SSO and Normal login

  • 23 September 2015
  • 14 replies
  • 632 views

Hello,


My intention is to still use at the same time Single Sign on and Normal login:

I want that freshdesk users will still continuing using the Normal login and at the same time I need SSO for user coming from an external website.


I did in this way:


  1. Click on Admin -> Security

  2. Enable SSO and select Simple SSO

  3. Copy the Shared secret

  4. Disable SSO

Now I used the shared secret into the external website in order to create the HMAC-MD5 hash.

Everything works as well: users can login using the normal Freshdesk Login form, and SSO from the external web site works like a charm.

My question is:
Is this scenario supported ? Or should I expect some side effects / issue ?

Please let me know,

Thanks


This topic has been closed for comments

14 replies

Although this is working at the moment, this is not how an SSO token should ideally be used. We would add a check sometime in future such that an incoming token request would be allowed only if SSO is enabled.

Simultaneously we will allow a provision to regenerate the key if there is a concern that it has been compromised.


Thanks Priyobrato,


I understand your point but please: don't just remove this possibily: make it optional.

Would be great to have the possibility to enable SSO whithout changing the login and logout URLs.


Is important to have boh local and SSO login working.


Thanks,


For normal login with SSO enabled please use the dedicated URL : https://<yourcompany>.freshdesk.com/login/normal


Hope this helps


Thanks,

Priyo


Thanks but this doesn't help too much:

the /login/normal isn't customisable via templates.

Moreover in this case we need to customise the templates too in order to have this custom login URL.


And what about the logout URL ?


At the end I can't understand why Freshdesk wants to force to redirect the login and logout URL without leaving the choice to keep the normal Freshdesk login.


Thanks


Do you mean portal customisation for /login/normal?

Does the use case require : log in end users (customers) using password based login and agents using SSO?


If the use case is to login end users via SSO and agents via /log/normal  the existing feature would work. We would definitely like to know what you are aiming to achieve. More specifically who are the users that are targeted to use SSO and who would be using password based login.


Thanks,

Priyo




Hello Priyobrato,


we want to have both SSO and local logins for both customers and agents.


Thanks,


Just to clarify the requirement, if we have a capability to customise the /login/normal page to match the look and feel of your portal, then it would be an acceptable solution to keep SSO enabled while making use of the SSO token.

And what about the logout link ? it will be possible to keep the "local" logout link ?


Thanks,



We have a similar requirement. We have different support portals in Freshdesk, one for each of our products. For one of the products we would like to enable SSO, customers using the other products should still login through Freshdesk directly. 


That could be solved by allowing the login/normal url to be customized. But, since the SSO settings are global, we can only configure one login url, so we cannot use the portal-specific login page. 



We also cannot implement one SSO login page, our product is a multi-tenant SaaS application, so, there is no single login page where all our users login, each tenant has their own subdomain (just like it works at Freshdesk).



The current login page (not the special /login/normal that we don't have access to modify) currently has login with a password, or choose to SSO in with Google, Facebook, or Twitter. This is Awesome. The ability to allow us to add a 4th option and setup our own SSO capability is great. But we don't want one or the other. Can't we have both like Pietro is asking? 





It is easy for me to add the link to the login page for my custom SSO. The issue that Pietro brings up is that in order to do this, we have to disable SSO, but are worried that in the future you might remove the ability for the SSO to function even when disabled. If we enable it, then no one can see this page.




Use case:


We have a system that clients can log into to manage their billing. However, not everyone within our clients company can, nor should, login for the billing. Because they already have an account with us, it would be nice to have a link that takes them directly into Freshdesk.com through the SSO login capability. However, we have other users who we would like to login directly to Freshdesk.com.




I hope this helps you understand our desire. Please make it so when SSO is disabled and a key is there, is still functions, or add a new feature that when enabled, it doesn't automatically redirect to the login url. You could even make it easier for other users, by automatically adding a link like I did. Just ask for a description.




Thanks!




Any updates for this topic? I am still having that issue with regards to using both SSO and normal login.


I have the same requirement;


I want internal users/agents to use SSO to login to the platform, but allow external users to use email/password when logging in via the support portals.


Thanks


We have the following scenario:

  • Main helpdesk is set up as yourcompany.com
  • Main support portal is set up as support.yourcompany.com
  • Product support portal is set up as support.productname.com
We want the following set up:
  • Agents sign in to the main helpdesk using SSO
  • Agents sign in to the company support portal using SSO
  • Agents sign in to the product support portal using SSO
  • Requesters sign in to the company support portal using the normal (non-SSO) login form
  • Requesters sign in to the company product portal using the normal (non-SSO) login form
Ideally, we could also allow requesters to sign in to the company support portal and/or the product support portal using SSO (Office 365, specifically).

Is is possible to configure Freshdesk to support this? If so, please post how and/or point to documentation that explains it.