Alert on approaching SLA breaches using Zendesk automations
Prerequisites
- Zendesk account on Professional plan or above (SLA policies require this tier)
- SLA policies configured in Admin Center with first reply and resolution targets
- An email notification target or webhook target for sending alerts
Why Zendesk native?
Zendesk automations are the zero-cost starting point for SLA monitoring. They use the built-in "hours until next SLA breach" condition to fire actions before a breach occurs — no external tools, no API credentials, no code. If you already have SLA policies configured, you can set this up in 10 minutes.
The main trade-off is timing precision. Automations run in a batch cycle roughly once per hour with up to 1-hour variance. A "2 hours until breach" condition might fire anywhere from 2 hours to just over 1 hour before the actual breach. They also cannot send rich Slack Block Kit messages — only email notifications and webhook pings. For tighter timing (15-minute precision) or formatted Slack alerts, use the n8n approach.
How it works
- Pre-breach automation checks "hours until next SLA breach" and fires when a ticket is within 2 hours of breaching
- Tag-based deduplication adds an
sla-warning-senttag to prevent repeat alerts on subsequent hourly cycles - Post-breach automation catches any ticket that has just breached and sends an escalation notification
- Email or webhook notification alerts your team — direct Slack integration requires a webhook target configured in Admin Center
Step 1: Verify SLA policies are active
Navigate to Admin Center → Objects and rules → Service level agreements. Confirm you have at least one active policy with targets defined for first reply time and resolution time.
If you don't have SLA policies yet, click Add policy and define targets per priority level:
| Priority | First Reply | Resolution |
|---|---|---|
| Urgent | 1 hour | 4 hours |
| High | 4 hours | 8 hours |
| Normal | 8 hours | 24 hours |
| Low | 24 hours | 48 hours |
Adjust these targets to match your actual response commitments.
Step 2: Create the pre-breach automation
Navigate to Admin Center → Objects and rules → Business rules → Automations. Click Add automation.
Automation name: SLA Warning: Approaching Breach
Conditions — Meet ALL of the following:
| Condition | Field | Operator | Value |
|---|---|---|---|
| Ticket | Status | Is not | Solved |
| Ticket | Status | Is not | Closed |
| Ticket | Hours until next SLA breach | Is | 2 |
| Ticket | Tags | Does not contain | sla-warning-sent |
Actions:
| Action | Value |
|---|---|
| Add tags | sla-warning-sent |
| Priority | Urgent |
| Notify by email | (your team lead or support managers group) |
| (Optional) Notify webhook | Slack incoming webhook URL or n8n webhook URL |
Click Create automation.
Without the sla-warning-sent tag condition, this automation fires every hour as long as the "hours until breach" condition is met. The tag acts as a deduplication flag — once the warning fires, the tag prevents it from triggering again on subsequent hourly runs.
Step 3: Create the post-breach automation
Create a second automation to alert when a breach has already occurred.
Automation name: SLA Alert: Breach Occurred
Conditions — Meet ALL of the following:
| Condition | Field | Operator | Value |
|---|---|---|---|
| Ticket | Status | Is not | Solved |
| Ticket | Status | Is not | Closed |
| Ticket | Hours since last SLA breach | Is | 0 |
| Ticket | Tags | Does not contain | sla-breach-notified |
Actions:
| Action | Value |
|---|---|
| Add tags | sla-breach-notified |
| Notify by email | (manager group or escalation alias) |
| (Optional) Notify webhook | External system webhook URL |
This automation catches any ticket that has just breached its SLA and sends an escalation notification to the management group.
Step 4: Test the automations
- Create a test ticket with Normal priority
- Set a temporary SLA policy with a very short first reply target (e.g., 3 hours) for testing purposes
- Leave the ticket unanswered and wait for the automation to fire
- Check the ticket's Events log to verify the automation ran, the tag was applied, and the notification was sent
- Revert your SLA policy to production targets after testing
Zendesk processes automations in a batch cycle, roughly once per hour. A "2 hours until breach" condition might fire anywhere from 2 hours to just over 1 hour before the actual breach. For tighter timing (15-minute precision), use the n8n approach with a Schedule Trigger instead.
If you try to create a trigger with "hours until breach," you won't find that condition. SLA-based timing conditions (hours until breach, hours since breach) are exclusive to automations, not triggers. Triggers fire on ticket events (created, updated), while automations fire on time-based conditions.
Step 5: Monitor and adjust
After your automations have been running for a week, review your SLA compliance in Zendesk Explore:
- Open Explore → Reports → Support → SLA
- Check how many tickets received warnings before breach vs. how many breached without warning
- If agents are getting warnings too late, increase the threshold from 2 hours to 3 or 4 hours
- If agents are ignoring warnings because they feel premature, lower the threshold
You can also create a custom Explore dashboard that tracks:
- Number of SLA warnings sent per day
- Percentage of warned tickets that were resolved before breach
- Average time between warning and agent action
Troubleshooting
Common questions
Can I set different warning thresholds per priority level?
Not in a single automation. Create separate automations for each priority level — one for Urgent tickets at 3 hours before breach, one for High at 2 hours, etc. Each automation has its own conditions and deduplication tag (e.g., sla-warning-urgent, sla-warning-high).
Why doesn't my automation fire for tickets with 1-hour SLA targets?
If your first reply SLA is 1 hour and your warning threshold is "2 hours until breach," the condition is never true — the ticket's entire SLA window is shorter than the warning threshold. Lower the threshold to match your shortest SLA target, or use the n8n approach for minute-level precision.
Can I send Slack messages directly from an automation?
Not directly. Automations support "Notify webhook" as an action, but you must first configure a webhook target in Admin Center > Apps and integrations > Targets. Point the webhook at a Slack Incoming Webhook URL or an n8n/Zapier webhook to translate the payload into a Slack message.
Cost
Zendesk automations are included on Professional plans and above at no additional cost. The webhook notification action (for Slack) is also included. No external tools or API costs required.
Looking to scale your AI operations?
We build and optimize automation systems for mid-market businesses. Let's discuss the right approach for your team.