You are able to use Azure AD (Active Directory) as an Identity Provider (IdP) to log users and agents into Deskpro. We will use the SAML setup instructions, which will assist to set up this integration.
You will require Global Administrator access to your Azure Active Directory platform to complete this set up. This is something your IT provider/administrator will have.
The name you define here is arbitrary and does not affect functionality. It can be anything you choose, in this example I have gone for
"Deskpro SAML Login" for simplicity.
It may take a minute of so for the app creation to complete.
You will be asked for some configuration options. You will now need to jump over to your Deskpro admin area, and create a SAML connector using the SAML setup information.
|SSO: Single Sign On URL||Login URL||Yes|
|SLO: Single Log Off URL||Logout URL||No (Recommended)|
|Metadata: Issuer XML metadata URL||App Federation Metadata URL||Yes|
|X509 Certificate||Certificate (Base64)||Yes|
|X509 Certificate Fingerprint||Thumbprint||No (Recommended)|
|Custom Metadata XML||Federation Metadata XML||Yes|
Certificatewill download as a
.cerfile. This is fine to upload into Deskpro.
Federation Metadata XMLwill download as a
.xmlfile. You will need to open this in a text editor (e.g Notepad) and copy the contents into Deskpro.
Sign Authentication Requestcan be left blank.
Name ID Formatcan be left as default. This would usually be
It is up to you whether you want to go for Automatic or Disabled SSO.
If you are not sure, we would recommend Disabled mode, and specifying a Login Button Text - this can be any text you desire, in this example I will use Azure Login. This can be changed later.
When all the data is populated in the Deskpro Application, press "Install App"
After the SAML app completes loading, it will give a "SAML Authentication has been installed successfully." message. Press Continue.
|Metadata URL (Entity ID)||Identifier (Entity ID)||Yes|
|Consumer Service URL (ACS)||Reply URL (Assertion Consumer Service URL)||Yes|
|Single Logout Service URL (SLS)||Logout Url||No|
|Your Deskpro Homepage||Sign on URL||No|
You must allow your users to make use of this application by setting correct user/group policies. Otherwise you may hit an error like so:
AADSTS50105: The signed in user 'firstname.lastname@example.org' is not assigned to a role for the application '36ec2a82-1328-4549-84d5-e84567649900'(Deskpro SAML Login).
You are able to add permissions for any group of users, and specific users to the new azure app you have created. You will need to add to navigate to "Users and Groups" and press Add User
Navigate through your account to find the staff you would like to associate with the app. You may want to allow different groups, which is certainly possible. Here we have a Support Staff group.
Any users in that group will now be allowed access to the system.