Integration Hub FreshserviceSSO

About Freshservice

Freshservice is a cloud-hosted IT service management (ITSM) software solution designed to help businesses streamline their IT processes and improve IT service delivery. Freshservice offers a variety of features, including incident management, problem management, change management, asset management, service catalog capabilities, and reporting tools for IT performance analysis.

Steps to configure SAML SSO for Freshservice

The following steps will help you enable SAML-based single sign-on (SSO) to Freshservice from Identity360.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications.
  2. Log in to Identity360 as an Admin or Super Admin, or Technician with a role that has Application Integration and Single Sign-on permissions.
  3. Navigate to Applications > Application Integration > Create New Application, and select Freshservice from the applications displayed.
    Note: You can also find Freshservice from the search bar located at the top.
  4. Under the General Settings tab, enter the Application Name and Description.
  5. Under the Choose Capabilities tab, choose SSO and click Continue.
    Identity360 application configuration general settingsGeneral Settings of SSO configuration for Freshservice
  6. Under Integration Settings, navigate to the Single Sign On tab and select SAML from the Method drop-down. Click Metadata Details.
  7. Copy the Login URL, Logout URL, Entity ID/Issuer URL, and Signature Certificate, which will be used during the SSO configuration in Freshservice.
    Identity360 application configuration integration settings of SAML SSOIntegration Settings of SAML-based SSO configuration for Freshservice

Freshservice (service provider) configuration steps

  1. Log in to the Freshservice portal and click the Admin icon.
  2. Under Account Settings, select the Service Desk Security option.
    Freshservice account settingsImage showing the account settings of Freshservice
  3. Click Modify Login Policy to configure SSO.
    Freshservice security settingsImage showing the security settings of Freshservice
  4. You will be redirected to the Default Login Method page and use the toggle button enable SSO Login.
    Note: If you have previously configured SSO, click + Add another SSO.
    Freshservice Third party SSOImage showing the selection of SSO capability from Freshservice
  5. To configure SAML-based SSO, click SAML under the IdP of your choice section in the Configure SSO side pane.
    Freshservice SAML-based SSO selectionSelecting SAML-based SSO in the Freshservice portal
  6. Paste the values copied during step 7 of prerequisites in the following fields:
    • Entity ID/Issuer URL in the Entity ID provided by the IdP field
    • Login URL in the SAML SSO URL field
    • Logout URL in the Logout URL field
    • Signature Certificate in the Security certificate field
    Freshservice set up SSOImage showing the configuration of SAML SSO from Freshservice
  7. Copy the SP Identifier value from the Service Provider(SP) Entity ID field.
    Freshservice Service Provider(SP) Entity IDImage showing the Service Provider(SP) Entity ID in Freshservice Portal
  8. Copy the Unique ID value from the Assertion Consumer Service(ACS) URL field.
    Freshservice Assertion Consumer Service URLImage showing the ACS URL in Freshservice Portal
  9. Click Configure SSO button.

Identity360 (identity provider) configuration steps

  1. Switch to Identity360's application configuration page.
  2. In the SP Identifier field, paste the value copied from the Service Provider(SP) Entity ID field during Step 7 of Freshservice configuration.
  3. In the Unique ID field, enter the value copied from the Assertion Consumer Service(ACS) URL field during Step 8 of Freshservice configuration.
    Identity360 application configuration for SAML methodIntegration Settings of Freshservice configuration for SAML method
  4. Click Save.
  5. To learn how to assign users or groups to one or more applications, refer to this page.

Your users should now be able to sign in to Freshservice through the Identity360 portal.

Steps to configure OAuth/OpenID Connect-based SSO for Freshservice

The following steps will help you enable OAuth/Open ID Connect-based single sign-on (SSO) to Freshservice from Identity360.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications. For more details, refer to the pricing details.
  2. Log in to Identity360 as an Admin or Super Admin, or Technician with a role that has Application Integration and Single Sign-on permissions.
  3. Navigate to Applications > Application Integration > Create New Application, and select Freshservice from the applications displayed.
    Note: You can also find Freshservice from the search bar located at the top.
  4. Under the General Settings tab, enter the Application Name and Description.
  5. Under the Choose Capabilities tab, choose SSO and click Continue.
    Identity360 application configuration general settingsGeneral Settings of SSO configuration for Freshservice.
  6. Under Integration Settings, navigate to the Single Sign On tab and select OAuth/OpenID Connect from the Method drop-down. Click IdP details.
  7. Copy the Client ID, Client Secret, Authorization Endpoint URL, Token Endpoint URL and User Endpoint URL, which will be used during the SSO configuration in Freshservice.
    Identity360 application configuration integration settings of OAuth/OpenID Connect SSOIntegration Settings of of OAuth/OpenID Connect SSO configuration for Freshservice

Freshservice (service provider) configuration steps

  1. Log in to the Freshservice portal and click the Admin icon.
  2. Under Account Settings, select the Service Desk Security option.
    Freshservice account settingsImage showing the account settings of Freshservice
  3. Click Modify Login Policy to configure SSO.
    Freshservice security settingsImage showing the security settings of Freshservice
  4. You will be redirected to the Default Login Method page here, enable SSO Login.
    Note: If you have previously configured SSO, click + Add another SSO.
    Freshservice Third party SSOImage showing the selection of the SSO capability from Freshservice
  5. If you choose to configure OpenID-Connect-based SSO, click OIDC under the IdP of your choice section in the Configure SSO side pane.
    Freshservice OIDC-based SSO selectionSelecting OIDC-based SSO in the Freshservice portal
    • Paste the values copied during step 7 of prerequisites in the following fields:
      • Client ID in the Client id field
      • Client Secret in the Client secret field
      • Authorization Endpoint URL in the Authorization URL field
      • Token Endpoint URL in the Access token URL field
    SP OIDC based-SSO configuration detailsImage showing the SP details for OIDC-based SSO configuration
  6. If you choose to configure OAuth-based SSO, click OAuth 2.0 under the IdP of your choice section in the Configure SSO side pane.
    Freshservice OAuth-based SSO selectionSelecting OAuth-based SSO in the Freshservice portal
    • Paste the values copied during step 7 of prerequisites in the following fields:
      • Client ID in the Client id field
      • Client Secret in the Client secret field
      • Authorization Endpoint URL in the Authorization URL field
      • Token Endpoint URL in the Access token URL field
      • User Endpoint URL in the User info URL field
    SP OAuth based-SSO configuration detailsImage showing the SP details for OAuth based-SSO configuration
  7. Copy the Redirect URL from Freshservice and click Configure SSO.
    SP Redirect URLImage showing the Redirect URL in the SP portal

Identity360 (identity provider) configuration steps

  1. Switch to Identity360's application configuration page.
  2. In the Login Redirect URL field, enter the Redirect URL value copied during step 7 of Freshservice configuration.
  3. If you have opted for OIDC-based SSO, select openid scope, or if you have chosen OAuth-based SSO, select email and profile from the Scopes drop-down list.

    Note: Scopes define the level of access that can be requested by the service provider to access a resource. Identity360 supports the following scopes:

    • openid: Establishes that this is an OpenID Connect request.
    • email: Requests the user's email attribute.
    • profile: Requests the user's profile claims (FirstName and LastName).
    Identity360 application configuration for OAuth/OpenID Connect methodIntegration Settings of OAuth/OpenID Connect SSO configuration for Freshservice.
  4. Click Save.
  5. To learn how to assign users or groups to one or more applications, refer to this page.

    Your users should now be able to sign in to Freshservice through the Identity360 portal.

    Note: For Freshservice, only SP-initiated flow is supported.

Steps to enable MFA for Freshservice

Setting up MFA for Freshservice using Identity360 involves the following steps:

  1. Set up one or more authenticators for identity verification when users attempt to log in to Freshservice. Identity360 supports various authenticators, including Google Authenticator, Zoho OneAuth, and email-based verification codes. Click here for steps to set up the different authenticators.
  2. Integrate Freshservice with Identity360 by configuring SSO using the steps listed here.
  3. Now, activate MFA for Freshservice by following the steps mentioned here.

How does MFA for applications work in Identity360?

  SSO Integration flow diagram  

Don't see what you're looking for?

  •  

    Visit our community  

    Post your questions in the forum.

     
  •  

    Request additional resources  

    Send us your requirements.