If you are using OneLogin, Okta, SAML or JWT authentication, there are three options for how SSO can work on your helpdesk:
Disabled: no SSO. The user/agent still sees the Deskpro login form. Optionally, you can show a button to sign in with the identity service.
Background: the user/agent will see the Deskpro login form if they are not signed in (with optional button as with Disabled). If they visit your helpdesk when they are already signed in to the identity service, they will automatically be logged in to Deskpro.
Automatic: the user/agent never sees the Deskpro login form. They are automatically redirected to sign in to the identity service. When they log out of Deskpro, they are logged out of the identity service and sent to the service’s logout screen. If you enable this, all your users/agents must have an account on the service to be able to use the helpdesk.
If you enable the Automatic SSO option on the portal, users will not be able to see portal content without signing in with the relevant identity service. Enabling this will override any permissions granted to the Everyone usergroup.
Note that you can only enable SSO (whether Background or Automatic) for one user authentication app and one agent authentication app at a time. If you enable SSO for a different app, the previous app’s SSO will be set to Disabled.
When you have open registration configured on your helpdesk, if a person visits through an external userssource or SSO, their account will automatically be created in the Deskpro CRM as the user logs in. The CRM will capture basic info (name, email) to create the account.