Solved

Freshworks SSO for contacts

  • 18 April 2021
  • 8 replies
  • 949 views

I have been using Freshdesk SSO with Azure this number of years. Now it seems like we have yo move over to Freshworks for SSO. This was straight forward to setup, one Azure App (Freshdesk) and then configure on Freshdesk SSO, simple.

Setting up the Freshworks Azure application for SSO was relatively easy and I can see the agents in NEO admin centre.

Question is how do we get the existing contacts setup for SSO using Azure, its not straight forward and documentation is non existent. Making the change and switching on Freshworks SSO in the Freshdesk portal will certainly cause a lot of issues with existing customers that can currently SSO using the Freshdesk SSO.

 

Has anyone got this to work that already was using Freshdesk SSO previously?

 

icon

Best answer by Keer 18 April 2021, 23:17

View original

8 replies

Userlevel 5
Badge +12

Hello @Dallan R, it’s great that you have set-up the the agents SSO on point 🙂 Configuring contact SSO is pretty identical and you can find more details on the same here

 

You’d have to click on the Freshworks Switcher, then on th security icon and configure the SSO under the contacts tab. 

 

Contact SSO

 

Once you set this up, the contacts you’ve added in your IdP would be able to login using SSO without any hassle. If you have any further queries, please drop a note here or write to support@freshdesk.com and our support buddies would love to help you further. I hope this helps!

 

Hi Keer

 

Thanks for the response.

The issue I have or confusion more so is that there is only one Freshworks Enterprise app in the Azure market space and I have already used this for the agent SSO configuring IDP, Reply URL etc..To what App am I to bind the contacts Freshwork SSO to in Azure if I have already used  the only available Freshworks app forAgents SSO?

 

Userlevel 5
Badge +12

Hello @Dallan R, you’d have to add another instance of the same application to configure contact SSO. Please navigate to Enterprise applications → New application → Freshworks and add this as the application for contact SSO. 

Separate application for contact SSO

Just like how you configured the agent SSO, follow these steps, map the information from IdP and in IdP for contact SSO. 

 

Configuring contact SSO

 

 Once the cofiguration is complete, you’d see two applications, one for agent SSO and one for contact SSO as below : 

Agent SSO and contact SSO

Now, the non-agents/contacts would be able to login using the following link: 

https://yourcompanyname.freshdesk.com/customer/login, just like how agents would be able to login via https://yourcompanyname.freshdesk.com/agent/login 

 

If you have any further queries, let us know :) 

Hi Keer

 

Thank you for this information.

I believe I have this working from doing a test simulation via the Azure SAML test option, thank you.

4 questions

  1. Do I have to issue the new URL of https://company.freshdesk.com/customer/login to all our contacts now? Prior to this it was just https://company.freshdesk.com/ and this worked for both agents and customers. Now the SSO seems to only work if  https://company.freshdesk.com/customer/login is the sign in URL on the Azure Freshworks - Contact SSO application. Its just that we have published the original link of https://company.freshdesk.com/ via websites and also domain GPOs to customer devices. Please let me know.
  2. I assume I have to add all the groups that user assignment is required for on the Freshworks - contact SSO application, i:e all our customers groups the same way I have the legacy freshdesk applications assigned to all customer groups?
  3. When I have all contact groups assigned to the app as per question 2 above, I assume I need to switch the SSO in the Freshdesk admin portal to FreshWorks and disable the FreshDesk SSO?
  4. Do I delete the original Freshdesk enterprise application in Azure that had been providing SSO or is this to remain along with the Freshworks - Agent SSO and Freshworks - contact SSO applications?

Please advise and thank you.

 

Userlevel 5
Badge +12


That’s great, Dallan. I’ve tried answering your queries below:

  1. You can still continue using the same link as ../support/login would have both options once you configure an agent and contact SSO as below. Agents and contacts can log in using the respective sections. 
Login Page
  1. Yes, you’d have to add the contacts as users in the contact SSO application and only then they would be able to login. 
  2. Yes, you can disable Freshdesk SSO as mentioned here after successfully testing the flows for both agent and contact SSO. 
  3. Freshdesk app would be no longer required as the agent and contact SSO applications would only be the active apps using the respective flows.  I hope this helps :)

Thank you for this information it was really helpful for setting up the new Freshworks SSO.

Userlevel 5
Badge +12

I am glad we could help, Dallan :)

@Dallan R  I managed to use the same enterprise app instance for both agents and contacts.  In the SSO configuration screen in Freshworks, just use identical application outputs from Azure AD
@Keer  Any unintended consequences of doing this?

Reply