Note: This is currently applicable only for customers who sign up after March 16th, 2021. 


If you're a managed services provider, your organization and your customers' organizations might be using different services/systems for authentication. To enable all of them to use Freshservice, you'll need to create different security policies for the agents in your organization and the contacts from each of your customers' organizations.

TABLE OF CONTENTS

What is Freshworks Organization?

Freshworks Organization provides a centralized console with customizable security and administration solutions across the Freshworks products, making it easy to secure users and data. 

With Freshworks Organization you get:

  • A centralized dashboard for user management and security settings across Freshworks products that you use

  • A unified login experience for your requesters and agents

  • A Switcher for users to seamlessly navigate between other Freshworks accounts and products.

To know more about Freshworks Organization, refer to the documentation here

Setting up security policies for your MSP accounts

To get started with it, here are some terminologies and concepts associated with setting up security policies in Freshworks Organization for MSP accounts:


Types of Security Policies in Freshworks Organization


Default Policy - All Freshservice accounts, portals, and other Freshworks products that do not have custom policies in place will use the default login policy. 


Custom policy - When you need exclusive security policies to be set up with different identity providers, use custom policies to create independent login policies using the required identity providers and map them to the respective Freshservice accounts, portals, or other Freshworks Products.


Types of Portals in Freshservice


Default Portal


Every Freshservice account has a default portal login, which can be set up from Admin Settings > Service Desk security. It’s typically used for agents to login to the Freshservice account.


Support Portal


To suit your business needs, you can create multiple portals as required for your MSP accounts. You can create portals from Admin > Support Channels > Support Portals. 


Types of MSP configurations in Freshservice 


When you use Freshservice in the MSP mode, all your client accounts and portals will roll up into a Freshworks Organization account. You can setup Freshservice MSP in two different ways and set up security policies on the organization as follows:


Single-account MSP setup

When all your clients are managed in the same Freshservice account, you are on a single-account MSP setup. You can create and manage multiple client portals under the same account.


Example: 


  • A managed service provider, ‘Acme’, manages all their clients on the same Freshservice account with independent support portals for every client. 

  • The security policies need to be set up as follows:

    • Password-based login for Acme’s agents 

    • Google, Okta, OneLogin, and Azure logins for the support portals of Client A, B, C, and D respectively.


Solution:



  • All accounts and portals are mapped to a Freshworks Organization account.

  • Create a default policy to enable password-based login. Note that all accounts / portals / Freshworks products without associated custom policies will use the default policy.

  • Create exclusive custom policies based on clients’ needs and map them to the respective support portals.

    • Create individual custom policies for Google, Okta, OneLogin, and Azure and map them to the support portals of Client A, B, C, and D respectively.

  • Now, since Acme’s default portal (or the main account) is the only portal with no custom policy mapped, the default policy will be applied to it, which would enable password-based login.



Multi-account MSP setup

When your clients are managed in independent Freshservice accounts, then you are on a multi-account MSP setup. You can also create portals for each of these client accounts as required.


Example:


  • A multiple service provider ‘Acme’ manages clients on independent Freshservice accounts. 

  • All agents will need a Google login.

  • All clients have exclusive support portals for requesters. The security policies for the clients need to be setup as follows:

    • Okta, OneLogin and Azure logins for Clients A, B and C respectively.

Solution:



  • All client accounts are mapped to a Freshworks Organization account (Acme).

  • Create a default policy and enable Google login on it. Note that all accounts / portals / freshworks products without custom policies set up will use this default policy.

  • Create exclusive custom policies based on clients’ needs and map them to the respective accounts / portals.

    • Create individual custom policies for Okta, OneLogin and Azure and map them to the support portals of Client A, B and C respectively.

  • Now, since the default/agent portals of the client accounts are the only accounts/portals with no custom policy mapped, the default policy will enable google login for them. 

    What is a default portal?

Every Freshservice account has a default agent portal login, which can be set up from Admin Settings > Service Desk security. 


Note: If you have other Freshworks products mapped to your organization, the default login policy will be mapped to it unless you create custom policies for them.




How do I set the policies up?


To setup security policies for your MSP accounts with Freshworks Organization: 


  1. Head to Admin > General Settings > Service Desk Security in your Freshservice account to set up security policies for your default agent portal. 


  1. Click on the Edit button to open service desk security settings on Freshworks Organization to set up login policies. 


Important Note: This edit option will be available only to the “Org Admin”. It will be a read-only option for other users.



3. To set up login policies for your additional support portals, navigate to Admin Settings > General Settings > Support Channels > Support Portal in your Freshservice account.



 4. Click on the portal for which you need to create security policies or create a new portal. Under Security, click on Edit to create security policies for your portal on Freshworks Organization.



The above-mentioned steps will help you navigate to Freshworks Organization from Freshservice. You can also head to your Freshworks Organization account directly to set up your login policies in Security settings.




Setting up a Default Policy 


All Freshservice accounts, portals and other Freshworks products that do not have custom policies in place will use the default login policy. To set it up,


  1. In Freshworks Organization, click on the Security tab, or click on the Security icon from the Navigation menu on the left. Now click on Default login methods to set up your default policy.

  2. Choose a login policy based on the identity provider and SSO policy you want to set up. To know more about the different SSO policies supported in Freshworks Organization you can refer to the documentation here.


Setting up Custom Policies


When you set up custom policies for Freshservice accounts / portals or other Freshworks products, they will override your default policy and use the custom login methods set up for the accounts / portals mapped to them. To set it up,


  1. In Freshworks Organization, click on the Security Settings > Custom Policies.


  2. Click on Create New to create a New Custom Policy.
  3. Select the accounts or portals that you can want to map this custom policy to.

    For a Single account MSP: Select the portals to which you want to map the custom policy.



    For a Multi-account MSP: Select the portals and accounts to which you want to map the custom policy.



    Note: If you map just an account to a custom policy, then the policy is mapped to the default (agent) portal of that account. Selecting an account does not map the custom policy to the portals in the account.


  4. You can set up any login method under a custom policy. To know more about the different login policies supported in Freshworks Organization you can refer to the documentation here.



  5. Enter a name for your custom policy and set up the redirect URLs. You can also add a logo to your custom policy which will be used in the unified login page. Click on Finish once you’re done with the setup.