How to Configure SAML 2.0 for TOPdesk 6

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/TOPdesk 6 SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO

For more information on the listed features, visit the Okta Glossary.

---

Configuration Steps

1. Login to TOPdesk as an administrator.

2. Navigate to Settings > Functional Settings > Login Settings > General.

3. Scroll down to the SAML login section, then click the Add button to create a SAML 2.0 setup for the public (Self Service Desk) or secure (Operator’s Section) realm:

   

4. The SAML configuration assistant window appears. Enter the following (see screen shot at end of section for reference):

   1. In the Federation metadata section:

      • Select the Link via URL radio button, copy and paste the following metadata URL into the URL field, then click OK:

        Sign in to the Okta Admin app to have this variable generated for you

        

      • Select Entity ID from the dropdown menu.

      • For User name attribute, enter username.

      • Uncheck Use signed metadata.

   2. In the TOPdesk metadata section:

      • Check TOPdesk metadata.

      • Uncheck Assertions will be encrypted.

      • Click Generate key pair.

        Note: This generates test certificates that are valid for one year. In order to generate certificates with 10 years validity period you need to use the Certificate tool. Follow this guide if you want to generate 10 year certificates.

      • For TOPdesk endpoint, enter the hostname of the TOPdesk server.

   3. In the Login page section:

      • For Display name, enter OKTA_Public for the public (Self Service Desk), or OKTA_SECURE for secure (Operator’s Section) realm.

   4. Click Save.

   

5. Navigate to Settings > Functional Settings > Login Settings > General.

6. Select your SAML configuration.

7. Click the Metadata URL… button:

   

8. Make a copy of the TOPdesk metadata URL.

9. Click OK.

   

10. In Okta, select the General tab for the TOPdesk app, then click Edit.

    • SAML Login: Select your SAML Login type.

    • SubDomain: Enter your TOPdesk subdomain.

    • Metadata URL: Enter the TOPdesk metadata URL you copied in step 8.

    • Domain Name (optional): Enter your Domain Name if you have a Custom TOPdesk Domain (for example: https://acme.example.com).

      Note: If you don't have a Custom TOPdesk Domain, leave this field blank and enter a value in the SubDomain field.

    • Click Save.

    

11. Done!

---

Notes

SP-initiated SSO

• Open one of the following login pages:

  • For public (Self Service Desk) login: https://[yourSubDomain].topdesk.net/tas/public/login/saml.

  • For secure (Operator’s Section) login: https://[yourSubDomain].topdesk.net/tas/secure/login/saml.

• Click either:

  • For public (Self Service Desk) login: OKTA_PUBLIC.

  • For secure (Operator’s Section) login: OKTA_SECURE.

Note: When using SAML the user needs to click the SAML button to start the SAML request. This can be skipped by entering the url of the TOPdesk environment into the Aliases field in the SAML settings within TOPdesk. For example if your login URL is https://acme.topdesk.net/, you need to enter https://acme.topdesk.net alias in the SAML settings (Secure and/or Public):