English

Single Sign-on

What is Single Sign-on?

Single Sign-on (SSO) is a one-step user authentication process. If you are the admin of a HelpDesk account, you can set up SSO with the identity providers (IdP) of your choice. Your technicians can access HelpDesk using the IdP credentials without another password to manage.

How do I set up single sign-on (SSO) with HelpDesk?

Admin of a HelpDesk account can configure SSO to access HelpDesk by signing in to a central identity provider. To set up SSO, you need to first configure your identity provider and then configure your HelpDesk account.

How do I configure my HelpDesk account for SSO?

To configure SSO for your HelpDesk account,

  1. Login to HelpDesk via web browser.
  2. Click user icon the displayed on the top-right corner and click 'My Account'.
  3. Click 'Single Sign-On'.
  4. Enter a name for your SSO profile.
  5. Enter the URLs and add the X.509 certificate received from your IdP.

    Note: X.509 certificate should only be in .pem or .cer format.

  6. Click 'Configure Single Sign-On'.
    RemotePC

You will receive an email when SSO is enabled.

How do I enable SSO for my users?

Admin of HelpDesk accounts can either select SSO for login while inviting technicians to create an account or enable SSO for existing technicians.

To invite technicians to use SSO,

  1. Log in to HelpDesk via web browser.
  2. Go to the 'Technicians' tab and click 'Add'.
    RemotePC
  3. Enter the email address in the 'Email Address' field.
  4. Select group and other preferences for the technician.
  5. Select 'Enable SSO'.

    Note: If you select the checkbox, technicians won't have to set a password for their account.

  6. Click 'Invite Users'.
    RemotePC

To enable SSO for existing technicians,

  1. Login to HelpDesk via web browser and go to the 'Technicians' tab.
  2. Hover on the technician you want to edit and click RemotePC and click ‘Edit’.
    RemotePC
  3. Select 'Enable SSO'.
    RemotePC
  4. Click 'Save Changes'.

Is it possible to delete an SSO profile?

Yes, admins can remove a SSO profile from their account.

To remove SSO profile,

  1. Login to HelpDesk via web browser.
  2. Click the user icon displayed on the top-right corner and click 'My Account'.
  3. Click 'Single Sign-On'.
  4. Click RemotePC corresponding to the SSO profile you wish to delete.
  5. Click'Delete' in the confirmation popup to remove the SSO profile.
    RemotePC

Deleting the SSO profile will remove Single Sign-On for all technicians linked with this profile and they will have to use their registered email and password for login.

How can I disable SSO for a technician?

To disable SSO for a technician,

  1. Login to HelpDesk via web browser and go to the 'Technicians' tab.
  2. Click RemotePC on the technician you want to disable SSO and click ‘Edit’.
  3. Deselect the 'Enable SSO' checkbox.
  4. Click 'Save'.

In case you disable single sign-on for a user, they will need to set a new password for their account. Once done, the user must use their email address and new password to login.

Can I configure my choice of identity provider for SSO?

Yes, you can configure your choice of identity provider for SSO along with a set of parameters as described below:

  • HelpDesk uses SAML2 with the HTTP Redirect binding for HelpDesk to IdP and expects the HTTP Post binding for IdP to HelpDesk.
  • While configuring with SAML, use the following URLs and save the changes.
    1. Audience URL (SP Entity ID):
      https://sso.remotepc.com/helpdesk-api/user/sso/metadata
    2. Single sign on URL:
      https://sso.remotepc.com/helpdesk-api/user/sso/process
  • Your identity provider may ask if you want to sign the SAML assertion, the SAML response, or both.