1Kosmos integrates with Freshdesk as a SAML 2.0 identity provider, replacing password-based login with biometric authentication for support agents and Freshworks account users.
Integration type
SSO
Updated
Overview
1Kosmos integrates with Freshdesk as a SAML 2.0 identity provider through the Freshworks Neo Admin Center, enabling support agents and administrators to log in using biometric authentication via the 1Kosmos mobile app. The SSO configuration applies across the Freshworks product suite (Freshdesk, Freshservice, Freshchat, and others) from a single configuration point in the Freshworks Security settings.
The SAML configuration path is: Freshdesk Admin → Account → Security → Configure Freshworks SSO, where SSO Login is toggled on and SAML is selected as the identity provider type. The Freshworks admin console displays the ACS URL and SP Entity ID values needed for AdminX. The ACS URL follows the pattern https://[domain].freshdesk.com/login/saml.
Prerequisites
Active 1Kosmos tenant: Administrator access to the AdminX portal. Contact 1kosmos.com/contact if not yet provisioned.
Freshdesk administrator access: Admin rights to the Freshdesk portal, including access to Account → Security settings.
Agent accounts provisioned: Support agents must have existing Freshdesk accounts before they can authenticate through SSO. Requestors (customers) can be auto-provisioned on first SSO login.
1Kosmos mobile app installed: Users must have the app on iOS or Android with biometrics enrolled before testing.
Configuration values
Values to collect from 1Kosmos AdminX (IdP) for Freshdesk:
Field | Where to find it |
|---|---|
Entity ID provided by the IdP | AdminX → Settings → IdP Configuration → Core Configuration |
SAML SSO URL | AdminX → Settings → IdP Configuration → Single SignOn Service URL |
Security Certificate (X.509) | AdminX → Settings → IdP Configuration → View Certificate → Public Key |
Values to collect from Freshdesk (SP) for AdminX:
Field | Where to find it |
|---|---|
ACS URL | Freshworks Neo Admin Center → Security → SAML SSO → Assertion Consumer Service (ACS) URL |
SP Entity ID | Same page → Service Provider (SP) Entity ID URL |
Integration steps
Step 1: Access Freshdesk SSO settings
Log in to your Freshdesk portal as an administrator and click the Admin icon.
Scroll to the Account section and select Security.
Click Configure Freshworks SSO. You will be redirected to the Freshworks Neo Admin Center Security Settings page.
Toggle on SSO Login. If you have previously configured SSO, click + Add another SSO.
Under the IdP of your choice section, click SAML to configure a SAML-based identity provider.
Copy the Assertion Consumer Service (ACS) URL and Service Provider (SP) Entity ID displayed on the screen. You will need these for AdminX.
Step 2: Add Freshdesk as a SAML application in AdminX
Log in to the AdminX portal and navigate to Applications → Add Application.
Scroll to Custom App, select SAML 2.0 Generic, and click Add integration.
Enter "Freshdesk" as the Application Name, set Instance to Production, and enter your Freshdesk URL (https://[domain].freshdesk.com) as the Application Access URL. Click Next.
Set NameID Format to
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressand NameID Value toemail. Add claims foremail(Username),firstname(FirstName), andlastname(LastName). Click Next.Enter the Freshdesk SP Entity ID and ACS URL. Enable Assertion signing and click Save.
Step 3: Enter 1Kosmos IdP details in Freshdesk
Return to the Freshworks Neo Admin Center SAML configuration screen.
In the Entity ID Provided by the IdP field, paste the 1Kosmos IdP Entity ID.
In the SAML SSO URL field, paste the 1Kosmos SSO Login URL.
Under Signing Options, select Only Signed Assertions (or match to your AdminX signing configuration).
Paste the 1Kosmos X.509 certificate content into the Security Certificate text box.
Click Save.
Step 4: Test the integration
Open an incognito browser, navigate to your Freshdesk login page, and click the SSO option (or use the SSO login URL provided in the Freshdesk settings).
Confirm you are redirected to 1Kosmos. Authenticate biometrically using the 1Kosmos mobile app.
Confirm you are returned to Freshdesk as an authenticated agent.
Attribute mappings
Source (1Kosmos) | Target (Freshdesk) | Description |
|---|---|---|
user.email | email / NameID | Primary identifier; must match the Freshdesk agent email |
user.firstName | FirstName | Agent first name (case-sensitive) |
user.lastName | LastName | Agent last name (case-sensitive) |
Integration notes
Freshdesk's SAML attribute names for first name and last name are case-sensitive. The attributes must be sent as FirstName and LastName exactly as shown; lowercase variants will not map correctly. Agents must have existing Freshdesk accounts before SSO can be used for them.
Requestors (customer contacts) can be auto-provisioned on their first SSO login. The RelayState parameter can optionally be configured to redirect users to a specific Freshdesk URL after successful authentication from the identity provider.
