Single Sign-on
Single Sign-on (SSO) is a one-step user authentication process. If you are the admin of a HelpDesk account, you can set up SSO with the identity providers (IdP) of your choice. Your technicians can access HelpDesk using the IdP credentials without another password to manage.
Admin of a HelpDesk account can configure SSO to access HelpDesk by signing in to a central identity provider. To set up SSO, you need to first configure your identity provider and then configure your HelpDesk account.
To configure SSO for your HelpDesk account,
- Login to HelpDesk via web browser.
- Click user icon the displayed on the top-right corner and click 'My Account'.
- Click 'Single Sign-On'.
- Enter a name for your SSO profile.
-
Enter the URLs and add the X.509 certificate received from your IdP.
Note: X.509 certificate should only be in .pem or .cer format.
-
Click 'Configure Single Sign-On'.
You will receive an email when SSO is enabled.
Admin of HelpDesk accounts can either select SSO for login while inviting technicians to create an account or enable SSO for existing technicians.
To invite technicians to use SSO,
- Log in to HelpDesk via web browser.
-
Go to the 'Technicians' tab and click 'Add'.
- Enter the email address in the 'Email Address' field.
- Select group and other preferences for the technician.
-
Select 'Enable SSO'.
Note: If you select the checkbox, technicians won't have to set a password for their account.
-
Click 'Invite Users'.
To enable SSO for existing technicians,
- Login to HelpDesk via web browser and go to the 'Technicians' tab.
-
Hover on the technician you want to edit and click and click ‘Edit’.
-
Select 'Enable SSO'.
- Click 'Save Changes'.
Yes, admins can remove a SSO profile from their account.
To remove SSO profile,
- Login to HelpDesk via web browser.
- Click the user icon displayed on the top-right corner and click 'My Account'.
- Click 'Single Sign-On'.
- Click corresponding to the SSO profile you wish to delete.
-
Click'Delete' in the confirmation popup to remove the SSO profile.
Deleting the SSO profile will remove Single Sign-On for all technicians linked with this profile and they will have to use their registered email and password for login.
To disable SSO for a technician,
- Login to HelpDesk via web browser and go to the 'Technicians' tab.
- Click on the technician you want to disable SSO and click ‘Edit’.
- Deselect the 'Enable SSO' checkbox.
- Click 'Save'.
In case you disable single sign-on for a user, they will need to set a new password for their account. Once done, the user must use their email address and new password to login.
Yes, you can configure your choice of identity provider for SSO along with a set of parameters as described below:
- HelpDesk uses SAML2 with the HTTP Redirect binding for HelpDesk to IdP and expects the HTTP Post binding for IdP to HelpDesk.
-
While configuring with SAML, use the following URLs and save the changes.
- Audience URL (SP Entity ID):
https://sso.remotepc.com/helpdesk-api/user/sso/metadata - Single sign on URL:
https://sso.remotepc.com/helpdesk-api/user/sso/process
- Audience URL (SP Entity ID):
- Your identity provider may ask if you want to sign the SAML assertion, the SAML response, or both.