Configuring SSO

Using Settings UI

SSO settings can be managed on the Security / Authentication page. This page has two tabs - for the agent portal (Agents) and for the help center (Customers).

Agent portal

To enable SSO for agents on the agent portal:

  • Go to the Agents tab of the Security / Authentication page.
  • Choose Single sign-on (JWT) in the Authentication drop-down. This will open new Single sign-on (JWT) section on the page.
  • Fill in the Remote login URL field.
  • Fill in the Remote logout URL field.
  • Generate a shared secret and put it into the Shared SSO secret field. This secret should be at least 32 characters in length.
  • Give a name to the SSO service in the Remote system name field. Use the same name as for customers, if the same SSO service is used for them.
  • Click the Save button.

Help center

To enable SSO for users on the help center:

  • Go to the Customers tab of the Security / Authentication page.
  • Choose Single sign-on (JWT) in the Authentication drop-down. This will open new Single sign-on (JWT) section on the page.
  • Fill in the Remote login URL field.
  • Fill in the Remote logout URL field.
  • Generate a shared secret and put it into the Shared SSO secret field. This secret should be at least 32 characters in length.
  • Give a name to the SSO service in the Remote system name field. Use the same name as for agents, if the same SSO service is used for them.
  • Click the Save button.

The value of the Remote system name field is used as a service name for external ID. The external ID along with the service name become available as the external identifier in the Kayako user account.

Important: Use identical remote system names for agents and customers, if the same SSO service is used for both.

Using Settings API

SSO can also be configured using Settings API.

Here is an example for the agent portal:

curl -X PUT -k https://brewfictus.kayako.com/api/v1/settings \
     -F values[security.agent.authentication_type]=jwt
     -F values[security.agent.sso.jwt.login_url]=https://redmine.brewfictus.com/login \
     -F values[security.agent.sso.jwt.logout_url]=https://redmine.brewfictus.com/logout \
     -F values[security.agent.sso.jwt.shared_secret]=CvGfyjL22NveXRBK7KmKYLQX7g0oVIVy \
     -F values[security.agent.sso.jwt.service_name]=Redmine \
     -u 'jordan.mitchell@brewfictus.com:jmit6#lsXo'

For the help center security.agent needs to be replaced with security.customer.

See also Settings API.