Helpdesk Single Sign-On (SSO) -- SAML, OAuth, and More
Your support team should not need a separate password just to access the helpdesk. Single sign-on (SSO) lets users log in to Jitbit Helpdesk with the credentials they already use every day -- whether that is a Microsoft account, Google Workspace, or a corporate identity provider. Fewer passwords means fewer reset requests, faster onboarding, and stronger security across your organization.
Jitbit supports every major SSO standard, so you can pick the method that fits your infrastructure. Here is a complete overview of each option and how to set it up.
Table of Contents
- Supported Single Sign-On Methods
- SAML 2.0 Single Sign-On Setup
- Optional SAML Attributes (First and Last Name)
- Supported SAML Identity Providers
- SAML vs. "Sign in with Google" vs. "Sign in with Microsoft"
- SCIM -- Automatic User Provisioning and Deprovisioning
- Single Log-Out (SLO)
- No SAML? Use the Authentication API
Supported Single Sign-On Methods
Jitbit Helpdesk offers six ways to implement single sign-on, ranging from zero-configuration OAuth to fully customizable API-based authentication:
- SAML 2.0 protocol -- the enterprise standard. Works with Azure AD (Microsoft Entra ID), Okta, OneLogin, ADFS, Google Workspace, and any SAML-compliant identity provider. Jump to SAML setup.
- "Sign in with Google" -- standard OAuth. Enable it with a single checkbox -- no configuration needed.
- "Sign in with Microsoft" -- standard OAuth. Same one-checkbox setup for Microsoft accounts (personal and corporate).
- Authentication API -- generate secure, time-limited auto-login links from your own application. Ideal for custom integrations.
- Active Directory via IIS script (SaaS version) -- deploy a lightweight script on your local IIS server that authenticates users against LDAP and redirects them into the cloud helpdesk.
- Windows-integrated authentication (self-hosted version only) -- direct Kerberos/NTLM authentication for on-premises deployments.
SAML 2.0 Single Sign-On Setup
SAML 2.0 is the most widely used SSO protocol in enterprise environments. Jitbit Helpdesk acts as a SAML Service Provider (SP), so you configure your Identity Provider (IdP) to trust Jitbit and pass authenticated user identities through signed SAML assertions.
Enter the following values in your SAML identity provider:
- Entity ID (also called "App ID URI" or "Audience") --
https://www.jitbit.com/web-helpdesk/ - SAML Sign-On URL --
[HelpDeskURL]/User/Login(example:https://acme.jitbit.com/helpdesk/User/Login) - Reply URL (also called "Assertion Consumer Service URL" or "ACS URL") --
[HelpDeskURL]/Saml/Consume(example:https://acme.jitbit.com/helpdesk/Saml/Consume)
Then copy two values from your identity provider into Jitbit's admin panel: the SAML endpoint URL and the X.509 certificate. Once both are saved, single sign-on is active.
SAML SSO works with both the hosted (SaaS) helpdesk and the self-hosted version. Any SAML 2.0 compliant provider is supported, including Azure AD, Okta, OneLogin, ADFS, and Google Workspace.
Optional SAML Attributes (First and Last Name)
Your SAML provider already sends the "NameID" (typically the user's email address). You can optionally include the user's first and last name so Jitbit can display their full name in ticket threads and reports. Add these attributes to your SAML response:
<saml:Attribute Name="first_name"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">FirstName</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="last_name"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">LastName</saml:AttributeValue>
</saml:Attribute>
Supported SAML Identity Providers
Jitbit Helpdesk integrates with all major SAML 2.0 identity providers. Here are the most common, each with a dedicated setup guide:
- Azure Active Directory (Microsoft Entra ID) -- step-by-step setup guide
- OneLogin -- step-by-step setup guide
- Google Workspace -- step-by-step setup guide
- ADFS (Active Directory Federation Services) -- step-by-step setup guide
- SAASPASS -- step-by-step setup guide
- Centrify -- step-by-step setup guide
- Any other SAML 2.0 provider -- including Okta, Auth0, Ping Identity, JumpCloud, and more
Because Jitbit supports the standard SAML 2.0 protocol, you can also connect it to your LDAP directory, Active Directory, multi-factor authentication systems, hardware security tokens, and mobile authentication platforms through any compliant identity provider.
SAML vs. "Sign in with Google" vs. "Sign in with Microsoft"
SAML gives you the most control -- you manage which users can access the helpdesk, enforce MFA policies, and handle provisioning from a central admin console. But it does require configuration on the identity provider side.
If you want something simpler, the built-in "Sign in with Microsoft" and "Sign in with Google" options work out of the box with zero configuration. Enable either one with a single checkbox in the Jitbit admin panel. Both support personal and company-managed accounts.
You can optionally restrict OAuth logins by domain name -- for example, allowing only users with "@yourcompany.com" email addresses. This gives you a lightweight access control layer without the overhead of a full SAML integration.
SCIM -- Automatic User Provisioning and Deprovisioning
Single sign-on handles authentication, but what about user lifecycle management? Jitbit Helpdesk supports the SCIM (System for Cross-domain Identity Management) protocol, so user accounts stay in sync with your identity provider automatically.
When you add a new employee in Microsoft Entra ID, Okta, Google Workspace, or Auth0, a helpdesk account is created automatically. When someone leaves the organization, their helpdesk access is revoked. No manual account management required.
For full setup details, see the SCIM documentation.
Seamless Log-Out with Single Log-Out (SLO)
For a complete and secure logout experience, Jitbit Helpdesk supports SAML Single Log-Out (SLO). When a user signs out of Jitbit, a logout request is automatically sent to your identity provider, ending the session everywhere. Configure the "SLO URL" in your Jitbit admin panel to enable this feature.
No SAML? Use the Authentication API
If SAML is not the right fit -- maybe you have a custom web application and want to embed helpdesk access directly -- your developers can use the Jitbit authentication API to generate secure, time-limited auto-login links. Users click the link and land inside the helpdesk, already authenticated. No SAML provider required.
See also: Google SAML SSO setup guide | Active Directory authentication for SaaS helpdesk | helpdesk authentication API
Features
9 reasons to choose Hosted Zendesk vs. Jitbit What is SaaS Active Directory Authentication Cloud Help Desk Free Email account and more Authentication API Online Ticketing System Benefits Single Sign On SLA and Help Desk Automation Helpdesk API Helpdesk for your industryResources
Customer reviews User guide FAQ What's new Version history Free trial Pricing