Configure SSO using Azure

This section explains how to configure SSO using Azure for use enterprise-wide Azure credentials to sign into (CCAI Platform) and the agent adapter. Azure SSO uses the Security Assertion Markup Language (SAML) authentication protocol.

Before you begin

To configure SSO using Azure, be sure you have the following:

  • An Azure account

  • CCAI Platform administrator credentials

Configure Azure for SSO

To configure Azure, follow these steps:

  1. Sign in to your existing Azure account.

  2. Navigate to the Azure Portal and click Enterprise applications:

  3. From the Enterprise applications page, click New application:

  4. In the search box type saml.

  5. Click Azure AD SAML Toolkit.

  6. If preferred, change the application Name, then click Create.

  7. Click Set up single sign on.

  8. Click the SAML option.

  9. Beside Basic SAML Configuration, click Edit.

  10. For Identifier (Entity ID), enter https://<environmentname>.domain.co/saml/v1/metadata

  11. For Reply URL (Assertion Consumer Service URL), enter https://<environmentname>.domain.co/saml/v1/consume

  12. For Sign on URL, enter https://<environmentname>.domain.co/

  13. Click Save at the top of the screen.

  14. Beside User Attributes & Claims, click Edit.

  15. Click Unique User Identifier (Name ID).

  16. Change Source attribute to user mail, then click Save.

  17. Verify that the Unique User Identifier has been changed to user mail.

  18. Copy and save the Login URL and Azure AD Identifier to use later in the CCAI Platform Portal.

  19. Click the download link for Certificate (Base64).

  20. Open the file in a text editor for later use.

Configure your CCAI Platform instance for SSO

To configure SSO for your CCAI Platform instance, follow these steps:

  1. In the Google Cloud console, go to the project selector dashboard and select the project that contains your instance.

    Project selector dashboard

  2. In the navigation menu, click CCAI Platform.

    CCAI Platform instances

    The CCAI Platform instances page displays.

  3. In the Name column, click the instance that you want to configure SSO for.

  4. On the CCAI Platform instance Detail page, click Edit.

  5. For the login method, select SAML.

  6. In the Single sign-on URL field, enter the Login URL value that you saved in Configure Azure.

  7. In the Entity ID field, enter the Azure AD Identifier value that you saved in Configure Azure.

  8. In the Email field mapping field, enter a text string such as Email name or Name ID. This is used as a label for the email name field on the SSO sign-in page.

  9. In the Certificate field, enter the Base64 certificate that you downloaded in Configure Azure. Be sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the certificate.

  10. Click save.

Verify SSO authentication

To verify SSO authentication, follow these steps:

  1. Go to the agent adapter in your customer relationship management (CRM) application.

  2. Click Login with company SSO. A sign-in page displays.

  3. Sign in with your Azure credentials.