Freshworks supports Single Sign-On (SSO), a process that allows users to authenticate themselves against an external Identity Provider (IdP) rather than obtaining and using a separate username and password handled by Freshworks.
Under the SSO setup, Freshworks can work as a Service Provider (SP) allowing you to provide Single Sign-On (SSO) services for your Freshworks accounts.
You will need an OpenID Connect Identity Provider (IdP), which will handle the sign-in process and will eventually provide the authentication credentials of your users to Freshworks. Freshworks users authenticated through your OpenID Connect IdP are handled from your IdP and any change they perform on their account (namely first name, last name, and email) is synced back to their Freshworks profile. The only user data that is necessary for Freshworks is a unique identifier for each user, user's first name, last name, and email. Freshworks does not store passwords.
Things you need to configure SSO with OpenID Connect are:
- Client ID
- Client secret
- Authorization URL (to redirect to the login page of IdP, if not already logged in)
- Access token URL (to get the user access token)
- Logout URL (optional - user will be redirected to this page on logout)
The above information can be obtained from your identity provider.
Enabling OpenID Connect SSO in your Freshworks account
Log in to your Freshworks account as an Administrator and go to Admin > Security. Provide the following information.
- SSO integration type: Choose OpenID Connect from the drop-down list
- Client id: is the OpenID Connect client id provided by your IdP
- Client secret: is the OpenID Connect client secret provided by your IdP
- Access Token URL: is the OpenID Connect token endpoint URL provided by your IdP
- Authorization URL: is the OpenID Connect authorization endpoint URL where Freshworks issues authentication requests
The rest fields define the variable names of the OpenID Connect protocol containing user data provided by your IdP, that is essential for Freshworks.
Click on Save. Use the Redirect URL provided by Freshworks, in your Identity provider configuration.