Last updated: 2023-05-04
Single Sign-On (SSO) is a feature that allows users to securely authenticate multiple cloud applications by logging in only once in a managed authentication system. With SSO, users don't have to think and remember different passwords for different applications; they can now use the existing login information that is managed by Identity Providers (IdP) like ADFS, OneLogin, Okta, Azure AD, G-Suite and the cloud applications that rely on the data provided by Identity Provider called Service Providers (SP). Using SSO, you can log in to different accounts across Freshworks products. Admins can choose and configure how users can log into each of the Freshworks accounts.
Today, Freshworks supports the following protocols to securely exchange user identity information between the Identity Provider and Service Provider: SAML, OAuth2, OpenID Connect (OIDC), JWT.
How does SSO work
With single sign-on, this is what happens when you try to log in to an application,
1. If you have already logged in using SSO, the application grants you access to it.
2. If you haven’t, you are presented with options for authentication via a third-party identity provider like Google. You can log in with that provider.
3. The identity provider authenticates you, ensures the application that is asking for your authentication is legit, and issues a token back to the application. The application uses this information to log the user in.
4. Once you are logged in, the authentication verification data (either as cookies or as tokens) is passed as you navigate to different pages of the application.
With our new and improved UI, you can
Security policy for Contacts
We have brought in a separate tab to define various login methods through which your contacts can log in.
One policy for all
Under Security > Default Login Methods, you can choose between Freshworks Login, Google Login, and Single sign-on via any identity provider of your choice. The default policy will drive the entire authentication layer for all your accounts in the organization.
Apply password policy
After choosing your password policy (either configuring your custom policy or choosing one of the preset levels), you can choose when to apply the policy. You can either apply it immediately, the next time the user logs in, or the next time the user decides to change the password.
SSO configuration made easy
Our new and improved UI is intuitive and has helpful configuration guides for some of the popular identity providers. That's not it. We have many advanced enterprise-grade controls that you can customize like single logout, encrypted assertions, and more. You have an option to rename the SSO name and button label, making it easy to manage multiple configurations you might have setup.
Custom policies for your unique needs
You can define authentication controls for specific accounts and portals in just three steps to cater to your specific security needs. We now support up to 99 configurations.
Org Admins can configure multiple policies to ensure your users securely access the Freshworks accounts. Here are a few things you can do: