Skip to main content

Integrate SSO and sync users to DeskDay

SSO Configuration technical guide

Jobin Johny avatar
Written by Jobin Johny
Updated over 3 weeks ago

DeskDay supports secure Single Sign-On (SSO) using OpenID Connect (OIDC) and SAML.
You can integrate any identity provider that supports OIDC, including:

  • Microsoft 365 (Azure Entra ID)

  • Google Workspace

  • Okta

  • JumpCloud

  • Auth0

  • And other OIDC-compatible providers

This document explains how to set up SSO in Azure and Google and sync users into DeskDay.

Understanding DeskDay SSO with OIDC

To integrate an identity provider, you will need:

  • Client ID

  • Client Secret

  • Issuer URL (well-known OIDC metadata endpoint)

  • Redirect URL provided by DeskDay

  • An identity provider that supports OIDC authentication flows

Once configured, DeskDay uses the provider to authenticate users and sync users.

Microsoft 365 (Azure Entra ID) Integration

Step 1: Add a New OIDC SSO Configuration in DeskDay

  1. In the DeskDay Portal → Customers, select your company or customer account.

  2. Select SSO+

  3. Enter the domain.

Prepare to enter:

  • Client ID

  • OpenID Connect metadata document URL

  • Client Secret

  • Redirect URLs (from DeskDay)

Step 1: Create an App Registration in Azure Entra

  1. Go to Azure Portal → App registrations.

  2. Click New registration.

  3. Name it (e.g., DeskDay).

  4. Select Supported account types to:
    Accounts in this organizational directory only

  5. Register the application.

After registration:

Copy the Application (client) ID from the overview page.

Copy the OpenID Connect metadata document

  1. Select Endpoints.

  2. Copy the OpenID Connect metadata document URL

Step 2: Create a Client Secret

  1. Select Add a certificate or secret.

  2. Select New secret.

  3. Choose a name (e.g., DeskDay SSO secret) and expiry period ( 180 days or 365 days).

  4. Copy the Secret Value.

Step 3: Add values to the DeskDay SSO screen

  1. Application (client) ID

  2. OpenID Connect metadata document

  3. Secret Value

  4. Expiry Date

Select Next.

Step 4: Add Redirect URL

  1. Copy the Redirect URL.

2. Go to Azure portal → Authentication → Add a platform → Web.

3. Add the Redirect URI

4. Click Configure to complete the SSO configuration.

Step 5: User Provisioning and Access Behavior

User Access

End-user accounts are automatically provisioned

  • Account creation happens on the first successful SSO login

As long as the user’s email domain matches the SSO configuration, DeskDay will automatically create the end-user account.

Technician Access

Before a technician can sign in using SSO:

  • The technician must be added to DeskDay as a resource

  • Go to Control Center → Resources

  • Create or invite the technician with the correct email address

  • The email domain must match the configured SSO domain

Technicians who are not added under Resources will not be able to log in, even if SSO is enabled.

SAML SSO configuration in DeskDay

DeskDay supports SAML 2.0–based single sign-on (SSO) for customers. Follow the steps below to configure SAML SSO using Microsoft Entra ID (Azure AD).

Step 1: Configure SAML in DeskDay

  1. Open the DeskDay portal

  2. Go to Customers and select your company or customer account

  3. Select SSO integration

  4. Under Configure your IDP, select SAML

  5. Enter or select the Domain name

  6. Click Next

Step 2: Configure in the identity provider (IDP)

DeskDay will display the SAML details required to configure your identity provider.

Use the following values when setting up the SAML application in Entra ID:

  • Audience URL (identifier / entity ID)

  • Assertion consumer service URL (Reply URL)

These values are generated by DeskDay and must be copied exactly into Entra ID.

Step 3: Create a SAML enterprise application in Microsoft Entra ID

  1. Go to Azure portal → Enterprise applications

  2. Click New application

  3. Select Create your own application

  4. Enter the application name (e.g., DeskDay SAML SSO)

  5. Choose: Integrate any other application you don’t find in the gallery (Non-gallery)

  6. Click Create


Step 4: Configure single sign-on (SAML) in Entra ID

  1. Open the newly created enterprise application

  2. Go to Single sign-on

  3. Select SAML as the sign-on method

Step 5: Copy DeskDay values into Entra ID

In Basic SAML configuration in Entra ID:

Entra ID field

Value from DeskDay

Identifier (Entity ID)

Audience URL (identifier/entity ID)

Reply URL (Assertion Consumer Service URL)

Assertion Consumer Service URL

Save the configuration.

Step 6: Configure metadata in DeskDay

In Entra ID:

  • Go to Single sign-on → SAML certificates

  • Copy the App federation metadata URL

    or

  • Download Federation metadata XML

Back in DeskDay, choose one of the following options:

Option 1: Add metadata URL (recommended)

  • Select Add metadata URL manually

  • Paste the App federation metadata URL

  • Save

Option 2: Upload metadata XML

  • Select Federation metadata XML file

  • Upload the downloaded XML file to DeskDay

Step 7: Complete setup

Once metadata is added:

  • DeskDay validates the SAML configuration

  • The domain is converted to an SSO-enabled domain

  • Users under this domain will authenticate via Entra ID when they log in to IT-Connect or send an email to a mailbox configured in DeskDay.

Google Workspace Integration

Step 1: Set Up the OAuth Consent Screen in Google Cloud

  1. Go to Google Cloud Console.

  2. Select or create a Google Cloud Project.

  3. Navigate to: APIs & Services → OAuth consent screen.

  4. Select Overview → Get started.

  5. Follow the steps and complete. Make sure to select the audience type as "Internal".

Step 2: Create a new OAuth credential

  1. Go to Clients → Create Client.

  2. Select Application type: Web application.

  3. Name it (e.g., DeskDay) and create.

  4. Copy the Client ID and Client Secret.

Step 3: Add values to the DeskDay SSO screen

  1. In the DeskDay Portal → Customers, open your company or customer account.

  2. Select SSO+

Enter

  1. Domain

  2. Application (client) ID ( copied from Google )

  3. OpenID Connect metadata document (https://accounts.google.com)

  4. Secret Value ( copied from Google )

Click Next

Step 4: Add Redirect URL

Copy the Redirect URL.

  1. Go to Google Cloud Console.

  2. Clients Select the Credential.

  3. Add the Redirect URL and Save to complete the SSO configuration.

    Step 5: User Provisioning and Access Behavior

    User Access

    End-user accounts are automatically provisioned

    • Account creation happens on the first successful SSO login

    As long as the user’s email domain matches the SSO configuration, DeskDay will automatically create the end-user account.

    Technician Access

    Before a technician can sign in using SSO:

    • The technician must be added to DeskDay as a resource

    • Go to Control Center → Resources

    • Create or invite the technician with the correct email address

    • The email domain must match the configured SSO domain

    Technicians who are not added under Resources will not be able to log in, even if SSO is enabled.

Did this answer your question?