SSO

You can log in to your freshservice account using the Login option at the top-right corner on your freshservice portal, which will be available in the URL yourcompanyname.freshservice.com or the vanity URL you have set up for your freshservice portal. This will take you to the login page where you can use your login credentials - email address and password, to access the helpdesk. If you have set up SSO or Google login, then it would redirect you to the particular authentication site and you would be able to login after entering the credentials.

In case you have a Freshworks org account, you can configure multiple modes of authentication to log in to your account, such as SSO as well as using your Freshworks credentials. This is especially suitable for logging in users from multiple domains.

In case you have issues with your SSO, then you can bypass  SSO using the URL, https://domain.freshservice.com/login/normal. When you hit the URL, you will be taken to the login page where you will have to enter your local Freshservice credentials.

For Freshworks accounts, you can use https://domain.freshworks.com/login/normal to bypass the SSO and until the issue with the SSO is sorted. 

Note that the bypass on Freshworks Org enabled accounts is only possible for users with the Organizational admin permissions.

You can enable the native login credentials at Helpdesk security for other users to workaround this issue temporarily

The Single Sign-On capability in freshservice lets the users arriving at your support portal login with their credentials saved on your database. 

This saves them the time and effort involved in creating a separate account for your support portal. You can also set up an SSO mechanism to validate users trying to log into your portal for freshservice using a locally hosted script. These could be the users who already have an account in your web application or whose information you have stored in your internal application like ActiveDirectory.

You can provide the configuration details for Single Sign-On in Freshservice under Admin-->Helpdesk Security-->Single Sign-on. Here you can provide the details for either Simple SSO or SAML SSO.

For Freshworks accounts: 

Admin -> Helpdesk security -> Manage Helpdesk Security from Freshworks 360 Security and configure one or multiple Sign in options.

This configuration is only available for the organizational administrator to configure and even account administrators will not be able to access this feature.

This error would be displayed when an incorrect username - password combination was entered during login. If you have forgotten the password of your account, you can trigger a password reset email from the login page of your account by clicking the ‘Forgot Password’ option and set up a new password for login. 

If you don't receive the password reset email, please check your Spam folder in your mailbox for the email. If you still have issues in resetting your password, please contact support@freshservice.com with your account details for assistance.

Also please note that if you make too many incorrect attempts to log in using the incorrect credentials, the profile might be blocked. In such cases, please write to support@freshservice.com for unblocking your account.

If you are added as an Occasional Agent in your helpdesk and if your helpdesk does not have sufficient day passes to log in, you will be displayed with this error.

You can contact your Account Administrators and they can help you in purchasing day-passes for logging in. A new day pass can be added to your account from under Admin-->Day pass. You could also view the day pass Usage History from under the same page.

If the email address that was entered during login, is not an agent/contact in the account, then this error would be displayed. You could sign up for a new account, using the Sign Up option on the Portal, or ask to be added as an Agent from under Admin-->Agents in your account. Once this is done, you can login to your Freshservice Account.

If you continue to face issues with login, reach out to our support team through support@freshservice.com for further assistance.

If you click on a link to which you don’t have access to or do not have the right to view, this error is displayed.

For example: If you click on a ticket URL, which you don’t have access to,(you could be part of the conversation by being in cc) then you get this message.

The same happens when an agent clicks on the ticket and it would say that either the ticket is deleted or the agent does not have permission to view the ticket.

If you are getting this error as an Agent, please check if you have the correct Ticket Scope (Global access) to view the page.

Please feel free in writing to support@freshservice.com in cases where the error appears in scenarios that are not mentioned above.

This error is generally thrown when the IP from which you are looking to access Freshservice is restricted, provided your team has set up IP whitelisting to allow access of Freshservice from particular IP addresses only.

While setting up an SSO, users would have to login from a common login URL, to be authenticated using SSO. The Remote Login URL is the URL to which your users would be redirected when they hit the Login button on your portal after you have set up an SSO.

You would have to update this field with the common login URL, while setting up SSO for your freshservice Account.

Freshservice makes use of HMAC MD5 encryption, while using SSO for login authentication.

The mandatory parameters that need to be passed during login are, name, secret hash, email, and time stamp - in that order. Please follow the below article for further detail,

https://support.freshservice.com/support/solutions/articles/236062-active-directory-integration

The most common mistake that might cause this is the presence of blank spaces at the beginning and end of the fingerprint text under Admin-->Helpdesk Security. Please ensure that there are no spaces before or after the fingerprint.

To update the Fingerprint, you can login to your account using the URL domain.freshservice.com/login/normal and by using your freshservice local credentials.

If the issue persists, please send an email to support@freshservice.com and we'll help you out.

You will be prompted with  'Invalid Time Stamp' error when the difference between the UTC timestamp generated by your server and our server is greater than 30 Minutes. Ensuring that your servers stay in sync with the NTP server (https://en.wikipedia.org/wiki/Network_Time_Protocol) will sort out this issue.

If you continue to face issues, kindly write to support@freshservice.com and one of our agents will assist you further on this.

This error message denoting authentication failure would be because of an error in setting up the SSO. To analyze this, we would require the debug log. Please enter ?debug=1 at the end of the URL that is generated, to retrieve the debug log. 

Once you receive the error log please send an email to support@freshservice.com and one of our agents would assist you further on this.

Please check if the agent who is logging in is using their email address which is part of the AD. Also, if they are a user on the AD, you would have to make sure if their user profile on the AD has permissions to use SSO. The email address from AD profile is the parameter that freshservice checks while authenticating, to locate their profile on freshservice. If there’s no email address they would not be able to login to the system.

This usually happens when there are no Solution articles which is visible for non logged in users. You can change this setting to display the portal home page from Admin-->Support Channels-->Support Portal→ Settings

Yes, if you have configured SAML based SSO then we would have to have a SSL certificate for your vanity URL.

SSO facilitates the use of having a common password across different applications and services that you are using in your organisation.

It is not possible to configure SSO with two tenants in Freshservice.

IIS should be hosted publicly in order to access your helpdesk from any network else your helpdesk would be accessible only from your network where the IIS is hosted.

Global port(8080/80) or any other open ports could be allocated for the IIS server.

Creating a two way trust between the different domains should allow the users to use a single SSO application. Please reach out to our team at support@freshservice.com for further assistance on this.

Please enter ?debug=1 appending the remote login URL and verify if the email attribute is passed successfully through which authentication for Simple SSO takes place.

If you are using SAML based SSO, then verify if the user profile has access to the SAML app and try adding the user manually into Freshservice and then they should be able to log in.

Please write to support@freshservice.com if you need further assistance.

The AD script can be downloaded from the below solution article: https://support.freshservice.com/support/solutions/articles/236062-active-directory-integration

In case of SAML SSO setup, make sure that the ACS URL specified in your IdP admin console for the Freshservice app is the vanity / custom URL and not the default Freshservice URL. For simple SSO setup, make sure the "sReturnURL" specified in the Constant.asp file is the custom URL.

Simple SSO setup - Constants.asp file

There can be multiple scenarios that may cause you trouble logging into your Freshservice instance. Here are some recommendations to troubleshoot the issue.

1. Check for deactivated user
2. Try logging in after password reset.
3. Check for primary email for SSO login.
4. Check for common browser issues.

Check for deactivated user

When your account is either deactivated or unused for a long time, contact your Admin to reactivate your account. As an Administrator of your servicedesk, follow the steps below to check and reactivate users.

1. Navigate to Admin. Under the User Management section, select Agent or Requester.

2. Click on the Deactivated tab and check for the user profile facing the login issue.

3. Select the deactivated user profile and click on the Reactivate button.

4. This will take you to the Edit agent/requester page where you can update the roles and permissions of the user.

5. Once done, click on Update to reactivate the user.
   
   
   

Try logging in after password reset.

If you're having trouble logging in using the Freshworks login, 

1. Click on the 'Forgot your password' to reset your password from your login page. 

2. Select the ‘Request reset link’ option.

3. Reset the password using the link from the password reset email.

4. Try to log in again with the new password and check if the issue persists.

   
   

   

Check for primary email for SSO login.

Check if you're using the secondary email address to log in through SSO. Please note that you can only use the primary email address for SSO login.

As an Administrator of your Freshservice account, you can check if a requester is using their secondary email to login by following the steps below.

1. Navigate to Admin. Under the User Management section, select the Requester option.

2. Click on the requester profile facing login issues, and choose the Edit Requester option under the More dropdown. 

3. Scroll down and check for the email addresses provided under the Secondary emails section.

4. Emails mentioned under secondary emails should not be used to login through SSO.
   
   
   
   

You can also access your Freshservice instance when your SSO server is down.

Check for common browser issues.

Clear cache and cookies on your web browser and try to sign in again. You can also open an incognito window to access your Freshservice instance to eliminate any extensions that limit your access.

If you still need help logging in after working through all of the above recommendations, please reach out to support@freshservice.com.