Freshworks - SSO Configuration
This documentation has been tested and approved by Kelvin Zero's team
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Freshworks using Multi-Pass.
SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials.
This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Freshworks, ensure you meet the following requirements:
- Freshworks admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Freshworks are registered in your IdP and have the necessary permissions to access Freshworks.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Freshworks - SSO configuration
Step 1 - Configure Freshworks as the Service Provider (SP)
- Log into Freshworks as an Administrator
- Select the Freshworks Switcher
- Select Security
- Select Default Login Methods
- Toggle on SSO Login and select +Add another SSO
- Select SAML
- Under Map information from IdP, populate the information based on the below table:
| Field | Value |
|---|---|
| Entity ID provided by the IdP | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| SAML SSO URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| Signing Options | Only Signed Response |
| Security Certificate | Tenant Certificate available at: https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/descriptor |
- Under Advanced Options, set the following settings:
| Field | Value |
|---|---|
| NameID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Encrypted Assertions | OFF |
| Should AuthnRequests be signed? | ON |
| SAML Signature Method | RSA – SHA 256 (Recommended) |
| SAML Single Logout | OFF |
| SP initiated request binding | HTTP_POST |
| Update profile every time a user logs in | ON |
| Button Label | Multi-Pass SSO |
- Click Configure SSO
Step 2 — Configure Multi-Pass as the Identity Provider (IdP)
- Select the correct tenant and go to Integrations, then click on Applications.
- Select SAML in the custom integration section.
- Complete the SAML setup with the following information:
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | https://<FW_DOMAIN>.myfreshworks.com/sp/SAML/881543301655492912/metadata |
| Name | freshworks |
| Description | Freshworks SSO integration |
| Assertion Consumer Service URL | https://<FW_DOMAIN>.myfreshworks.com/sp/SAML/881543301655492912/callback |
| NameID Policy Format |
- Click Add integration
- Click Advanced Console
- Click Clients and search for Freshworks
- Verify the different fields :
General settings
| Field | Value |
|---|---|
| Client ID | https://<FW_DOMAIN>.myfreshworks.com/sp/SAML/881543301655492912/metadata |
| Name | freshworks |
| Description | Freshworks SSO integration |
| Always display in UI | ON |
Access settings
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://<FW_DOMAIN>.myfreshworks.com/sp/SAML/881543301655492912/callback |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | OFF |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | ON |
| Sign Assertions | ON |
- Now that you have checked the different parameters, change to the tab called Keys.
- Make sure that both parameters are switched to OFF.
- Now go to the Advanced tab.
- The field Assertion Consumer Service POST Binding URL must equal the Valid Redirect URIs (ACS).
Step 3 — Testing Multi-Pass to Freshworks
- Navigate to your Freshworks login page
- Click the Multi-Pass SSO button and you will be redirected to Multi-Pass for Authentication
- Complete the authentication and access Freshworks
Related Articles
D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Wrike - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Wrike using MPAS. SSO simplifies user authentication by allowing access to multiple ...Grafana - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Slack - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...