You must have a Business level or higher plan in Freshworks. For more information, see https://support.freshworks.com/support/solutions/articles/237923.

  1. Configure SSO in Freshworks:
    1. Sign on to your Freshworks Admin account homepage and go to the Security tab.
      Screen capture of Freshworks Admin Center with Security highlighted in red on the lefthand panel.
    2. On the Security Settings page, in the Default Login Methods section, click the right arrow.
      Screen capture of Freshworks Security Settings with an expansion arrow highlighted in red.
    3. On the corresponding Login Methods page, click the SSO Login toggle.
      Screen capture of Freshworks Default Login Method page with the SSO Login toggle highlighted in red.

      The Configure SSO panel opens.

    4. On the Configure SSO panel, in the IdP of your choice section, click SAML.
      Screen capture of Configure SSO panel with SAML highlighted in red.
    5. On the Set up SSO with SAML page, in the Map information in IdP section, note the Assertion Consumer Services (ACS) URL and Service Provider (SP) Entity ID values, and click Download Metadata.
      Screen capture of Freshworks Configure SSO panel with Download Metadata highlighted in red.
  2. Configure SSO in PingOne:
    1. In PingOne, go to Connections > Applications.
    2. Click the + icon next to Applications.
      Screen capture of PingOne Applications tab with the Connections icon and plus icon highlighted in red.
      Important:

      You will use the settings displayed on Step 1.e. to begin configuring Freshworks within PingOne.

    3. On the New Application page, click Advanced Configuration.
    4. In the Choose Connection Type list, on the SAML line, click Configure.
      Screen capture of PingOne New Application page with Advanced Configuration and Configure highlighted in red.
    5. In Create App Profile, enter the values for:
      • Application Name (Required)
      • Description (Optional)
      • Icon (Optional)Screen capture of Create App Profile section in PingOne.
    6. On the Configure SAML Connection page, in the Provide App Metadata section, click Import Metadata and upload the metadata downloaded previously. Click Import.
      Screen capture of Configure SAML Connection section in PingOne with Import Metadata and Choose File highlighted in red.

      After import, all necessary fields will auto populate except for the Assertion Validity Duration.

    7. In the Assertion Validity Duration field, enter a valid duration value (in seconds), such as 3600.
    8. In the Signing Key section, select Download Signing Certificate and download in the X509 PEM (.crt) format. Make sure that Sign Assertion & Response is selected, then click Save and Continue.
      Screen capture of PingOne SSO Signing Key section with Download Signing Certificate and X509 PEM (.crt) highlighted in red.
    9. On the Attribute Mapping page, enter the values for the following attributes:
      • Email Address = saml_subject
      • givenName
      • LastName
      • mobile
      • phone
      Screen capture of PingOne SAML Attributes section.
    10. Click Save and Close to finalize the creation of the application.
    11. After you create the application, to enable it, click the toggle next to the application.
      Screen capture of PingOne applications with the slider next to Freshworks highlighted.
    12. Select Configuration and copy the following values for later use.
      • Issuer ID
      • Single Logout Service (Optional)
      • Single SignOn ServiceScreen capture of Freshworks Configuration with the fields for Issuer ID, Single Logout Service, and Single Sign-on Service highlighted in red.
  3. Integrate SAML SSO with Freshworks and PingOne:
    1. In Freshworks, go to Set up SSO with SAML and paste the information from the previous step into the below locations:
      • Entity ID provided by the IdP = the Issuer ID value from PingOne
      • SAML SSO URL = the Single SignOn Service value from PingOne
      • Logout URL = the Single Logout Service value from PingOne (Optional)
      Screen capture of Freshworks Map information from IdP section.
    2. Upload the X509 certificate that you downloaded previously. Open the downloaded file with a text editor and copy and paste the certificate into the Security certificate field, then select Configure SSO.
      Note:

      You must include the BEGIN CERTIFICATE and END CERTIFICATE text as part of the certificate upload.

      Screen capture of Security certificate section with Configure SSO highlighted in red.
    3. Sign out of your Freshworks account, then click the Sign in with SSO to sign on.

      You’re proxied into your account, finalizing the configuration.

      Screen capture of Freshworks login.
  4. Test the integration:

    After creating your integration, you must test it. Before testing the integration, you must create and assign identities in PingOne. If you’ve already assigned identities and groups in PingOne, start at step 4k.

    1. In PingOne, go to Identities > Groups and click the + icon next to Groups.
      Screen capture of PingOne Groups section with the Group icon and plus icon highlighted in red.
    2. On the Create New Group page, enter values for the following:
      • Group Name (Required)
      • Description (Optional)
      • Population (Optional)
    3. Click Finish & Save.
      Screen capture of PingOne Create New Group section.
    4. To add identities to the group, on the Identities tab, go to Users > + Add User.
      Screen capture of PingOne Users section with + Add User highlighted in red.
    5. On the Add User page, enter in all the necessary information for a user.
      Important:

      Verify that the first name, last name, and email address are correct, as these are values passed in the SAML assertion.

    6. Click Save.
    7. Assign the user that you created to the group that you created previously. Locate the user you created and:
      1. Expand the section for the user.
      2. Select the Groups tab.
      3. Click + Add.Screen capture of PingOne user settings with + Add and Groups highlighted in red.
    8. In the Available Groups section, select the group that you created and click the + icon to add it to the user’s group memberships. Click Save.
      Screen capture of PingOne Admin groups plus icon highlighted in red.
    9. On the Connections tab, for the Freshworks application:
      1. Click the Access tab.
      2. Click the Pencil icon to edit the configuration.Screen capture of Freshworks settins in PingOne with the Access tab and pencil icon highlighted in red.
    10. Select the group that you created and add it to the Applied Groups section. Click Save.
      Screen capture of Freshworks application in PingOne with the plus icon next to the Admin group highighted in red.

      You're now ready to test the integration.

    11. In the PingOne admin console, go to Dashboard > Environment Properties.
    12. Right-click on the Application Portal URL and open it in a private browser session.
      Screen capture of PingOne Environment Properties with the Application Portal URL highlighted in red, as well as Open Link in Incognito Window.
    13. Sign on as the test user that you created and click the Freshworks tile.

      You’re signed on to the user’s Freshworks account using SSO and testing is complete.Screen capture of PingOne dock with Freshworks application highlighted in red.