Using Single Sign-On (SSO), users can access multiple accounts in the Organization with the same set of credentials.

To set up Single Sign-On,

1. Go to the Profile icon > Edit

   
   
   

2. In the Organization dashboard, Navigate to the Lock icon denoting "Security" and enable the Single Sign-on toggle

Note: 

You can define more than one SSO for accounts in your organization. You can enable SSO under 'Default Login Methods' (applicable for all organization users, including admins/agents). If you want to create specific policies for a particular account or portal, configure it under 'Custom Policies'. For contacts, configure any security policies 'Security > Contacts'.

3. Choose from the login methods below:

1. SAML SSO - 
   
   Connect to a SAML-based identity provider Okta, Onelogin for Single Sign-on.

   1. Copy the Assertion Consumer Service (ACS) URL and the Service Provider(SP) Entity ID.

   2. Enter the Entity ID provided by your identity provider.
      
      

   3. Enter the SAML SSO URL.
      
      

   4. Choose the signing options - Signed assertions and signed. response/Only signed assertions/Only signed response.
      
      

   5. Optionally provide the logout URL to which the users will be sent when they log out.
      
      

   6. Copy-paste the SAML certificate provided by your SAML Provider. This will be used for encryption/validation of assertions between your Identity Provider and Freshworks.
      
      

2. OAuth 2.0 - 
   
   Industry standard protocol for authorization, commonly used as a way for Internet users to grant websites or applications access without giving them passwords.
   
   

   1. Copy the Redirect URL that the user will be redirected to once the authentication is successful
      
      

   2. Enter the Client ID and Client secret provided by your identity provider
      
      

   3. Define the level of access for the access token
      
      

   4. Enter the Authorization and Access token URLs
      
      

   5. Enter the logout and user info URL

   6. Click on "save" to Save your changes.
      
      

3. Open ID Connect - 
   
   Open ID Connect (OIDC) is an authentication layer on top of OAuth 2.0

   • Copy the Redirect URL that the user will be redirected to once the authentication is successful
     
     

   • Enter the Client ID and Client secret provided by your identity provider
     
     

   • Define the level of access for the access token
     
     

   • Enter the logout URL
     
     

   • Enter the Authorization and Access token URLs
     
     

   • Click on "save" to Save your changes.
     
     
     

Note: To learn more about SSO, refer to these articles below:

1. How to Configure SSO with Custom JWT implementation?
2. How to Configure SSO with OAuth 2.0?
3. How to Configure SSO with OpenID Connect?
4. How to Configure SSO with a SAML 2.0 Identity Provider?