Okta

How to Configure SAML 2.0 for Freshservice


This Freshservice SSO application will soon be deprecated. All new Freshservice customers who signed up after March 15, 2020, please install the Freshworks app to configure SSO.


Read this before you enable SAML

This Freshservice SSO application will soon be deprecated. All new Freshservice customers who signed up after March 15, 2020, please install the Freshworks app to configure SSO.

Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.

Backup URL

In case users need to sign-in using their username and password, they can use this FreshService backup log-in url:

http://[your-subdomain].freshservice.com/login/normal.

Contents

Supported Features

The Okta/Freshservice SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Sign in to Freshservice as an administrator.

  2. Click the gear icon (Admin), then select Helpdesk Security:

    freshservice_newa.png

  3. Follow the steps below:

    • Enable Single Sign On.

    • Select SAML SSO.

    • SAML Login URL: Copy and paste the following:

      Sign in to the Okta Admin app to generate this variable

    • Logout URL: Copy and paste the following:

      Sign in to the Okta Admin app to generate this variable

    • Security Certificate Fingerprint: Copy and paste the following:

      Sign in to the Okta Admin app to generate this variable

    • Click Save.

    freshservice_newb.png

  4. Note: If you don't have a Custom FreshService Domain, skip this step.

    In Okta, select the Sign On tab for the Freshservice app, then click Edit.

    • SSO URL (optional): Enter your SSO URL if you have a Custom FreshService Domain (for example: https://acme.example.com/login/saml).

    • Audience Restriction (optional): Enter your Audience Restriction if you have a Custom FreshService Domain (for example: acme.example.com).

      If you're not sure what values should be entered, contact support@freshservice.com.

    • Click Save.

    freshservice_newc.png

  5. Done!

Notes

If you don't have a Custom FreshService Domain make sure that you entered the correct value in the SubDomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to FreshService.

SP-initiated SSO

  1. If you have a CNAME configured, go to https://[your-domain>].

  2. If you use a normal Freshservice URL, go to https://[your-subdomain].freshservice.com, then click SIGN IN:

    3. freshservice_newd.png