Freshdesk SSO

One can configure Freshdesk to provide SAML Single Sign On for your users. This way, they do not have to provide separate login credentials for Freshdesk. The authentication of the user is done by any SAML provider you configure on your side and the user attributes like Email address are sent back to Freshdesk.

Generate public key and private key pair

Although there are many methods for creating public and private key pairs, the open-source OpenSSL tool is one of the most popular. It has been ported to all major platforms and provides a simple command-line interface for key generation. There are certainly many more ways to generate the keys and certificate you need. Fulfill the following command to generate a PEM-encoded private key and stores it in the rsaprivkey.pem file: Run the following command to generate the public key in DER format: Generate the private key in pkcs8 and DER format by running the following: Once you have your key pair, create an X.509 certificate. The certificate holds the corresponding public key, along with some metadata relating to the organization that created the certificate. Use this command to create a self-signed certificate from either an RSA or DSA private key:

openssl genrsa -out rsaprivkey.pem 1024
openssl rsa -in rsaprivkey.pem -pubout -outform DER -out rsapubkey.der
openssl pkcs8 -topk8 -inform PEM -outform DER -in rsaprivkey.pem -out rsaprivkey.der -nocrypt
openssl req -new -x509 -key rsaprivkey.pem -out rsacert.pem

Note: As the result, you will need the following for Signing in OpenIAM:

  • rsacert.​p​em is the public key.
  • rsaprivkey.der is the private key.

Enabling SAML Single Sign on in Freshdesk

  1. Log into your Freshdesk as an administrator.
  2. Under Admin tab, go to Security.
  3. Click on the SSO toggle to enable it.
  4. Click the SAML SSO radio button. You will have to copy the Login URL, Logout
  5. Copy the URL (optional) and the SHA-256 fingerprint of the SAML certificate from the Identity Provider and paste them in these text boxes.
  6. Click Save to start using SAML SSO right away. SAML Login URL - ​http://{yourDomain}/idp/saml2/idp/login Logout URL - h​ttp://{yourDomain}/idp/saml2/idp/logout Security Certificate Fingerprint - SHA-256 fingerprint ​You can add the ​-days 365​ flag to the last step in order to make the certificate valid for a year (by default it is 30 days). Note: you can get SHA-256 fingerprint by the following command:
openssl x509 -noout -fingerprint -sha256 -inform pem -in rsacert.pem

where rsacert.pem - key from “Generate public key and private key pair” section

Configuring OpenIAM

Perform the steps as shown below.

Identity provider

Identity ptovider 2

To login into Freshdesk admin panel without sso go to: