Skip to main content
Visit Freshworks.com Visit Freshworks

We have customers that log into our portal through their specific subdomain, e.g. acme.mysite.com or superco.mysite.com. They typically use SSO setup within their own estate to access these sites, which might involve Active Directory, Ping, Okta or any other SAML-supporting identity provider. We would like to add a link to our site that pushes them to our FreshDesk site for support queries.

We would like to be able to piggy-back their existing SSO so that access to FreshDesk is effectively click-free. Looking at the docs and the various chats on this topic, I think it is possible using custom SSO policies, but some crucial details evade me, such as:

  • Can we send an existing SAML assertion from *.mysite.com to FreshDesk and use that to log a contact in?
  • How do we get the contact’s ‘Login with SSO’ button to appear on screen? It doesn’t appear when I tried setting up a custom policy.
  • Would we need to replicate the SSO details for each customer / subdomain in FreshDesk, or is there a better way?

Would somebody please be kind enough to walk me through what would be required to achieve what I’m trying to do?

Hey Alex,

Great questions! 

  1. Sending Existing SAML Assertion: Yes, you should be able to send an existing SAML assertion from your main site (`*.mysite.com`) to FreshDesk. FreshDesk does support SAML-based SSO. The idea is to set up a "Service Provider (SP) initiated SSO," where FreshDesk would be the service provider. This way, when a user clicks on the support link on your site, they'll be redirected to FreshDesk and automatically logged in using the SAML assertion you forward. However, the devil's in the details, and you might have to get into the nitty-gritty of FreshDesk's SAML settings and your own SSO settings to make this work seamlessly.
  2. 'Login with SSO' Button: If you've set up a custom SSO policy and it's not showing the 'Login with SSO' button, it could be due to a variety of reasons. It might be something as simple as a browser cache issue, or it might require tweaking the SSO policy settings in FreshDesk. I'd recommend re-checking the policy settings and maybe reaching out to FreshDesk support if the issue persists. 
  3. Replicating SSO Details: Here's the tricky part. If each of your customers has their unique subdomain and possibly different identity providers, you might initially think that you need to set up separate SSO details for each in FreshDesk. However, FreshDesk does support "multiple SSO configurations" under a single account, meaning you can set up different SSO configurations for different groups or companies. So, yes, there's a better, more scalable way than creating a unique SSO policy for each subdomain.

Here's is how I would move forward:

  • Start with a test setup for one customer's subdomain to make sure you can successfully pass the SAML assertion and get SSO working with FreshDesk.
  • Once that's working, look into setting up multiple SSO configurations in FreshDesk to accommodate different customers/subdomains.
  • Don't hesitate to reach out to FreshDesk support. They've got valuable insights and might be able to provide you with a more personalized guide.

Hope this helps clarify things a bit! Feel free to ask more questions if anything remains unclear.

References:

Reply


Terms of Use