Single Sign-On(SSO)

Single Sign-On (SSO) is a system that lets users securely authenticate multiple cloud applications by logging in only once in a managed authentication system. This managed authentication system is also referred to as Identity Provider (IdP) and the cloud applications that rely on the data provided by Identity Provider are called as Service Providers (SP). Some of the Identity Providers are ADFS, OneLogin, Okta, Auth0, and G-Suite.

For more information on SSO in Freshdesk, click here

Custom SSO policies

Orgv2 has a built-in UI to set up a custom login policy (with customized login URL) with different login mechanisms available under it.

  • An Org can set up about 5 custom policies.
  • 1 custom policy apart from the default policy can be set up for agents per account.
  • 1 custom policy for contact per account can be configured.


You can configure a custom policy in Org even without this feature enabled in Freshdesk but those policies will not be synced to Freshdesk. In this scenario, we can enable the feature from the backend and you can change the custom policy name/URL to sync these policies to Freshdesk.


To set up custom SSO policy

Custom agent SSO:


If Org<>SSO sync feature is enabled, then there are 2 scenarios:

A. Freshdesk account without Freshdesk SSO:

  • The default Freshdesk landing page is support/home. 
  • Click on login → support/login
  • Support/login → On hovering the link 'Are you an agent Login here', the customized URL of Org custom policy will be there. 
  • On clicking here, it will take the Org custom policy login mechanism.
  • login/normal → It will not show any custom URL. This page will always redirect to the default Org login page

B. Freshdesk account with Freshdesk SSO:

  • Support/login → will redirect to Freshdesk SSO IDP. 
  • There is no way agents can log in to agent's custom policy. They can only use login/normal to log in through the Org default login page. 
  • You have to disable Freshdesk SSO to use login through custom policy. But once Freshdesk SSO is disabled, it cannot be re-enabled.



Custom contact SSO:
A. Freshdesk account without Freshdesk SSO:

  • Support/login page → On hovering the link 'Are you a customer Login here', the customized URL of Org custom policy will be there. On clicking here it will take Org custom policy login mechanism.
  • login/normal → it is only for agents.

B. Freshdesk account with Freshdesk SSO:

  • Support/login → will redirect to Freshdesk SSO IDP.
  • You can check the behavior of contact custom policy by hitting
    account_domain_url/customer/login in the browser. It will be redirected to the custom policy login URL, where you check the contact login functionality. 
  • Once you have completely configured this, disable the Freshdesk SSO.


                   
   Once you have successfully set up SSO, the login page will look this : 



Contact attributes :

The following default user attributes can be sent to Freshdesk from the identity provider when a user logs into the IDP via SSO:


Attribute
Format
Necessity
Description
First Name
givenname or FirstName or username
Optional
The first name of the user/contact
Last Name
surname or LastName
Optional
The last name of the user 
Phone
phone
Optional
Work phone number of the user 
Company
company or organization
Optional 
Name of the Company of the user 
Title 
Title or job_title
Optional
Job title of the user
Unique external ID
unique_id
Optional
Unique external id of the user 
Mobile phone
mobile
Optional
Mobile phone number of the user 
Time zone
time_zone
Optional
Time zone of the user 
Language
language
Optional
Language of the user
About
about, description
Optional
Description of the user


Note: All the above attributes will be assigned to the contact during login. Any attribute changes would be synced as well. Email is mandatory for a user during login. 


You can refer to this article for the various language codes and timezones allowed