You can use Single Sign-on (SSO) to log into your Freshworks account via OpenID Connect. It is an industry-standard supported by identity providers such as Azure Active Directory, Google G-Suite, Okta, and OneLogin.

To learn more about SSO, refer to these articles below.

How does OpenID Connect work? 

OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol, which allows service providers (SP) like Freshworks to verify the identity of a user based on the authentication performed by an identity provider (IdP). We obtain basic profile information about the user in a secure manner, thus allowing us to grant access to the Freshworks application. 

Any change the users make to their account (first name, last name, email) is synced back to their Freshworks profile. The only user data that is necessary for Freshworks is a unique identifier for each user i.e. user's first name, last name, and email. Freshworks doesn't store passwords.

Step-by-step process on how to configure SSO with OpenID Connect

  1. Log in using your organization URL. Click on the 'Security' icon in the sidebar.
  2. Under Security> Agents & Employees > Default Login Methods, you can enable SSO to simplify your users' login experience. 
  3. Choose OpenID Connect as your login protocol and the IdP of your choice.
    Note: Organization Admins are the only ones who can configure SSO. Default login methods are applicable for all users in the organization, including admins/agents. If you want to create specific policies for a particular account or portal, configure it under Custom Policies. For contacts, configure any security policies Security > Contacts.
    Note: You can access the Neo Admin Center by opening the Freshworks Switcher and clicking on your organization domain link.
  4. Use the Redirect URL provided by Freshworks in your Identity provider configuration.
  5. You will be presented with the following fields that you need to fill with the information you get from the IdP side:
    • Client ID

    • Client secret

    • Authorization URL (to redirect to the login page of IdP, if not already logged in)

    • Access token URL (to get the user access token)

    • Logout URL (optional - user will be redirected to this page on logout)

Params to be shared 



Sample Value

Minimum requirement

Client Id

Client Id as generated by IdP



Client Secret

Client secret as generated by IdP



Logout Redirect URL

URL where the user should be redirected post logout.


Login display title

Text that will be displayed on the login button

Login with Awesome Company


Logo URL

Logo to be displayed on the login page. Size should be 36x36 px. Only PNG & SVG is accepted


Authorization Server Metadata URI


[Not required if Authorization & Token Endpoint is provided]

Authorization Endpoint

URI where the user should be sent to for authorization


[Not required if Authorization Server Metadata URI is provided]

Token Endpoint

Endpoint URI that is used to exchange token


[Not required if Authorization Server Metadata URI is provided]

User Info Endpoint

Endpoint URI that will be used to fetch user info

Optional. If id_token contains entire information, this URL is not needed.


Scopes that should be used during authorization call. 

[Not required if metadata URI is provided]

openid email profile phone address

openid email

Claim Id

The claim that holds Id of the user



Claim Email

The claim that holds the email address of the user



Claim First Name

The claim that holds the first name of the user



Claim Middle Name

The claim that holds the middle name of the user



Claim Last Name

The claim that holds the last name of the user



Claim Phone

The claim that holds the phone number of the user



Claim Mobile 

The claim that holds the mobile number of the user



Claim Locale

The claim that holds the Locale of the user



Claim Job Title

The claim that holds the job title of the user



Claim Company

The claim that holds the company name of the user



Note: Call from Freshworks to the token endpoint has a timeout of 10 seconds.

If you need further assistance, please feel free to write to with your queries. We're more than happy to help.