You may want to authorize users or agents with credentials from a web-based service that your company has developed: your intranet/extranet, or an app or service you provide.
The way to implement this is using Deskpro’s support for JSON Web Token (JWT) authentication.
JWT is a token-based method of securely transferring authentication claims between two servers: in our case, a claim that your system has approved the user and they should be allowed access to Deskpro. The claim is encoded in a compact token. The token is cryptographically signed, so Deskpro knows the claim is genuine. It doesn’t contain the user’s password, just a confirmation of their identity and for how long the claim is valid.
To set up JWT, you install the Deskpro JWT authentication app, and provide it with the URL of a page that can tell Deskpro if the user is authenticated.
If you are using Deskpro On-Premise, it’s important that you enable SSL on your helpdesk before installing the JWT app.
JWT is a fairly straightforward method to implement, with libraries available in the major web development languages.
When Deskpro verifies a user/agent with JWT, the sequence of events is as follows:
We suggest you consult jwt.io for links to JWT libraries and information, including a debugging tool.
There is PHP example code available on our GitHub repository showing a working example implementation.
The JWT token must include the following claims:
For security, you should also include these claims as per the JWT specification:
Once you have implemented JWT:
Install and enable the Deskpro JWT app from Agents > Auth & SSO or CRM > Auth & SSO, depending on whether you want to authenticate agents or users.
Enter the Remote Login URL where you service will authenticate users.
Enter the JWT Secret Code: this is an arbitrary secret you use to encode your JWT tokens. It must match between your tokens and the JWT auth app.
Configure the Authentication and SSO. You need to specify an Agent Logout Redirect URL where the agent is sent when they log out.
Click Save and then Test Settings to check that your implementation is working.
When configuring the remote login URL, you can specify which page users are returned to after they authenticate. By default, users will be returned to your Deskpro home page. You are able to change this by appending the Remote login URL with some return information.
The above example would redirect users authenticated through JWT to the new ticket submission page.