How to Configure SAML 2.0 for TOPdesk

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/TOPdesk SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO

---

Configuration Steps

1. Save the following metadata as metadata.xml:

   Sign in to Okta Admin app to have this variable generated for you.

3. Log in to TOPdesk as an administrator.

4. Navigate to Settings > Functional Settings > Login Settings > General.

5. Scroll down to the SAML login section and click the Add button to create a SAML 2.0 setup for the public (Self Service Desk) or secure (Operator’s Section) realm.

   

6. The SAML configuration assistant window appears, do the following (see screen shot at end of step for reference):

   1. In the Federation metadata section:

      • Select the Upload as file button.

      • Click Browse and locate and upload the metadata.xml file you saved in step 1.

      • Select Entity ID from the dropdown list.

      • For User name attribute enter username.

   2. In the TOPdesk metadata section:

      • Uncheck Assertions will be encrypted.

      • Click Browse to locate and upload a RSA certificate of the TOPdesk server.

      • Click Browse to locate and upload a Private key of the TOPdesk server.

      • For TOPdesk endpoint enter the hostname of the TOPdesk server.

   3. In the Login page section:

      • Display name: Enter OKTA_Public for the public (Self Service Desk), or OKTA_SECURE for secure (Operator’s Section) realm.

      • Logo icon: Click Browse to download the following logo: http://developer.okta.com/docs/sdk/core/csharp_api_sdk/icons/logo.png

   4. Click Save.

   

7. In Okta, select the General tab for the TOPdesk SAML app, then click Edit.

   • SAML Login: Select your SAML login type from the drop down menu.

   • SubDomain: Enter your TOPdesk subdomain.

   • Domain Name (optional): Enter your Domain Name if you have a Custom TOPdesk Domain (for example: https://acme.example.com).

     Note: If you don't have a Custom TOPdesk Domain, leave this field blank and enter a value in the SubDomain field.

   • Click Save.

   

8. Done!

---

Notes

The following SAML attributes are supported:

Name	Value
username	user.userName

For SP-initiated SSO

1. Open one of the following login pages:

   https://[yourSubDomain].topdesk.net/tas/public/login/saml - public (Self Service Desk) login.

   https://[yourSubDomain].topdesk.net/tas/secure/login/saml - secure (Operator’s Section) login.

2. Click either OKTA_PUBLIC for the public (Self Service Desk), or OKTA_SECURE for secure (Operator’s Section) login.