This article will show you how to configure SAML for freshworks application in Teamstack.
Once this is done, your users will be able to access freshworks using Teamstack via SAML. Your users will use their Teamstack credentials when accessing freshworks.
Features:
Teamstack (IdP) initiated Single Sign-On
freshworks (SP) initiated Single Sign-On
Set up SSO via SAML for freshworks
To set up SSO, you first need to get your SAML URLs from freshworks. Then you can add a freshworks app to Teamstack and add the SAML URLs.
Step 1: Get your SAML URLs from freshworks.
Go to your Freshworks dashboard
In the left corner click on the lock (Security) icon.
Scroll down and expand the Single sign-on section.
From the "Login Method" dropdown, select "SAML SSO".
Save the value of "Assertion Consumer Service(ACS) URL" and "Service Provider(SP) Entity ID" and keep the page open.
Step 2: Add freshworks app to Teamstack
Go to your Applications in Teamstack.
Click "Add Application" in the top right corner.
Search for "freshworks" and click "Add".
Select this app to be a "SAML" app and enter your ACS URL and Entity ID from step 1.5 and leave the "Relay State" input empty.
In Organization's Applications overview, click on the newly created freshworks app. You will see all the details about this app.
Click on "Users" and assign this app to yourself. You will need this in order to test whether SAML is working correctly for Freshworks.
Click on the "SAML Configurations" tab. On the right side you will find the button "SAML Metadata". Keep this page open, you will need these values once you configure the SAML settings in Freshworks.
Step 3: Set up SAML in freshworks
When back on freshworks input some values from SAML Metadate (step 2.7).
For "Entity ID provided by the IdP" use "Issuer (IDP Entity ID)".
For "SAML SSO URL" use "Sign-in Page URL".
For "Signing Options" select "Only Signed Response".
For "Security certificate" paste "Identity Provider Certificate".
Click Save.
After SAML information was saved, turn on Single Sign-on.
Test:
You can now test the login from Teamstack to freshworks. You need to have freshworks assigned to yourself in Teamstack and have a user in freshworks with the same email address as your Teamstack email address. To test the connection, do the following:
Open a new incognito window.
Log into Teamstack.
Click on the freshworks app on your dashboard.
You will be redirected to freshworks and will be logged in without the need to enter a password at freshworks.
(SP) initiated Single Sign-On
Users can also log in by directly going to the following link:
https://{{yourTeamName}}.freshworks.com