Here's how you can configure ADFS SAML SSO for your users:


1. Open ADFS Management under Server Manager > Tools.


2. Open Trust Relationships, right click on Relying Party Trusts and choose Add Relying Party Trust and click on Start.



3. Choose Enter data about the relying party manually and click Next. 



4. Enter a suitable Display name and click on Next. 



5. You can skip the next steps by clicking 'Next' on the following two screens.


6. Check the box, Enable support for the SAML 2.0 SSO WebSSO protocol. Under 'Relying party SAML2.0 SSO service URL', enter your Freshdesk SAML login URL. Eg: 'https://domain.freshdesk.com/login/saml' and then click Next.



7. Add domain.freshdesk.com as a Relying party trust identifier. Also add https://domain.freshdesk.com and click Next.



8. Click 'Next' on the following three screens.


9. Check the box Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click on Close.



10. Choose Send LDAP Attributes as Claims in the Add Transform Claim Rule Wizard window and click Next.



11. Enter FirstName and LastName (case-sensitive attributes in Freshdesk) as the Outgoing Claim Type corresponding to the Given-Name and Surname (attributes from AD) and hit Finish.


Attributes that we support in Freshdesk:

  • FirstName
  • LastName
  • E-mail Address
  • phone
  • company




12. Click on Add rule in the Edit Claim Rules for FreshDesk window.



13. Choose Transform an Incoming Claim from the 'Claim rule template' dropdown. Click on Next.



14. Fill out the necessary values for the dropdowns: 

E-mail Address for Incoming claim type, 

Name ID for Outgoing claim type and 

Email for Outgoing name ID format)



15. Click on Service > Certificates and right click on Token Signing Certificate to view the certificate. 



16. Click on the 'Details' tab in the Certificate dialog box. Click on 'Copy to File'. In the resulting Certificate Export Wizard window, choose 'Base-64 encoded X.509 (.CER) and then click on Next.


17. Give a suitable file name and a destination to store the certificate and then click on Next. Click on Finish. This will export the certificate to your local machine. To extract the fingerprint from the certificate, you can make use of an online tool, copy the certificate content from the local machine and paste it in the X.509 cert textbox. Make sure to choose SHA256 from the Algorithm dropdown. Click on 'Calculate Fingerprint'. Copy the fingerprint from the 'Formatted FingerPrint' textbox.


18. Login to your Freshdesk account, go to Admin > Account > Security > SSO, enable SAML SSO. Enter the SAML login URL. Eg: 'https://adfsservername.domain.com/adfs/ls'

Paste the retrieved 'Formatted FingerPrint' in the corresponding 'Security Certificate Fingerprint' textbox.



19. Click on Save.


Here's how you can configure ADFS SAML SSO for your users:


1. Open ADFS Management under Server Manager > Tools.


2. Open Trust Relationships, right click on Relying Party Trusts and choose Add Relying Party Trust and click on Start.



3. Choose Enter data about the relying party manually and click Next. 



4. Enter a suitable Display name and click on Next. 



5. You can skip the next steps by clicking 'Next' on the following two screens.


6. Check the box, Enable support for the SAML 2.0 SSO WebSSO protocol. Under 'Relying party SAML2.0 SSO service URL', enter your Freshdesk SAML login URL. Eg: 'https://domain.freshdesk.com/login/saml' and then click Next.



7. Add domain.freshdesk.com as a Relying party trust identifier. Also add https://domain.freshdesk.com and click Next.



8. Click 'Next' on the following three screens.


9. Check the box Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click on Close.



10. Choose Send LDAP Attributes as Claims in the Add Transform Claim Rule Wizard window and click Next.



11. Enter FirstName and LastName (case-sensitive attributes in Freshdesk) as the Outgoing Claim Type corresponding to the Given-Name and Surname (attributes from AD) and hit Finish.


Attributes that we support in Freshdesk:

  • FirstName
  • LastName
  • E-mail Address
  • phone
  • company




12. Click on Add rule in the Edit Claim Rules for FreshDesk window.



13. Choose Transform an Incoming Claim from the 'Claim rule template' dropdown. Click on Next.



14. Fill out the necessary values for the dropdowns: 

E-mail Address for Incoming claim type, 

Name ID for Outgoing claim type and 

Email for Outgoing name ID format)



15. Click on Service > Certificates and right click on Token Signing Certificate to view the certificate. 



16. Click on the 'Details' tab in the Certificate dialog box. Click on 'Copy to File'. In the resulting Certificate Export Wizard window, choose 'Base-64 encoded X.509 (.CER) and then click on Next.


17. Give a suitable file name and a destination to store the certificate and then click on Next. Click on Finish. This will export the certificate to your local machine. To extract the fingerprint from the certificate, you can make use of an online tool, copy the certificate content from the local machine and paste it in the X.509 cert textbox. Make sure to choose SHA256 from the Algorithm dropdown. Click on 'Calculate Fingerprint'. Copy the fingerprint from the 'Formatted FingerPrint' textbox.


18. Login to your Freshdesk account, go to Admin > Account > Security > SSO, enable SAML SSO. Enter the SAML login URL. Eg: 'https://adfsservername.domain.com/adfs/ls'

Paste the retrieved 'Formatted FingerPrint' in the corresponding 'Security Certificate Fingerprint' textbox.



19. Click on Save.