SSO

Overview

For SSO (Single Sign-On) we use the OAuth2 'authorization code' flow.

We often call this 'platform SSO', as we make use of the CX platform's OAuth2 support when available, but it can also be used with any OAuth2 provider, like Azure Entra ID SSO

Platform SSO Flow

The following sequence diagram describes the platform SSO flow:

Flow Steps

1. Initiate SSO: Agent requests SSO authentication via /platform/sso
2. Read Configuration: Deepdesk reads Auth URL and Client ID from platform config
3. Authorization Request: Deepdesk redirects to platform's authorization endpoint
4. Agent Authentication: Platform presents login page to agent
5. Authorization Code: Platform returns authorization code to Deepdesk
6. Token Exchange: Deepdesk exchanges authorization code for access token using Client ID, Client Secret
7. User Information: Deepdesk retrieves user information from platform
8. User Creation/Login: Deepdesk creates or logs in the user
9. JWT Creation: Deepdesk creates account JWT token
10. Session Establishment: Deepdesk returns session and access token cookie to agent

User Journey

1. Sign-In Initiation: The agent is logged into the CX platform and sees an overlay above the input field with a button "Sign in to Deepdesk"

2. OAuth Flow: When the agent clicks the link, Deepdesk performs the OAuth flow with the platform (as detailed in the sequence diagram above)

3. Automatic Login: Upon successful OAuth authentication, the user is automatically logged in to Deepdesk

4. Return to Platform:

   • The agent returns to the CX platform
   • After refreshing, the agent sees Deepdesk suggestions and can start using the platform

Implementation

For technical implementation details, see:

• Platform SSO implementation

See Also

• OAuth2 Roles - Automatic role assignment using OIDC claims
• Magic Link - Email-based passwordless authentication