In this article, we'll briefly talk about Single Sign-On and how it works. If you are looking for specific information about SSO for Freshworks or configuration related guides for supported protocols, here is a list of articles for you to read:
- Configure SSO with SAML 2.0
- Configure SAML 2.0 for Freshworks using Okta
- Configure SAML 2.0 for Freshworks using Azure AD
- Configure SAML 2.0 for Freshworks using ADFS
- Configure SAML 2.0 for Freshworks using OneLogin
- Configure SSO with OpenID Connect
- Configure SSO with OAuth 2.0
- Configure SSO with JWT
What is Single Sign-On
Freshworks can ask identity providers to verify your identity. If they can, we take their word for it. With SSO, you don't have to think and remember different passwords for different applications, users can now use the existing login information that is managed by Identity Providers (IdP) like ADFS, OneLogin, Okta, Azure AD, G-Suite. You can also login to different accounts across different Freshworks products using SSO. Admins can choose and configure how users can log into each of the Freshworks accounts.
In other words, Single Sign-On (SSO) is a system that lets users securely authenticate multiple cloud applications by logging in only once in a managed authentication system. This managed authentication system is also referred to as Identity Provider (IdP) and the cloud applications that rely on the data provided by Identity Provider are called Service Providers (SP).
As of today, Freshworks supports the following protocols to exchange user identity information securely between the Identity Provider and Service Provider: SAML, OAuth2, OpenID Connect (OIDC), JWT.
How does SSO work
With single sign-on, this is what happens when you try to log in to an application, say your Freshworks account:
- If you have already logged in using SSO, the application grants you access to it.
- If you haven’t, you are presented with options for authentication via a third-party identity provider like Google. You log in with that provider.
- The identity provider authenticates you, ensures the application that is asking for your authentication is legit and issues a token back to the application. The application uses this information to log the user in.
- Once you are logged in, the authentication verification data (either as cookies or as tokens) is passed as you navigate to different pages of the application.
To learn more about how SSO can be configured for Freshworks suite of applications, refer to the following article: