4

The documentation on how to integrate auth0 with freshdesk is sparse and the ones I did find were outdated

freshdesk support article auth0 support article

Lawrence Chang
  • 459
  • 5
  • 7

2 Answers2

2

The following is broken down by service into steps

Auth0:

  1. Assuming you have already made a new client, go to Applications / Create Application.
  2. Select Single Page Web App or Regular Web App.
  3. Go to Settings tab.
  4. Under Allowed Callback URLs insert https://[YOURDOMAIN].freshdesk.com/login/saml.
  5. Under Allowed Web Origins be sure to put your domain.
  6. Under Allowed Origins (CORS) be sure to put your domain.
  7. Go to Addons tab.
  8. Select SAML 2
  9. Under Application Callback URL be sure the url is https://[YOURDOMAIN].freshdesk.com/login/saml.
  10. Under settings place the following:
{
  "audience": "https://[YOURDOMAIN].freshdesk.com",
  "mappings": {
    "email": "Email",
    "name": "username",
    "given_name": "FirstName",
    "family_name": "LastName"
  },
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ],
  "signatureAlgorithm": "rsa-sha256",
  "digestAlgorithm": "sha256",
  "lifetimeInSeconds": 3600,
  "signResponse": false
}
  1. Note that the signature algorithm must be rsa-sha256 as this is what freshdesk is expecting
  2. Under the Usage tab download the Auth0 certificate
  3. Store the Identity Provider Login URL as we will be using this on freshdesk.

Freshdesk:

  1. Go to Settings / General Settings / Security
  2. Turn on Single Sign On (SSO)
  3. Under SAML Login URL paste in the Identity Provider Login URL from auth0.
  4. Open the Auth0 certificate and find the sha256 fingerprint and place into the Security Certificate Fingerprint field. Note: you may need to format your fingerprint to include : between each value.
  5. Hit save

Special Note: I did notice that agents will now have to go through auth0 in order to get to the admin dashboard. To circumvent that try logging in through this portal: https://[YOURDOMAIN].freshdesk.com/login/normal.

I hope that these instructions help you out in your freshdesk auth0 integrations. good luck!

Lawrence Chang
  • 459
  • 5
  • 7
2

In the last year, a few things have changed from the selected answer. Major differences I ran into:

  1. The "Application Callback URL" is the "Assertion Consume Service(ACS) URL" found in the Freshdesk SSO setup page.
  2. The "audience" field should be the "Service Provider(SP) Entity ID" (also found in the Freshdesk SSO setup page).
  3. There is no longer a "SAML Login URL". It seems to have been renamed "SAML SSO URL". So paste the "Identity Provider Login URL" there (wouldn't it be nice if these things were called the same things on both ends?!?)
  4. Freshdesk now wants the complete certificate, not the fingerprint. So you'll need to copy the whole contents of the .pem file that you can download from Auth0 into the text field for "Security Certificate".
  5. Freshdesk requires an "Entity Id provided by the IdP". This one took some work to figure out. It turns out it is called "Issuer" under the "SAML Protocol Configuration Parameters" on Auth0. Look in the "Usage" tab (same place you can get the certificate and the "Identity Provider Login URL".

I hope that helps somebody else. With those tweaks, everything seems to be working well for me.

Michael Tiller
  • 9,291
  • 3
  • 26
  • 41
  • 1
    You also need to set `"signResponse": true` on the JSON entry configured for the Auth0.com SAML, otherwise Freshdesk will fail on login with the following error message: `Saml configuration error: saml response is not signed. please make the saml response is signed in your idp.` – asieira Jul 17 '20 at 17:57
  • Do you know if this works with Auth0 Organizations? I'm trying to make contacts (customers, not agents) login through SSO. Is this possible? I've followed the instruction from your solution and the solution below but not luck yet. – CodeTrooper Jun 15 '22 at 19:21