You can use Single sign-on (SSO) to log into your Freshworks account via existing SAML-enabled ID providers, such as Active Directory, OneLogin, Okta, etc.
To learn more about SSO, refer to these articles below.
- SSO Overview
- Implement Single Sign-On for Freshworks
- How is the authentication data securely exchanged between IdP and SP
- Terms and definitions to understand SSO better
- Agent SSO and Contact SSO for an Organization
Here's how you configure SAML SSO for Freshworks using OneLogin:
(Note: We have included two ways through which you could achieve a smooth configuration. 'Approach 1' is a video based guide and 'Approach 2' is a text-based guide.)
Approach 1: Video tutorial
Approach 2: A step-by-step approach
Login to your Freshworks account using your Organization URL that will look something like this: firstname.lastname@example.org. Simultaneously, login to your OneLogin Admin Dashboard.
[OneLogin portal] Click on Applications -> Add App -> Search for Freshworks.
[OneLogin portal] Choose Freshworks SAML 2.0 app and click on the 'Save' button.
We have provided helpful configuration guides within the UI. Under Security, you can enable SSO and choose OneLogin using SAML as the SSO you want to set up. You will be presented with the ACS URL and Entity ID. Copy the values and enter the values in the relevant fields in the OneLogin portal under the 'Configurations' tab.
[OneLogin portal] Once you configure Freshworks as an SP, you will be given values for the following entries in the Onlogin Dashboard under the 'SSO' tab.
Entity ID (or Metadata ID)
SAML SSO URL (or Login URL)
Security Certificate (or x.509 certificate)
[OneLogin portal] Download the SHA-256 FingerPrint certificate.
[Freshworks portal] Copy and paste in relevant fields in the Freshworks dashboard and click on save.
Done! You have configured SAML 2.0 for Freshworks using OneLogin.
Note: In SAML, RelayState is an optional parameter that you can use to communicate to your Identity Provider where your users should be redirected after signing in with SSO. When you configure the RelayState field in your Identity Provider with a valid Freshworks Product URL (like https://abc.freshservice.com/ or https://abc.freshdesk.com), the user will be redirected to this URL after successful login from IdP. In case of an invalid URL, the user will be redirected to the Admin Center. Please note that the RelayState will take precedence only when the login action is directly initiated from the identity provider dashboard.
Click any of the relevant links to read more about the topic:
- Configure SSO with a SAML 2.0 Identity Provider
- Configure SAML 2.0 for Freshworks using Azure AD
- Configure SAML 2.0 for Freshworks using ADFS
- Configure SAML 2.0 for Freshworks using Okta
If you need further assistance, please feel free to write to email@example.com with your queries. We're more than happy to help.