My Profile
Sign Out
Tickets
Knowledge Base
Login
Category
  2. Getting Started

How to Set Up Single Sign-On (SSO) in BoldDesk

Updated:

In BoldDesk, you can set up Single Sign-On for both the customer portal and agent portal. BoldDesk offers three SSO integration options:

  • OpenID Connect
  • OAuth 2.0
  • JWT

Customer Portal — SSO

Use this section to enable Single Sign‑On for your end‑customer experience in BoldDesk. Customer Portal SSO is brand‑specific—each brand can have its own provider and settings—so always pick the correct brand before turning on OpenID Connect, OAuth 2.0, or JWT. You’ll copy the Redirect/Callback URL shown in the configuration panel and register it in your IdP (for each domain you use—default and custom).

Choose OpenID Connect when your IdP supports OIDC (most modern providers), OAuth 2.0 when you need explicit token/authorization/user info endpoints, and JWT for lightweight, token‑based integrations. The steps that follow are SP‑initiated: users start at the BoldDesk portal, are redirected to your IdP, and return authenticated to the selected brand.

Configure OAuth 2.0 in BoldDesk (Customer Portal)

To use OAuth 2.0, all the above steps are the same except for the endpoints. To get the endpoints, follow these steps:

  1. In BoldDesk, go to Admin → Customer Portal → Login.

    Login_Tab_in_Customer_Portal_Settings_Portal.png

  2. Select the correct brand.
    Customer Portal login settings are applied per brand; pick the brand you want to enable OAuth 2.0 for.

  3. Toggle OAuth 2.0 ON under Single Sign‑On.

  4. Fill in IdP endpoints.
    For OAuth 2.0, the fields differ from OIDC. Enter:

    • Authorization endpoint (use the v2 endpoint where applicable)
    • Token endpoint (use the v2 endpoint where applicable)
    • UserInfo endpoint (the URL your IdP exposes to fetch basic user information)

  5. Click Update to persist the configuration and enable the sign‑in option on your portal.

    OAuth_Configuration_in_Customer_Support_Settings.png

Learn more on How to Set Up BoldDesk with Azure AD Single Sign-On.

Configure OpenID Connect in BoldDesk (Customer Portal)

  1. In BoldDesk, go to Admin → Customer Portal → Login.

  2. Select the correct brand.
    Customer Portal login settings are applied per brand; pick the brand you want to enable OIDC for.

  3. Toggle OpenID Connect ON under Single Sign‑On.

  4. Fill in IdP details.
    BoldDesk requires the core OIDC values from your IdP. Enter:

    • Client ID
    • Client Secret
    • Authority / Issuer OR OIDC endpoints (providers may expose an Authorization endpoint and a Logout endpoint; if your IdP gives a single Authority URL, BoldDesk can derive endpoints from it.)

  5. Click Update to persist the configuration and enable the sign‑in option on your portal.

    OpenID_Connect_Configuration_Page.png

Learn more on How to Set Up BoldDesk with Azure AD Single Sign-On.

Configure JWT in BoldDesk (Customer Portal)

JWT (JSON Web Token)-based Single Sign-On allows users to authenticate once through your organization’s identity provider and gain seamless access to the BoldDesk customer portal—without needing to re-enter credentials.

To configure JWT authentication:

  1. Navigate to Admin → Customer Portal → Login.

  2. Select the correct brand.
    Customer Portal login settings are applied per brand; pick the brand you want to enable JWT for.

  3. Toggle JWT ON under Single Sign‑On.

  4. Fill in JWT settings depending on your organization’s JWT provider flow.

    JWT_Configuration_in_Customer_Support_Settings.png

    Learn more on How to Configure JWT Base Single Sign-On (SSO) in BoldDesk.

  5. Click Update to persist the configuration and enable the sign‑in option on your portal.

  6. After updating, go to your login page, and you will see the login option enabled.

    Customer_Portal_Login_Page_for_BoldDesk.png

Why OAuth 2.0 & OpenID Connect Don’t Support IdP‑Initiated Login

Summary (SP‑initiated only):
BoldDesk does not support IdP‑initiated login for OAuth 2.0 or OIDC. These protocols are built for Service Provider (SP)‑initiated flows—starting from BoldDesk, which then redirects to your IdP. IdP‑initiated login is native to SAML, not OAuth/OIDC. While some platforms attempt OIDC workarounds, they’re not standardized or secure—and BoldDesk does not support them.

SSO Login Redirect URL Configuration Guidelines

  • Multiple Domains: If using both default and custom domains, register callback/redirect URLs for each in your IdP.
  • Single Domain: Register the callback URL only for the domain in use.
  • Failure Warning: Authentication will fail if the callback URL is not registered for the login domain.

Some users can’t complete authentication because they aren’t being redirected from your IdP back to BoldDesk’s portal. Since authentication only begins once the login request reaches BoldDesk, review your IdP app configuration and fix any redirect/callback issues to complete the flow.

Agent Portal — SSO

Use this section to enable Single Sign‑On for your agent workforce. Agent Portal SSO is tenant‑wide (organization‑wide)—it is not brand‑based—so a single configuration applies to all agents. Configure one provider (OpenID Connect, OAuth 2.0, or JWT) and register the Agent Portal Redirect URL in your IdP once for the organization.
The steps below follow an SP‑initiated flow: agents start at the BoldDesk sign‑in page, authenticate with your IdP, and return to the Agent Portal. Ensure your IdP returns the expected identifier (e.g., email/UPN) and scopes so BoldDesk can map users correctly. After you click Update, the same sign‑in experience is available to every agent.

Configure OAuth 2.0 in BoldDesk (Agent Portal)

  1. In BoldDesk, go to Admin → Agent Portal → Login.

    Login_Tab_in_Agent_Portal_Settings_Portal.png

  2. Toggle OAuth 2.0 ON under Single Sign‑On.

  3. Fill in IdP details.
    BoldDesk requires the OAuth endpoints and identifiers from your IdP. Enter:

    • Redirect URL — copy from BoldDesk and register it in your IdP (mandatory).
    • Display Name — how the button appears on the login page.
    • Client ID
    • Client Secret
    • Scopes — enter the scopes your IdP requires (e.g., profile email, or others per your IdP).
    • Token endpoint — use the v2 endpoint where applicable.
    • Authorization endpoint — use the v2 endpoint where applicable.
    • User Information endpoint — URL to fetch user info from your IdP.
    • Logout endpoint — URL used after successful logout.

  4. Click Update to persist the configuration and enable the sign‑in option.

    OAuth_Configuration_in_Agent_Support_Settings.png

Configure OpenID Connect in BoldDesk (Agent Portal)

  1. In BoldDesk, go to Admin → Agent Portal → Login.

  2. Toggle OpenID Connect ON under Single Sign‑On.

  3. Fill in IdP details.
    BoldDesk requires the core OIDC values from your IdP. Enter:

    • Redirect URL — copy from BoldDesk and register it in your IdP (mandatory).
    • Display Name — how the button appears on the login page.
    • Client ID
    • Client Secret
    • Scopes — typical example: openid, profile, email (comma‑separated).
    • Authority / Issuer — your IdP’s OIDC authority (BoldDesk can derive endpoints from this).
    • Logout Endpoint — optional, for post‑logout redirection.

  4. Click Update to persist the configuration and enable the sign‑in option.

    OpenID_Connect_Configuration_Page_for_Agent_Portal.png

Configure JWT in BoldDesk (Agent Portal)

  1. In BoldDesk, go to Admin → Agent Portal → Login.

  2. Toggle JWT ON under Single Sign‑On.

  3. Fill in JWT settings.
    Enter the values required by your JWT flow:

    • Redirect URL — copy from BoldDesk and register it in your IdP (mandatory).
    • Display Name — button label.
    • Authorization URL — where users authenticate to obtain the JWT.
    • Public Key — RSA public key (PEM) used to validate the token (paste full key including headers).
    • Logout URL (Optional) — destination after successful logout.

  4. Click Update to persist the configuration and enable the sign‑in option.

    JWT_Configuration_in_Agent_Support_Settings.png

  • SSO configured under Admin → Agent Portal → Login is not brand-based and applies to all agents in your organization. Configure your chosen provider (OIDC, OAuth 2.0, or JWT) once and register the Agent Portal redirect URL in your IdP; the same login configuration is used by every agent.
  • SSO configuration is available across all BoldDesk subscription plans (Scale, Momentum, and Enterprise).

Frequently Asked Questions (FAQs)

1) Where do I configure SSO for the Customer Portal?

Go to Admin → Customer Portal → Login. Choose your brand, toggle the relevant SSO (OpenID Connect, OAuth 2.0, or JWT) ON, fill in the IdP fields, and click Update.

2) Are Customer Portal SSO settings brand‑specific?
Yes. Customer Portal SSO is applied per brand. Always select the correct brand before turning on and saving OIDC/OAuth 2.0/JWT.

3) Are Agent Portal SSO settings brand‑specific?
No. SSO configured under Admin → Agent Portal → Login is tenant‑wide (organization‑wide) and applies to all agents.

4) What fields are required for OpenID Connect SSO Configuration in BoldDesk?
Turn OpenID Connect ON, then provide:
Client ID, Client Secret, and Authority/Issuer or the OIDC endpoints (e.g., Authorization and Logout). Add optional Scopes (commonly openid, profile, email). Click Update.

5) What fields are required for OAuth 2.0 SSO Configuration in BoldDesk?

Turn OAuth 2.0 ON, then provide:
Authorization endpoint (use v2 where applicable), Token endpoint (use v2 where applicable), and UserInfo endpoint. Add Client ID, Client Secret, Scopes, and any Logout endpoint. Click Update.

6) What fields are required for JWT SSO Configuration in BoldDesk?
Turn JWT ON, then provide:
Authorization URL, Public Key (RSA PEM, full BEGIN/END block), optional Logout URL, and the Redirect URL shown in BoldDesk. Click Update.

7) Does BoldDesk support IdP‑initiated login for OAuth 2.0 or OIDC?
No. OAuth 2.0 and OIDC in BoldDesk are SP‑initiated only (users start the login from BoldDesk, which redirects to the IdP). IdP‑initiated is not supported.

8) How should I register Redirect/Callback URLs?
Always register the exact Redirect/Callback URL shown in the BoldDesk SSO panel in your IdP.

  • Customer Portal: If you use both default and custom domains, register callbacks for each domain.
  • Agent Portal: Register the Agent Portal Redirect URL once; it applies to all agents.

If the callback for the active domain isn’t registered, authentication will fail.

9) For OIDC, should I select Refresh Token as a Grant Type?
No. BoldDesk does not use or support the Refresh Token grant type. It relies solely on the standard OIDC authorization code flow provided by your Identity Provider, and no refresh‑token settings need to be configured in BoldDesk.

10) For the client authentication type, should I choose POST, Basic, or Public?
None of these need to be selected. BoldDesk does not require you to specify a client authentication method (POST, Basic, or Public).
Simply provide the Client ID and Client Secret in the integration settings. BoldDesk automatically handles the appropriate authentication method based on your Identity Provider’s configuration.

Related Articles
Attachments
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Access denied
Access denied
Access denied
Access denied

No articles or sections found
No articles or sections found