Single Sign-On(SSO)

Single Sign-On (SSO) is a system that lets users securely authenticate multiple cloud applications by logging in only once in a managed authentication system. This managed authentication system is also referred to as Identity Provider (IdP) and the cloud applications that rely on the data provided by Identity Provider are called as Service Providers (SP). Some of the Identity Providers are ADFS, OneLogin, Okta, Auth0, and G-Suite.

For more information on SSO in Freshdesk, click here

Custom SSO policies

Orgv2 has a built-in UI to set up a custom login policy (with customized login URL) with different login mechanisms available under it.

  • An Org can set up about 5 custom policies.
  • 1 custom policy apart from the default policy can be set up for agents per account.
  • 1 custom policy for contact per account can be configured.

You can configure a custom policy in Org even without this feature enabled in Freshdesk but those policies will not be synced to Freshdesk. In this scenario, we can enable the feature from the backend and you can change the custom policy name/URL to sync these policies to Freshdesk.

To set up a custom SSO policy

Custom agent SSO:

If Org<>SSO sync feature is enabled, then there are 2 scenarios:

A. Freshdesk account without Freshdesk SSO:

  • The default Freshdesk landing page is support/home. 
  • Click on login → support/login
  • Support/login → On hovering the link 'Are you an agent Login here', the customized URL of Org custom policy will be there. 
  • On clicking here, it will take the Org custom policy login mechanism.
  • login/normal → It will not show any custom URL. This page will always redirect to the default Org login page

B. Freshdesk account with Freshdesk SSO:

  • Support/login → will redirect to Freshdesk SSO IDP. 
  • There is no way agents can log in to agent's custom policy. They can only use login/normal to log in through the Org default login page. 
  • You have to disable Freshdesk SSO to use login through custom policy. But once Freshdesk SSO is disabled, it cannot be re-enabled.

Custom contact SSO:
A. Freshdesk account without Freshdesk SSO:

  • Support/login page → On hovering over the link 'Are you a customer Login here', the customized URL of Org custom policy will be there. On clicking here it will take Org custom policy login mechanism.
  • login/normal → it is only for agents.

B. Freshdesk account with Freshdesk SSO:

  • Support/login → will redirect to Freshdesk SSO IDP.
  • You can check the behavior of contact custom policy by hitting
    account_domain_url/customer/login in the browser. It will be redirected to the custom policy login URL, where you check the contact login functionality. 
  • Once you have completely configured this, disable the Freshdesk SSO.

   Once you have successfully set up SSO, the login page will look this : 

Contact attributes :
The following default user attributes can be sent to Freshdesk from the identity provider when a user logs into the IDP via SSO:




First Name

givenname or FirstName or username


The first name of the user/contact

Last Name

surname or LastName


The last name of the user 




Work phone number of the user 


company or organization


Name of the Company of the user 


Title or job_title


Job title of the user

Unique external ID



Unique external id of the user 

Mobile phone



Mobile phone number of the user 

Time zone



Time zone of the user 




Language of the user


about, description


Description of the user

Custom Contact attributes :

We also support custom contact fields.

Custom field



For example: If there is a custom user field (contact field) configured as 'Office Location', then the SAML assertion needs to send the attribute as 'custom_field_office_location' to update the user information.

Note: All the above attributes will be assigned to the contact during login. Any attribute changes would be synced as well. Email is mandatory for a user during login. 

You can refer to this article for the various language codes and timezones allowed.