to automations, not triggers. Triggers fire on ticket events (created, updated), while automations fire on time-based conditions.
Step 5: Monitor and adjust
After your automations have been running for a week, review your SLA compliance in Zendesk Explore:
- Open Explore → Reports → Support → SLA
- Check how many tickets received warnings before breach vs. how many breached without warning
- If agents are getting warnings too late, increase the threshold from 2 hours to 3 or 4 hours
- If agents are ignoring warnings because they feel premature, lower the threshold
You can also create a custom Explore dashboard that tracks:
- Number of SLA warnings sent per day
- Percentage of warned tickets that were resolved before breach
- Average time between warning and agent action
Cost
Zendesk automations are included on Professional plans and above at no additional cost. The webhook notification action (for Slack) is also included. No external tools or API costs required.
Need help implementing this?
We build and optimize automation systems for mid-market businesses. Let's discuss the right approach for your team.