You can use Single Sign-on (SSO) to log into your Freshworks account via OpenID Connect. It is an industry-standard supported by identity providers such as Azure Active Directory, Google G-Suite, Okta, and OneLogin.
To learn more about SSO, refer to these articles below.
- SSO Overview
- Implement Single Sign-On for Freshworks
- How is the authentication data securely exchanged between IdP and SP
- Terms and definitions to understand SSO better
- Agent SSO and Contact SSO for an Organization
How does OpenID Connect work?
OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol, which allows service providers (SP) like Freshworks to verify the identity of a user based on the authentication performed by an identity provider (IdP). We obtain basic profile information about the user in a secure manner, thus allowing us to grant access to the Freshworks application.
Any change the users make to their account (first name, last name, email) is synced back to their Freshworks profile. The only user data that is necessary for Freshworks is a unique identifier for each user i.e. user's first name, last name, and email. Freshworks doesn't store passwords.
Step-by-step process on how to configure SSO with OpenID Connect
- Log in using your organization URL. Click on the 'Security' icon in the sidebar.
- Under Security> Agents & Employees > Default Login Methods, you can enable SSO to simplify your users' login experience.
- Choose OpenID Connect as your login protocol and the IdP of your choice.
Note: Organization Admins are the only ones who can configure SSO. Default login methods are applicable for all users in the organization, including admins/agents. If you want to create specific policies for a particular account or portal, configure it under Custom Policies. For contacts, configure any security policies Security > Contacts.
Note: You can access the Neo Admin Center by opening the Freshworks Switcher and clicking on your organization domain link. - Use the Redirect URL provided by Freshworks in your Identity provider configuration.
- You will be presented with the following fields that you need to fill with the information you get from the IdP side:
Client ID
Client secret
Authorization URL (to redirect to the login page of IdP, if not already logged in)
Access token URL (to get the user access token)
Logout URL (optional - user will be redirected to this page on logout)
Params to be shared
Note: Call from Freshworks to the token endpoint has a timeout of 10 seconds.
If you need further assistance, please feel free to write to [email protected] with your queries. We're more than happy to help.