SSO for Contacts


How can I enable SSO into Freshdesk for my Contacts?

Currently, when I try to configure SSO by navigating to Admin > Security >Single Sign On (SSO) from my Freshdesk panel, I am being redirected to Freshworks and it seems only Agents are visible as Users here, not my contacts.

I appreciate your help!

7 people have this question

Is there any response to this question?

In my company, there is also a request to enable SSO for our contacts.



We are in the exact same situation... Is is still possible to configure SSO for contacts/Customers?



 Oh no... this is 2 months old.  Do you mean that there is NO way to allow my contacts to be logged into my support portal for KB/Tickets etc?  Logging in each time is not going to work for what I need.....  Here is what I need... My customer is logged into my applicaiton/web site - they click a 'help' button, my support portal opens in a new window with the user logged in.  My users are not going to tolerate any other way.

From support: SAML will not support SSO for users in Org V2. Only OAUTH 2.0 and OIDC will support SSO setup for users. You can have either OAUTH or OIDC set for the users alone and this can be done only from the backend.

Trying to get it to work for 1,5 week now for users trough Azure AD with support but they now come up with this answer.....

We intend to use OAOUTH 20. Is there anything wr can do to speed this up,

I have looked at quite a few discussion threads on this topic and I haven't seen a single response from freshdesk on this. Topics ranging from 6years to a couple months ago. Gives you the feeling of great support.

THis functionality was promised to us in Jan/Feb 2020. We requested it in autumn last year. There is still no way for us to have SSO - AZure AD integration for employees and at the same time have an SSO for customers who are already logged in on our website. It  is quite dissapointing.

Are there any new updates from Freshdesk on this? I am about to deploy Freshdesk to our workforce and SSO from Azure AD (AAD) was a requirement. It clearly states in the documentation that SSO was available.   

While they don’t really have much public info on this I have asked them directly and they walked me through setting up sso for our users and our customers (using our own OIDC built auth). I would reach out to them directly and they should be able to help you out!

 Andrew the problem is we use AzureAD (as we use MS suite) for employees, but don't want to use the same for the customers of our platform. And they don't have a way to have both available.

Hi Rok! For my own employees we use our gSuite authentication and for our customers we use our own identity provider so you should be able to do that! You have to reach out them to enable different policies for the two different groups. Why we have to reach out to them I do not know, it did take them roughly 10 business days for me to enable it but once they did I was able to roll two different forms of auth. What it gives you is two different ways of configuring custom sso so it should work! Thanks! Andrew


Thought I'd let everyone know I also got this working. It comes down to two things: 1) For Agents: set up the Freshdesk enterprise application in Azure using this one  for SSO under the Default Profile in Freshworks security. disable the Freshdesk login and you should only see the SSO option on the agent login page. For Contacts 2) Create a NEW enterprise app in Azure, call it something like "Freshdesk-Contacts" but DON'T use the predefined Freshdesk app in Azure. Then set up a CUSTOM security Policy in Freshdesk using this SSO information. Make sure you use Assurance and Response or the certificate signing won't work properly. Export all your users from Azure, import them into your Freshdesk contacts. Assign all your users in Azure to this Freshdesk-Contacts app. The first time you go the login page, you should see a link for "Are you a customer? Login Here" Copy the link presented as the Login Here. Create a shortcut for it and deploy it to all your domain users using a GPO. When they click on that link, it will bypass the default login page and go directly to your site using SSO. One interesting note, this log in works ALSO for agents. If Agents use this link, the Freshdesk app redirects them to the agent page. 

Hopes this helps others who are having the same issue in using SSO with Azure AD. Freshdesk support wasn't much help, they did get me thinking so I could figure it out,  but why they didn't understand the issue and know how to do it boggles my mind. Their documentation on this is horrible.  

Stu, is your solution still working for you? I tried the same thing but I've never seen the "Are you a customer? Login Here" prompt and if I try to navigate to the URL of the custom policy ( I just end up with a page that says "{"error":"access_denied","error_description":"Access Denied"}". 

I was curious if Freshworks ended up changing something that broke your work-around.



Login or Signup to post a comment