Skip to main content
← Documentation

Single Sign-On (SSO)

Single Sign-On (SSO)

AgentDesk supports single sign-on through OpenID Connect (OIDC), allowing your users to sign in using your company's identity provider (such as Okta, Azure AD, or Google Workspace).

How SSO works

Instead of entering a separate email and password for AgentDesk, users click Sign in with SSO on the login page and authenticate through your company's identity provider. Once authenticated, they are signed into the portal automatically.

Setting up SSO

Step 1: Create an SSO connection

  1. Go to Admin > Settings > Single Sign-On.
  2. Click Add Connection.
  3. Fill in the details from your identity provider:
    • Display Name -- A friendly name for this connection (for example, "Company Okta")
    • Issuer URL -- The URL provided by your identity provider
    • Client ID -- The OAuth client ID from your identity provider
    • Client Secret -- The OAuth client secret from your identity provider
    • Scopes -- Usually the defaults are fine (openid email profile)
  4. Click Test Connection to verify it works.
  5. Click Save.

Your identity provider will need the Redirect URI shown on the form. Copy this and add it to your identity provider's application settings.

Step 2: Enable SSO on a portal

SSO is configured per portal, so different portals can have different authentication requirements.

  1. Go to Admin > Portals > [your portal] > SSO.
  2. Toggle Enabled to allow SSO login.
  3. Select the SSO connection you created.
  4. Optionally toggle Enforce to require SSO (this disables password login for the portal).
  5. Click Save.

SSO enforcement

SettingWhat happens
SSO enabled, not enforcedUsers can sign in with either SSO or email/password
SSO enabled and enforcedUsers must sign in through SSO; the password login fields are hidden

Supported identity providers

AgentDesk works with any OIDC-compatible identity provider, including:

  • Okta
  • Azure AD (Microsoft Entra ID)
  • Google Workspace
  • Auth0
  • OneLogin
  • And other OIDC-compliant providers

Troubleshooting

SSO test connection fails

  • Verify the Issuer URL is correct and does not have a trailing slash
  • Confirm the Client ID and Client Secret match what is configured in your identity provider
  • Check that the identity provider's application is active

Users cannot sign in with SSO

  • Verify the portal has SSO enabled and a connection selected
  • Check that the Redirect URI in your identity provider matches exactly
  • Ensure the user's email in the identity provider matches an approved domain for the portal

Redirect loop after signing in

  • Verify the Redirect URI matches exactly between AgentDesk and your identity provider
  • Check that the correct SSO connection is selected for the portal