This section describes how to configure SSO using Okta for use enterprise-wide Okta credentials to sign into Contact Center AI Platform (CCAI Platform) and the agent adapter. Okta SSO uses the Security Assertion Markup Language (SAML) authentication protocol.
Before you begin
To configure SSO using Okta, be sure you have the following:
An Okta account
CCAI Platform administrator credentials
Configure Okta for SSO
To configure Okta, follow these steps:
In the Okta Admin Dashboard, Go to Applications > Applications
Click Create App Integration
Select SAML 2.0, then Click Next.
Click Next.
Specify a Name and Logo.
Click Next.
On the Configure SAML screen enter these values:
Single sign on URL: https://<environmentname>.domain.co/saml/v1/consume
Check Use this for Recipient URL and Destination URL
Audience URI (SP Entity ID): https://<environmentname>.domain.co/saml/v1/metadata
Name ID format: customer provides, (For example, EmailAddress)
On the Feedback panel provide feedback selections.
Suggested selections:
I'm an Okta customer adding an internal app
This is an internal app that we have created
Click Finish.
On the Sign On tab of the page that displays, click View Setup Instructions to launch a new tab.
Configure your CCAI Platform instance for SSO
To configure SSO for your CCAI Platform instance, follow these steps:
In the Google Cloud console, go to the project selector dashboard and select the project that contains your instance.
In the navigation menu, click CCAI Platform.
The CCAI Platform instances page displays.
In the Name column, click the instance that you want to configure SSO for.
On the CCAI Platform instance Detail page, click
Edit.For the login method, select SAML.
In the Single sign-on URL field, enter the Identity Provider Single Sign-On URL value from Configure Okta.
In the Entity ID field, enter the Identity Provider Issuer value from Configure Okta.
In the Email field mapping field, enter a text string such as
Email name
orName ID
. This is used as a label for the email name field on the SSO sign-in page.In the Certificate field, enter the X.509 certificate from Configure Okta. Be sure to include
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
from the certificate.Click Save.
Verify SSO authentication
To verify SSO authentication, follow these steps:
Go to the agent adapter in your customer relationship management (CRM) application.
Click Login with company SSO. A sign-in page displays.
Sign in with your Okta credentials.