You must have a Business level or higher plan in Freshworks. For more information, see https://support.freshworks.com/support/solutions/articles/237923.

  1. Configure SSO in Freshworks:
    1. Sign on to your Freshworks Admin account homepage and go to the Security tab.
      Screen capture of Freshworks Admin Center with Security highlighted in red on the lefthand panel.
    2. On the Security Settings page, in the Default Login Methods section, click the right arrow.
      Screen capture of Freshworks Security Settings with an expansion arrow highlighted in red.
    3. On the corresponding Login Methods page, click the SSO Login toggle.
      Screen capture of Freshworks Default Login Method page with the SSO Login toggle highlighted in red.

      The Configure SSO panel opens.

    4. On the Configure SSO panel, in the IdP of your choice section, click SAML.
      Screen capture of Configure SSO panel with SAML highlighted in red.
    5. On the Set up SSO with SAML page, in the Map information in IdP section, note the Assertion Consumer Services (ACS) URL and Service Provider (SP) Entity ID values, and click Download Metadata.
      Screen capture of Freshworks Configure SSO panel with Download Metadata highlighted in red.
  2. Configure SSO in PingOne:
    1. In PingOne, go to Connections > Applications.
    2. Click the + icon next to Applications.
      Screen capture of PingOne Applications tab with the Connections icon and plus icon highlighted in red.
      Important:

      You will use the settings displayed on Step 1.e. to begin configuring Freshworks within PingOne.

    3. On the New Application page, click Advanced Configuration.
    4. In the Choose Connection Type list, on the SAML line, click Configure.
      Screen capture of PingOne New Application page with Advanced Configuration and Configure highlighted in red.
    5. In Create App Profile, enter the values for:
      • Application Name (Required)
      • Description (Optional)
      • Icon (Optional)
        Screen capture of Create App Profile section in PingOne.
    6. On the Configure SAML Connection page, in the Provide App Metadata section, click Import Metadata and upload the metadata downloaded previously. Click Import.
      Screen capture of Configure SAML Connection section in PingOne with Import Metadata and Choose File highlighted in red.

      After import, all necessary fields will auto populate except for the Assertion Validity Duration.

    7. In the Assertion Validity Duration field, enter a valid duration value (in seconds), such as 3600.
    8. In the Signing Key section, select Download Signing Certificate and download in the X509 PEM (.crt) format. Make sure that Sign Assertion & Response is selected, then click Save and Continue.
      Screen capture of PingOne SSO Signing Key section with Download Signing Certificate and X509 PEM (.crt) highlighted in red.
    9. On the Attribute Mapping page, enter the values for the following attributes:
      • Email Address = saml_subject
      • givenName
      • LastName
      • mobile
      • phone
      Screen capture of PingOne SAML Attributes section.
    10. Click Save and Close to finalize the creation of the application.
    11. After you create the application, to enable it, click the toggle next to the application.