Single Sign-On (SSO) is a feature that allows users to securely authenticate multiple cloud applications by logging in only once in a managed authentication system. With SSO, users don't have to think and remember different passwords for different applications; they can now use the existing login information that is managed by Identity Providers (IdP) like ADFS, OneLogin, Okta, Azure AD, G-Suite and the cloud applications that rely on the data provided by Identity Provider called Service Providers (SP). Using SSO, you can log in to different accounts across Freshworks products. Admins can choose and configure how users can log into each of the Freshworks accounts.




Today, Freshworks supports the following protocols to securely exchange user identity information between the Identity Provider and Service Provider: SAML, OAuth2, OpenID Connect (OIDC), JWT.


TABLE OF CONTENTS

How does SSO work 

With single sign-on, this is what happens when you try to log in to an application, 

  1. If you have already logged in using SSO, the application grants you access to it. 

  2. If you haven’t, you are presented with options for authentication via a third-party identity provider like Google. You can log in with that provider. 

  3. The identity provider authenticates you, ensures the application that is asking for your authentication is legit, and issues a token back to the application. The application uses this information to log the user in. 

  4. Once you are logged in, the authentication verification data (either as cookies or as tokens) is passed as you navigate to different pages of the application. 

With our new and improved UI, you can 

  • easily setup SSO with the help of in-product configuration guides for popular identity providers

  • configure up to 99 SSOs  for a single organization

  • customize advanced SAMLoptions like for single logout, encrypted assertions, and more 

  • download SAML metadata and configure it in third party IdPs with one click (wherever supported)

  • customize the “Sign in with SSO” button label on the login page

  • define custom policy in just three steps

  • configure up to 99 custom policies and customize logo on each of the custom login URL

Security policy for Contacts

We have brought in a separate tab to define various login methods through which your contacts can log in. 

One policy for all

Under Security > Default Login Methods, you can choose between Freshworks Login, Google Login, and Single sign-on via any identity provider of your choice. The default policy will drive the entire authentication layer for all your accounts in the organization. 

Apply password policy

After choosing your password policy (either configuring your custom policy or choosing one of the preset levels), you can choose when to apply the policy. You can either apply it immediately, the next time the user logs in, or the next time the user decides to change the password. 




SSO configuration made easy

Our new and improved UI is intuitive and has helpful configuration guides for some of the popular identity providers. That's not it. We have many advanced enterprise-grade controls that you can customize like single logout, encrypted assertions, and more. You have an option to rename the SSO name and button label, making it easy to manage multiple configurations you might have setup. 


Custom policies for your unique needs

You can define authentication controls for specific accounts and portals in just three steps to cater to your specific security needs. We now support up to 99 configurations. 

 




Org Admins can configure multiple policies to ensure your users securely access the Freshworks accounts. Here are a few things you can do: 

  • You can choose the Default security policy comprising Freshworks login managed by a password policy or/and Google Login or/and SSO login applicable to all admins/agents logging into the organization's accounts. 



  • You can also create custom policies to configure SSO for contacts (Your customers in Freshdesk) or to cater to agents in a specific portal/account. 


  • Users can also opt to configure two-factor authentication.