Our OneLogin SSO integration allows you to effectively manage access to your Helpshift Dashboard using a secure and scalable identity management system. The benefits of using OneLogin SSO include:
- Ease of access: no need to manually type in, renew, or worry about weak login credentials causing security issues
- Prevent common weak points in the authentication experience, including username/password login and password reset requests
- Quickly and easily block credentials for a team member who is no longer part of your support organization
Prior to completing this guide, you’ll need to have already signed up for OneLogin. Please note: only Helpshift Admins can complete the steps at the end of this guide where OneLogin is configured in your Helpshift Dashboard.
Integrate the Helpshift Connector
To integrate the Helpshift Connector, first login to your OneLogin account. From there, click on Apps > Add Apps. On the page that appears, search for and add the Helpshift Connector. You can add the Connector by clicking on it. Once the app is added, navigate to the Parameters tab. Click on the ‘Helpshift Domain’ field and choose the ‘Macro’ value in the drop-down that appears. Enter your Helpshift Domain in the text area, then click ‘Save’. Next, navigate to Users -> All Users. On the page that appears, click on the User for which the Helpshift Connector must be enabled. On the page that appears, navigate to the Applications tab. On this page, click the + symbol on the right side to add the new app, thus adding the connector. If needed, click on the user as listed on the Applications page to configure user-specific settings. The domain should always be constant.
Enable OneLogin SSO from the Dashboard
Now that you’ve integrated the Helpshift Connector app, you’ll be able to enable OneLogin SSO from the Admin Dashboard. Within OneLogin, navigate to Apps > Company Apps. On this page, click on the Helpshift app. On the page that appears, navigate to the SSO tab. There are three pieces of information that need to be fetched from this page: The X.509 Certificate, the SAML 2.0 Endpoint URL, and the Issuer URL. These need to be pasted into the OneLogin SSO Configuration uploader in the Integrations page. Click ‘View Details’ on the X.509 certificate to open up the full certificate details. The text of the X.509 Certificate that is between the “—- Begin Certificate —-” and “—- End Certificate —” markers should be copied. Back on the SSO page, the SAML 2.0 Endpoint URL and Issuer URL look like this and can be copied using the ‘copy’ button: Once you’ve copied these items, navigate to your Helpshift Dashboard, then click Settings > Integrations. Scroll down to the Single Sign-On (SAML – SSO) section, and click on the toggle to enable it. In the ‘Identity Provider’ (IdP) drop-down, select ‘OneLogin’. Copy-paste the X.509 Certificate, SAML 2.0 Endpoint URL, and the Issuer URL using the OneLogin SSO Configuration updater. Enable the ‘ Disable Login through Email and Password’ option for all your agents by clicking on the toggle. It disables the other login methods except for the SSO login. Note: When you turn on the Disable Login through Email and Password toggle, it deletes all the non-SSO credentials from Helpshift for the security purpose. Also, check if SSO login is working properly and then only, turn on the Disable Login through Email and Password toggle. Enable the toggle in the top right, then click the ‘Apply Changes’ button to save your SSO Configuration. A OneLogin button will now be visible on the Login Page. To set up additional features and learn more about Helpshift best practices, please review our Knowledge Base.