You are able to use Microsoft Entra (formerly Azure Active Directory) as an Identity Provider (IdP) to log Users and Agents into Deskpro using the SAML protocol.
Creating the SAML application
Throughout this guide, you will need to interact back and forth with both Deskpro and Microsoft Entra. We recommend having both configuration pages open in separate tabs as you will need to switch between them often.
Creating this application within Microsoft Entra requires Global Administrator rights on your Microsoft365 account.
In Microsoft Entra
Either go to your Microsoft365 Admin Center, then select Identity from your Admin centers, or visit the Microsoft Entra admin center directly. 
From here, select Applications, then Enterprise applications. 
In the Enterprise Applications page, select + New application, then + Create your own application.
Enter an identifiable name for your application, then select Non-Gallery from the radio buttons and click Create 
In the new application, select Single sign-on, and select SAML as your single sign-on method.
In Deskpro
Go to Admin > Agents > Auth & SSO for Agents, or Admin > CRM > User Auth & SSO for Users.
Scroll down to Add Authentication and select SAML Authentication from the available apps. 
From the Microsoft Entra SAML configuration, copy the following values and paste into their respective fields within Deskpro. 
Entra | Deskpro |
|---|---|
Login URL | Single Sign On URL |
Logout URL | Single Log Off URL |
App Federation Metadata Url | Issuer XML metadata URL |
Scroll to the bottom of the Deskpro SAML configuration and click Add.
Once the app has been created, reopen it by clicking Manage, then scroll down to Configuration Settings. You will need the SAML Details for the next step. 
In Microsoft Entra
In Section 3 of the Microsoft Entra SAML configuration, make a note of the Expiration date of the SAML certificates. This will update after the next step.
Scroll up to Section 1 and click Edit in the top right. From the Deskpro SAML configuration, copy the following values and paste into their respective fields within Microsoft Entra. 
Deskpro | Entra |
|---|---|
Consumer Service URL (ACS) | Reply URL (Assertion Consumer Service URL) |
Single Logout Service URL (SLS) | Logout Url |
Metadata URL (Entity ID) | Identifier (Entity ID) |
Click Save at the top and close the window.
In Section 3 again, check the Expiration date and confirm it has changed. It should be the current date + 3 years. If it still shows the previous date, close and reopen the app.
Download the Certificate (Base64) and in the Deskpro SAML configuration, upload this certificate to the X.509 Certificate field. 
In Deskpro
Add a label to the Login Button Text field, then click Save to save the changes.
Your SAML application should now be configured, and can be enabled by clicking the toggle.
Managing access
By default, you will need to allow users to login via the SAML application. This is handled within the Microsoft Entra application directly.
Select Users and groups, then click + Add user/group. From here, you can add specific users or groups who should have access to your helpdesk through this application.
%20SAML%20Setup%20-%20Deskpro%20Support){kind=small}
Please log in or register to submit a comment.