Sandbox-Freshdesk

1. Google IDP initiated SSO

Google provides a SAML SSO app for Freshdesk. If the google domain admin add this app to their google admin console then this app will be available for the users to login as IDP initiated SSO login under marketplace apps. 

Please refer to this link to know more about how to add the app under the google admin console.

2. Firstly, it is important to note that we do not have an IDP-initiated workflow setup with the Freshworks SSO. We will be replicating this by making use of the "Relay State" parameter available in the IDP.

In SAML, the RelayState is an optional parameter that you can use to communicate to your Identity Provider where your users should be redirected after signing in with SSO. When you configure the RelayState field in your Identity Provider with a valid Freshworks Product URL (like https://abc.freshservice.com/ or https://abc.freshdesk.com), the user will be redirected to this URL after successful login from IdP. 

The SSO works as expected for RelayState URL /agent/login but the Org login page will be shown again for /customer/login. ie., for IDP initiated login for agents works normally but for customers Org login page will be shown again.

3. To setup IDP initiated SSO for customers we have to enable the below feature.

customer_idp_init_login_fix

If the customer face any issues even after enabling this, we can raise an L2.

And also before enabling "customer_idp_init_login_fix" that feature please check these are prerequisites features: freshid_sso_sync  , freshid_org_v2 features and they should be using custom customer policy.

Bug link for reference :- https://freshworks.freshrelease.com/ws/FD/tasks/FD-78016