PhenixID

Step by Step – TOPDesk MFA and SSO with PhenixID Authentication Services

Summary

This document will guide you through the steps to enable multi-factor authentication and SSO for the Workflow solution TOPDesk (https://www.topdesk.com/en/)

System Requirements

  • PhenixID Authentication Server 3.0 or higher
  • TOPDesk administrative rights

Instruction

Configure PhenixID Authentication Services as Identity Provider

  1. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  2. Fetch the attribute that maps to the TOPDesk username from your user store. This may differ based on your environment.
  3. Go to Scenarios->Federation-><YOUR_IDP>->Identity Provider
  4. Add a Post SLO url: https://<your_phenixid_domain>/saml/authenticate/logout/
  5. Go to Scenarios->Federation-><YOUR_IDP>->Execution Flow
  6. Make the following adjustments:
    1. Add a PropertyAddValve above the AssertionProvider with the following values. Change <attribute_containing_username> to the value of the attribute containing the TOPDesk username.
      name = username
      value = {{item.<attribute_containing_username>}}
    2. Click AssertionProvider
    3. Set NameID Attribute = username
    4. Set additional attributes = username
  7. Save.
  8. Go to Scenarios->Federation-> <newly_added_scenario> -> Identity Provider. Deselect “Require signed requests”.
  9. Save.
  10. Then export your SAML IdP metadata by going to the URL:
    https://<YourServerDomainName>/saml/authenticate/<authenticator_alias>?getIDPMeta
    and download the metadata to a xml file.

Configure TOPDesk

  1. Login to TOPDesk as an administrator
  2. Go to Settings->Login settings
  3. Go to General
  4. Scroll down to the SAML Login part.
  5. Click on Add for Public or Secure or both.
  6. The SAML Configuration assistant will appear.
  7. Federation metadata:
  8. Select upload as file
  9. Upload the SAML IdP metadata (downloaded in previous step)
  10. Select the entityID (only one should be present)
  11. Enter username as the User name attribute
  12. TOPDesk metadata:
  13. Deselect Assertions will be encrypted
  14. Upload a private key and a corresponding RSA certificate
  15. Enter your TOPDesk endpoint (domain)
  16. Login page:
  17. Enter PhenixID_IdP as Display name (change to suite your environment)
  18. [OPTIONAL] Upload a logo (of your organization)
  19. Save.
  20. Once done with Public and Secure, click download to retrieve SP metadata xml. Name the files sp_public.xml and sp_secure.xml.

Add TOPDesk as trusted Service Providers in PhenixID Authentication Services

  1. Login to configuration manager
  2. Scenarios->Federation
  3. SAML Metadata upload
  4. Select the file (sp_public.xml) downloaded in previous step
  5. Repeat 3-4 with sp_secure.xml

Test

Browse to your TOPDesk instance and select the IDP as the authentication provider.

You should be redirected to PhenixID Authentication Services.

Authenticate.

You should be redirected back to TOPDesk.

You should now be logged in to TOPDesk.

DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se