The new Google Apps Single Sign On (SSO) identity services capability for cloud application supports the SAML SSO standard. This comes with a number of pre-integrated cloud applications, including Freshdesk. If you're already a Google Apps for work customer, at no extra costs you can enable this for your support portal. When a user tries to sign into your support portal with Google SSO, she will be redirected to Google and using Google's authentication she will be verified and signed into your support portal.
Steps to configure Google SSO for Freshdesk
- Go to your Google Apps for work account's Admin console
- Under Apps, you'll see a new option for SAML Apps where you can manage the SSO settings
- You will see a list of cloud applications (known as service providers) you have already configured with Google as your identity provider
- Click on 'Enable a new SSO for a SAML App'
Note: Performing this task requires being signed in as a super admin
Step 1: Choose Freshdesk from the list of pre-integrated Apps as your SAML service provider
Step 2: Setup Google apps as your SAML identity provider (IDP) There are two options you can choose from. With option 1, you can copy the URL fields and download the X.509 certificate or with option 2, you can download the IDP metadata. With either option, you then put them in the appropriate SSO setup fields in the Freshdesk.
Step 3: Once you're done, you should add basic information for Freshdesk, such as name, description and logo
Step 4: These SAML-specific details help the service provider app (Freshdesk) communicate with Google as an identity provider. Since Freshdesk is a pre-integrated app, a lot of these values are already filled in. You just have to customise them for your domain.
Note: If you're looking to set up custom parameters for your users, you can make use of 'Attribute Mapping'. Currently, we support the following 5 attributes:
(a) Email (mandatory)
(b) FirstName
(c) LastName
(d) phone
(e) company
If FirstName and LastName are not passed, then the part before @ in the email address will be taken as the Full Name. It is important to note that these attributes are case sensitive.
Step 5: Configuring SSO settings inside Freshdesk:
- Once you've completed these actions in the Admin console, you must enable and configure the SSO on your Freshdesk site.
- Go to Admin > Account > Security > Single Sign On (SSO) > SAML SSO
- Fill up the SAML Login URL and Security Certificate Fingerprint from the certificate you download in Step 2.
Step 5: Finally, turn ON Single Sign On in your Google Admin console.
Note: It is best to verify if the SSO is working by signing out of Google Apps and going to the support portal. You should automatically be directed to the Google Apps sign in page. And once you enter your credentials, and are authenticated, you should automatically be redirected to Freshdesk.
Note: Please include "https://" before the URL entered in the entity ID.