Skip to main content

Understanding SSO options

Authentication and SSO

If you are using OneLogin, Okta, SAML or JWT authentication, there are two options for how SSO can work on your helpdesk:

  • Disabled: no SSO. The user/agent still sees the Deskpro login form. Optionally, you can show a button to sign in with the identity service.


  • Automatic: the user/agent never sees the Deskpro login form. They are automatically redirected to sign in to the identity service. When they log out of Deskpro, they are logged out of the identity service and sent to the service’s logout screen. If you enable this, all your users/agents must have an account on the service to be able to use the helpdesk.


If you enable the Automatic SSO option on the portal, users will not be able to see portal content without signing in with the relevant identity service. Enabling this will override any permissions granted to the Everyone usergroup.

Note that you can only enable SSO for one user authentication app and one agent authentication app at a time. If you enable SSO for a different app, the previous app’s SSO will be set to Disabled.

When you have open registration configured on your helpdesk, if a person visits through an external userssource or SSO, their account will automatically be created in the Deskpro CRM as the user logs in. The CRM will capture basic info (name, email) to create the account.

Authors list

First published: 24/03/2017

Last updated: Jul 17, 2019 by Hugo Pinto