Single Sign-on (SSO) is a one-step user authentication process. If you are the admin of a HelpDesk account, you can set up SSO with the identity providers (IdP) of your choice. Your technicians can access HelpDesk using the IdP credentials without another password to manage.
Admin of a HelpDesk account can configure SSO to access HelpDesk by signing in to a central identity provider. To set up SSO, you need to first configure your identity provider and then configure your HelpDesk account.
To configure SSO for your HelpDesk account,
- Login to HelpDesk via web browser.
- Click the username displayed on the top-right corner and click 'My Account'.
- Click 'Single Sign-On'.
- Enter a name for your SSO profile.
- Enter the URLs and add the X.509 certificate received from your IdP.
Note: X.509 certificate should only be in .pem or .cer format. - Click 'Configure Single Sign-On'.
You will receive an email when SSO is enabled.
Admin of HelpDesk accounts can either select SSO for login while inviting technicians to create an account or enable SSO for existing technicians.
To invite technicians to use SSO,
- Log in to HelpDesk via web browser.
- Go to the 'Technicians' tab and click 'Add'.
- Enter the email address in the 'Email Address' field.
- Select group and other preferences for the technician.
- Select 'Enable SSO'.
Note: If you select the checkbox, technicians won't have to set a password for their account.
- Click 'Invite'.
To enable SSO for existing technicians,
- Login to HelpDesk via web browser and go to the 'Technicians' tab.
- Hover on the technician you want to edit and click
. - Select 'Enable SSO'.
- Click 'Save'.
Yes, admins can remove a SSO profile from their account.
To remove SSO profile,
- Login to HelpDesk via web browser.
- Click the username displayed on the top-right corner and click 'My Account'.
- Click 'Single Sign-On'.
- Click
corresponding to the SSO profile you wish to delete. - Click'Delete' in the confirmation popup to remove the SSO profile.
Deleting the SSO profile will remove Single Sign-On for all technicians linked with this profile and they will have to use their registered email and password for login.
To disable SSO for a technician,
- Login to HelpDesk via web browser and go to the 'Technicians' tab.
- Hover on the technician you want to edit and click .
- Deselect the 'Enable SSO' checkbox.
- Click 'Save'.
In case you disable single sign-on for a user, they will need to set a new password for their account. Once done, the user must use their email address and new password to login.
Yes, you can configure your own identity provider for SSO along with a set of parameters as described below:
- HelpDesk uses SAML2 with the HTTP Redirect binding for HelpDesk to IdP and expects the HTTP Post binding for IdP to HelpDesk.
- While configuring with SAML, use the following URLs and save the changes.
- Single sign on URL:
https://www.remotepc.com/rpchd/sso/process - Audience URL (SP Entity ID):
https://www.remotepc.com/rpchd/sso/metadata
- Single sign on URL:
- Your identity provider may ask if you want to sign the SAML assertion, the SAML response, or both.
To login in to SSO enabled account via desktop,
- Click 'Single Sign-On (SSO)' on the login screen.
- Enter 'Email Address' and click 'Login'. You will be redirected to IdP web login page.
- Enter the username and password registered with IdP, when prompted to enter credentials.
Upon successful validation of identity, you will be prompted to go back to the desktop application and you can now continue using your HelpDesk account.
To sign in to SSO enabled account via desktop,
- Click 'Single Sign-On (SSO)' on the login screen.
- Enter 'Email Address' and click 'Login'. You will be redirected to IdP web sign in page.
- Enter the username and password registered with IdP, when prompted to enter credentials.
Upon successful validation of user identity, you will be prompted to go back to the desktop application and you can now continue using your HelpDesk account.