Possible Questions:
- How to set up agent SSO?
- How to set up contact SSO?
Resolution Path:
Step 1: Add Freshworks as an application to Okta Dashboard
1. Log into Okta as an Admin.
2. From the Admin Dashboard, click on ‘Applications.’
3. Under the Applications page, click on the ‘Add Application’ button.
You can use the shortcuts to easily add (Add Application button) and assign (Assign Applications button) applications.
4. Search for Freshworks. Click on the ‘Add’ button.
5. Enter the required information under General Settings, and then click Next.
6. Click on ‘Sign On’ to configure SSO.
You can simulate an IdP-initiated Flow with the Bookmark App. Here’s how!
Step 2: Configure SSO for Freshworks using Okta
1. Login to your Freshworks account using your Organization URL which will look something like this: yourcompany@freshworks.com.
2. Go to the Security tab. You can configure agent SSO using the SSO login option under the Default login methods or under the Custom policies tab.
To configure agent/contact SSO under the Custom Policies, click on the Custom Policies -> Create New -> click on the Agents&Employees/Contacts tab -> choose the portal ->enable the SSO login toggle -> choose Okta using SAML option.
3. You will be presented with the ACS URL and Entity ID. Copy the values and enter the values in the relevant fields in the Okta portal.
4. From the Assertion Consumer Service(ACS) URL, make a note of your Customer ID. For example, if your Assertion Consumer Service URL is: https://freshworksssotest.freshworks.com/sp/SAML/a1b2c3d4/callback, your Customer ID is a1b2c3d4.
5. In Okta, select the Sign On tab for the Freshworks SAML app, then click Edit. The metadata link will be visible under the ‘View Setup Instructions’. Click on it to get information for the following fields:
- Entity ID (or Metadata ID)
- SAML SSO URL (or Login URL)
- Security Certificate (or x.509 certificate)
6. Copy and paste in relevant fields in the Freshworks dashboard and click on Save.
7. Back to Okta, under the Sign On tab for the Freshworks SAML app, enter your Customer ID value from Freshworks into the corresponding field and click on Save.
In SAML, RelayState is an optional parameter that you can use to communicate to your Identity Provider where your users should be redirected after signing in with SSO. When you configure the RelayState field in your Identity Provider with a valid Freshworks Product URL (like https://abc.freshdesk.com), the user will be redirected to this URL after successful login from IdP. In case of an invalid URL, the user will be redirected to the Admin Center. Please note that the RelayState will take precedence only when the login action is directly initiated from the identity provider dashboard.