Entrust Identity as a Service™ Technical Integration Guides
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. SAML Integration Guides >
  3. Integrate Freshworks

Integrate Freshworks

Freshworks. Inc. is a cloud-based software-as-a-service company that provides cloud-based tools for customer relationship managing, IT service management, and e-commerce marketing. See https://support.freshworks.com/support/solutions/articles/237923. You can protect access to Freshworks by integrating Freshworks with Identity as a Service. Once integrated, users can use single sign-on to log in to their Freshworks account through Identity as a Service.  

Note: This integration was tested using Identity as a Service version 5.36 and Freshworks Platform 3.0. Other versions of Freshworks may require integration and configuration steps that differ from those documented in this procedure. For other versions of Freshworks, this integration guide may be used as an initial approach for integrating Freshworks . In the event of other issues, contact support@entrust.com for assistance.

To integrate Freshservice with Identity as a Service, you must do the following:

Before you begin, open two browser windows. In one window, log in to your Freshworks administrator account. In the other window, log in to your IDaaS administrator account.

Step 1: Copy the Redirect URL from FreshworksStep 1: Copy the Redirect URL from Freshworks

Log in to Freshworks.

Click Admin. The Admin page appears.

In the Search bar, type security.

Click Security. The Security settings page appears.

Under Login Settings > Freshworks SSO, click Edit configuration.

Next to Default Login Method page, click SSO Login. The Accounts and Portals page appears.

Scroll to Configured SSOs.

Click Add another SSO. The Configure SSO dialog box appears.

Under IdP of your choice click SAML. The Set up SSO with SAML dialog box appears.

Click Download Metadata.

Leave this page open. You return to it later in this procedure.

Step 2: Add Freshworks to Identity as a ServiceStep 2: Add Freshworks to Identity as a Service

In Identity as a Service, click > Security > Applications. The Applications Lists page appears.

Click Add. The Select an Application Template page appears.

Do one of the following:

Select SAML Cloud Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.

- or -

In the Search bar, enter a search option to filter for the application you want to add to IDaaS.

Click Freshworks. The Add Freshworks page appears.

Enter an Application Name.

Enter an Application Description.

Optional. Add a custom application logo.

Click next to Application Logo. The Upload Logo dialog box appears.

Click  to select an image file to upload.

Browse to select your file and click Open. The Upload Logo dialog box reappears showing your selected image.

If required, resize your image.

Click OK.

Select the Authentication Flow that appears to users during login.

Click Next. The General page appears.

Click Upload Metadata XML and browse to upload the metadata file you downloaded in Step 1: Download the metadata file from Freshworks.

Enter the SAML Session Timeout to the time when the SAML Assertion times out. The maximum is 720 minutes.

Enter the Max Authentication Age (seconds) to set the maximum amount of time that can elapse before a user is required to reauthenticate during a new login attempt. This applies for both SP-initiated and IDP-initiated login. Set this field to -1 to disable this feature.

From the SAML NameID Attribute drop-down list, select Email.

From the SAML NameID Encoding Format drop-down list, select Email.

From the SAML Signing Algorithm drop-down list, select SHA256.

From the SAML Signing Certificate from the drop-down list, select the SAML Signing Certificate.

Optional: Select Respond Immediately for Unsuccessful Responses to return to the application immediately after a login failure, rather than allow user to try again with a different userID.

Deselect Enable Go Back Button if you do not want users to be able to go back to the Freshservice login page to log in.

Add two SAML Attributes, as follows:

Add the first name attribute, as follows:

Click Add. The Add Attribute dialog box appears.

In the Name field, enter

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

In the Value field, type <f and select First Name.

Click Add to return to the Add Application page.

Add the user Last Name attribute, as follows:

Under SAML Attributes, click Add.

In the Name field, enter

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

In the Value field,  <l and select Last Name.

Click Add to return to Add Application page.

 Leave the remaining settings at the default values.

Click Submit.

Step 3: Add a resource ruleStep 3: Add a resource rule

See Create resource rules.

Step 4: Copy the Entity ID and Single Sign-On URL from IDaaSStep 4: Copy the Entity ID and Single Sign-On URL from IDaaS

In IDaaS, click > Security > Applications. The Applications List page appears.

Under SAML Cloud Integrations, click . The SAML Signing Certificates page appears.

Open a text editor, such as Notepad, and copy and paste the contents of the following into the text file:

Entity ID

Single Sign-On URL

Save the text file.

Step 5: Copy the signing certificate from IDaaSStep 5: Copy the signing certificate from IDaaS

Copy a SAML signing certificate

Log in to your Identity as a Service administrator account.

Click > Security > Applications. The Applications List page appears.

Under SAML Cloud Integrations, click SAML Signing Certificates. The SAML Signing Certificates page appears.

Click  next to the certificate to copy it to the clipboard.

You can additionally download the certificate and save it for future use.

Open a text editor, such as Notepad, and paste the contents of the certificate into the text file.

Save the file.

Step 6: Configure Freshworks for SSO with IDaaSStep 6: Configure Freshworks for SSO with IDaaS

Return to the Set up SSO with SAML dialog box you left open in Step 1: Download the metadata from Freshworks.

In the Entity ID field, enter the Entity ID you copied in Step 4: Copy the Entity ID and Single Sign-ON URL from IDaaS.

 In the SAML SSO URL field, enter the Single Sign-On URL you copied in Step 4: Copy the Entity ID and Single Sign-ON URL from IDaaS.

In the Security certificate field, paste the certificate you copied in Step 5: Copy the SAML signing certificate from IDaaS.

Click Configure SSO. You are returned to the Security page.

Click SSO Login. Toggle the SSO Login button to On.

Step 7: Test the integrationStep 7: Test the integration

Testing Service Provider Login

Open a Web browser and enter the URL for your Freshworks account. You are redirected to Identity as a Service.

Enter your Freshworks User ID and click Next.

Respond to the second-factor authentication challenge. If you respond successfully, you are logged in to Freshworks.

Testing Identity as a Service redirect log in

Log in to your Identity as a Service account.

Go to your My Profile page if you are not already there.

Under Applications, click Freshworks.

Respond to the second-factor authentication challenge. If you respond successfully, you are logged in to Freshworks.