Agent Single Sign On (SSO) via JWT and SAML 2.0: An Overview
Last Updated -
- Agent SSO via JWT Setup Details
- Agent SSO via SAML 2.0 Setup Details
- Salesforce As SAML SSO Identity Provider
- Business Plan
- An identity provider (a hosted or custom solution) that supports JWT or SAML 2.0.
OverviewDesk.com now supports Agent Single Sign On (SSO) via JWT (JSON Web Token) and SAML 2.0 (Security Assertion Markup Language) to allow your agents to access Desk using a compatible identity provider (IdP). From Wikipedia, benefits of using SSO include:
- Reducing password fatigue from different user name and password combinations.
- Reducing time spent re-entering passwords for the same identity.
- Reducing IT costs due to lower number of IT help desk calls about passwords.
SAML is a XML-based open standard data format for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP) such as Desk.com.
Once you configure your Desk.com site to allow Agent SSO, login requests will be routed to the remote login URL that you’ve specified. The SSO authentication process follows these steps:
Authentication with SSO
- An agent will access your login page at https://yourcompany.desk.com/login/new.
- Depending on how you’ve configured your site, if the user is not already authenticated they will either be redirected to the remote login URL for authentication or will have the option to “Login with X” where X is your Authentication Service Name from the Desk login screen.
- After the user enters their credentials, if using JWT, the IdP should POST to https://yourcompany.desk.com/auth/jwt with the JWT payload. If using SAML, the IdP validates that user’s identity and then constructs a message containing information about that user to send back to Desk at https://yourcompany.desk.com/auth/saml/acs.
- Desk.com then parses the information, does a lookup on the user’s email address and logs the user in. Great success!
Setting up Agent SSO
For more information on how to setup SSO via JWT or SAML, please see these detailed articles: