Single sign-on (SSO)

You can configure single sign-on (SSO) using the following identity and access management providers:

Azure
Idaptive
Okta
OneLogin

Configure SSO using Azure

This section explains how to configure SSO using Azure for identity and access management. When configured, you can use enterprise-wide Azure credentials to sign into Contact Center AI Platform (CCAI Platform) and the agent adapter. Azure SSO uses the Security Assertion Markup Language (SAML) authentication protocol.

Before you begin

To configure SSO using Azure, be sure you have the following:

An Azure account
CCAI Platform administrator credentials

Configure Azure for SSO

To configure Azure, follow these steps:

Log in to your existing Azure account.
Navigate to the Azure Portal and click Enterprise applications:
From the Enterprise applications page, click New application:
In the search box type saml.
Click Azure AD SAML Toolkit.
If desired, change the application Name, then click Create.
Click Set up single sign on.
Click the SAML option.
Beside Basic SAML Configuration, click Edit.
For Identifier (Entity ID), enter https://<environmentname>.domain.co/saml/v1/metadata
For Reply URL (Assertion Consumer Service URL), enter https://<environmentname>.domain.co/saml/v1/consume
For Sign on URL, enter https://<environmentname>.domain.co/
Click Save at the top of the screen.
Beside User Attributes & Claims, click Edit.
Click Unique User Identifier (Name ID).
Change Source attribute to user mail, then click Save.
Verify that the Unique User Identifier has been changed to user mail.
Copy and save the Login URL and Azure AD Identifier to use later in the CCAI Platform Portal.
Click the download link for Certificate (Base64).
Open the file in a text editor for later use.

Configure your CCAI Platform instance for SSO

To configure SSO for your CCAI Platform instance, follow these steps:

In the Google Cloud console, go to the project selector dashboard and select the project that contains your instance.

Project selector dashboard
In the navigation menu, click CCAI Platform.

CCAI Platform instances

The CCAI Platform instances page displays.
In the Name column, click the instance that you want to configure SSO for.
On the CCAI Platform instance Detail page, click Edit.
For the login method, select SAML.
In the Single sign-on URL field, enter the Login URL value that you saved in Configure Azure.
In the Entity ID field, enter the Azure AD Identifier value that you saved in Configure Azure.
In the Email field mapping field, enter a text string such as Email name or Name ID. This is used as a label for the email name field on the SSO sign-in page.
In the Certificate field, enter the Base64 certificate that you downloaded in Configure Azure. Be sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the certificate.
Click Save.

Verify SSO authentication

To verify SSO authentication, follow these steps:

Go to the agent adapter in your customer relationship management (CRM) application.
Click Login with company SSO. A sign-in page displays.
Sign in with your Azure credentials.

Configure SSO using Idaptive

This section describes how to configure SSO using Idaptive for identity and access management. When configured, you can use enterprise-wide Idaptive credentials to sign into Contact Center AI Platform and the agent adapter. Idaptive SSO uses the Security Assertion Markup Language (SAML) authentication protocol.

Before you begin

To configure SSO using Idaptive, be sure you have the following:

An Idaptive account
CCAI Platform administrator credentials

Configure Idaptive for SSO

To configure Idaptive, follow these steps:

Log in to the Idaptive admin portal.
From the left menu, click Web Apps:
Click the Add Web Apps button:
Click the Custom tab:
Locate the SAML web app and click Add:
On the confirmation dialog, click Yes:
On the SAML Web App Settings page, enter a Name and click Save:
On the SAML Web App page, click the Trust tab:
Navigate to the Identity Provider Configuration (IPC) section and select Manual Configuration:
Copy and save the Entity ID for later use in the CCAI Platform Portal.
Download and save the Signing Certificate to a text file.
Copy and save the IDP Login URL for later use in the CCAI Platform Portal.
Navigate to the Service Provider Configuration (SPC) section and select Manual Configuration:
Under SP Entity ID / Issuer / Audience, enter: https://<environmentname>.ujet.co/saml/v1/metadata
Under Assertion Consumer Service (ACS) URL, enter: https://<environmentname>.ujet.co/saml/v1/consume
Beside Recipient, select Same as ACS URL.
From the NameID Format drop-down, select emailAddress, then click Save:
On the SAML Web App page, click the Permissions tab:
Click Add.
In the Select User, Group, or Role dialog, search for and select a user, then click Add.
Click Save to deploy the SAML Web App:

Configure your CCAI Platform instance for SSO

To configure SSO for your CCAI Platform instance, follow these steps:

In the Google Cloud console, go to the project selector dashboard and select the project that contains your instance.

Project selector dashboard
In the navigation menu, click CCAI Platform.

CCAI Platform instances

The CCAI Platform instances page displays.
In the Name column, click the instance that you want to configure SSO for.
On the CCAI Platform instance Detail page, click Edit.
For the login method, select SAML.
In the Single sign-on URL field, enter the IDP Login URL value that you saved in Configure Idaptive.
In the Entity ID field, enter the Entity ID value that you saved in Configure Idaptive.
In the Email field mapping field, enter a text string such as Email name or Name ID. This is used as a label for the email name field on the SSO sign-in page.
In the Certificate field, enter the signing certificate that you downloaded in Configure Idaptive. Be sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the certificate.
Click Save.

Verify SSO authentication

To verify SSO authentication, follow these steps:

Go to the agent adapter in your customer relationship management (CRM) application.
Click Login with company SSO. A sign-in page displays.
Sign in with your Idaptive credentials.

Configure SSO using Okta

This section describes how to configure SSO using Okta for identity and access management. When configured, you can use enterprise-wide Okta credentials to sign into Contact Center AI Platform and the agent adapter. Okta SSO uses the Security Assertion Markup Language (SAML) authentication protocol.

Before you begin

To configure SSO using Okta, be sure you have the following:

An Okta account
CCAI Platform administrator credentials

Configure Okta for SSO

To configure Okta, follow these steps:

In the Okta Admin Dashboard, Go to Applications > Applications
Click Create App Integration
Select SAML 2.0, then Click Next.
Click Next.
Specify a Name and Logo.
Click Next.
On the Configure SAML screen enter these values:

Single sign on URL: https://<environmentname>.domain.co/saml/v1/consume

Check Use this for Recipient URL and Destination URL

Audience URI (SP Entity ID): https://<environmentname>.domain.co/saml/v1/metadata

Name ID format: customer provides, (For example, EmailAddress)
On the Feedback panel provide feedback selections.

Suggested selections:

I'm an Okta customer adding an internal app

This is an internal app that we have created
Click Finish.
On the Sign On tab of the page that displays, click the View Setup Instructions button to launch a new tab.

Configure your CCAI Platform instance for SSO

To configure SSO for your CCAI Platform instance, follow these steps:

In the Google Cloud console, go to the project selector dashboard and select the project that contains your instance.

Project selector dashboard
In the navigation menu, click CCAI Platform.

CCAI Platform instances

The CCAI Platform instances page displays.
In the Name column, click the instance that you want to configure SSO for.
On the CCAI Platform instance Detail page, click Edit.
For the login method, select SAML.
In the Single sign-on URL field, enter the Identity Provider Single Sign-On URL value from Configure Okta.
In the Entity ID field, enter the Identity Provider Issuer value from Configure Okta.
In the Email field mapping field, enter a text string such as Email name or Name ID. This is used as a label for the email name field on the SSO sign-in page.
In the Certificate field, enter the X.509 certificate from Configure Okta. Be sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the certificate.
Click Save.

Verify SSO authentication

To verify SSO authentication, follow these steps:

Go to the agent adapter in your customer relationship management (CRM) application.
Click Login with company SSO. A sign-in page displays.
Sign in with your Okta credentials.

Configure SSO using OneLogin

This section describes how to configure SSO using OneLogin for identity and access management. When configured, you can use enterprise-wide OneLogin credentials to sign into Contact Center AI Platform and the agent adapter. OneLogin SSO uses the Security Assertion Markup Language (SAML) authentication protocol.

Before you begin

To configure SSO using OneLogin, be sure you have the following:

An OneLogin account
CCAI Platform administrator credentials

Configure OneLogin for SSO

To configure OneLogin, follow these steps:

In the CCAI Platform Portal, invite a user and ensure the user is also invited to the OneLogin app with the same email address.
Ensure you have a OneLogin Admin account: https://www.onelogin.com/
Create a SAML application for CCAI Platform, but first ensure you are in the administration portal by clicking Administration.

Click Applications > Applications.
Click Add App.
Search for saml.
Select the SAML Custom Connector (Advanced), or another SAML app you want to use.
Click Configuration.
Set end points.
Click Save.
Open the SSO page from the menu.
Select the desired SAML Signature Algorithm.
Copy the Issuer URL and the SAML 2.0 Endpoint (HTTP) in OneLogin and save for later use.
Click View Details.
Copy the X.509 Certificate and save for later use.
Navigate to User > Users.
Select a user.

Click Applications.
Click the + icon to add the SAML Custom Connector (Advanced) application.

Configure your CCAI Platform instance for SSO

To configure SSO for your CCAI Platform instance, follow these steps:

In the Google Cloud console, go to the project selector dashboard and select the project that contains your instance.

Project selector dashboard
In the navigation menu, click CCAI Platform.

CCAI Platform instances

The CCAI Platform instances page displays.
In the Name column, click the instance that you want to configure SSO for.
On the CCAI Platform instance Detail page, click Edit.
For the login method, select SAML.
In the Single sign-on URL field, enter the SAML 2.0 Endpoint (HTTP) value that you saved in Configure OneLogin.
In the Entity ID field, enter the Issuer URL value that you saved in Configure OneLogin.
In the Email field mapping field, enter a text string such as Email name or Name ID. This is used as a label for the email name field on the SSO sign-in page.
In the Certificate field, enter the X.509 certificate that you downloaded in Configure OneLogin. Be sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the certificate.
Click Save.

Verify SSO authentication

To verify SSO authentication, follow these steps:

Go to the agent adapter in your customer relationship management (CRM) application.
Click Login with company SSO. A sign-in page displays.
Sign in with your OneLogin credentials.