Stay organized with collections
Save and categorize content based on your preferences.
This section describes how to configure SSO using Okta for
use enterprise-wide Okta credentials to sign into Contact Center AI Platform (CCAI Platform) and the
agent adapter. Okta SSO uses the Security Assertion Markup Language (SAML)
authentication protocol.
Before you begin
To configure SSO using Okta, be sure you have the following:
An Okta account
An SSO URL
An entity ID
An email mapping field, usually Name ID
A SAML certificate (in Base64)
CCAI Platform administrator credentials
Configure Okta for SSO
To configure Okta, follow these steps:
In the Okta Admin Dashboard, Go to Applications > Applications
Click Create App Integration
Select SAML 2.0, then Click Next.
Click Next.
Specify a Name and Logo.
Click Next.
On the Configure SAML screen enter these values:
Single sign on URL:https://<environmentname>.domain.co/saml/v1/consume
Check Use this for Recipient URL and Destination URL
Audience URI (SP Entity ID):
https://<environmentname>.domain.co/saml/v1/metadata
Name ID format: customer provides, (For example, EmailAddress)
On the Feedback panel provide feedback selections.
Suggested selections:
I'm an Okta customer adding an internal app
This is an internal app that we have created
Click Finish.
On the Sign On tab of the page that displays, click View
Setup Instructions to launch a new tab.
Configure your CCAI Platform instance for SSO
To configure SSO for your CCAI Platform instance, follow these steps:
In the Google Cloud console, go to the project selector dashboard and select the project that
contains your instance.
In the Name column, click the instance that you want to configure SSO for.
On the CCAI Platform instance Detail page, click editEdit.
For the login method, select SAML.
In the Single sign-on URL field, enter your SSO URL.
In the Entity ID field, enter your entity ID.
In the Email field mapping field, enter a text string such as Email name or
Name ID. This is used as a label for the email name field on the SSO sign-in page.
In the Authentication contexts field, select the authentication context that you want. If
your IdP configuration doesn't require the authentication context to be specified, then leave this
field empty. For more information, see Authentication context.
In the Certificate field, enter your SAML certificate. Be sure to include
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the
certificate.
Click Save.
Verify SSO authentication
To verify SSO authentication, follow these steps:
Go to the agent adapter in your customer relationship management (CRM)
application.
Click Login with company SSO. A sign-in page displays.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis guide outlines the process of configuring Single Sign-On (SSO) for Contact Center AI Platform (CCAI Platform) and its agent adapter using Okta, which leverages the SAML authentication protocol.\u003c/p\u003e\n"],["\u003cp\u003eThe process involves setting up an application integration within the Okta Admin Dashboard, defining SAML settings such as the Single Sign On URL and Audience URI, and providing relevant feedback selections.\u003c/p\u003e\n"],["\u003cp\u003eTo configure the CCAI Platform instance for SSO, you'll need to navigate to the instance details in the Google Cloud console, select SAML as the login method, and enter the relevant Identity Provider details obtained from Okta's configuration.\u003c/p\u003e\n"],["\u003cp\u003eVerification of SSO authentication can be done by attempting to log into the agent adapter via the "Login with company SSO" button, and signing in using Okta credentials.\u003c/p\u003e\n"]]],[],null,["# Configure SSO using Okta\n\nThis section describes how to configure SSO using Okta for\nuse enterprise-wide Okta credentials to sign into Contact Center AI Platform (CCAI Platform) and the\nagent adapter. Okta SSO uses the Security Assertion Markup Language (SAML)\nauthentication protocol.\n\nBefore you begin\n----------------\n\nTo configure SSO using Okta, be sure you have the following:\n\n- An Okta account\n- An SSO URL\n- An entity ID\n- An email mapping field, usually Name ID\n- A SAML certificate (in Base64)\n- CCAI Platform administrator credentials\n\nConfigure Okta for SSO\n----------------------\n\nTo configure Okta, follow these steps:\n\n1. In the Okta Admin Dashboard, Go to **Applications \\\u003e Applications**\n\n2. Click **Create App Integration**\n\n3. Select **SAML 2.0** , then Click **Next**.\n\n4. Click **Next**.\n\n5. Specify a **Name** and **Logo**.\n\n6. Click **Next**.\n\n7. On the Configure SAML screen enter these values:\n\n **Single sign on URL:**\n `https://\u003cenvironmentname\u003e.domain.co/saml/v1/consume`\n\n Check **Use this for Recipient URL and Destination URL**\n\n **Audience URI (SP Entity ID)** :\n `https://\u003cenvironmentname\u003e.domain.co/saml/v1/metadata`\n\n **Name ID format**: customer provides, (For example, EmailAddress)\n8. On the **Feedback** panel provide feedback selections.\n\n Suggested selections:\n\n I'm an Okta customer adding an internal app\n\n This is an internal app that we have created\n9. Click **Finish**.\n\n10. On the **Sign On** tab of the page that displays, click **View\n Setup Instructions** to launch a new tab.\n\nConfigure your CCAI Platform instance for SSO\n---------------------------------------------\n\nTo configure SSO for your CCAI Platform instance, follow these steps:\n\n1. In the Google Cloud console, go to the project selector dashboard and select the project that contains your instance.\n\n [Project selector dashboard](https://console.cloud.google.com/projectselector2/home/dashboard)\n\n \u003cbr /\u003e\n\n2. In the navigation menu, click **CCAI Platform** .\n\n\n [CCAI Platform instances](https://console.cloud.google.com/contact-center-ai-platform)\n\n \u003cbr /\u003e\n\n The **CCAI Platform instances** page displays.\n3. In the **Name** column, click the instance that you want to configure SSO for.\n4. On the **CCAI Platform instance Detail** page, click edit **Edit**.\n5. For the login method, select **SAML**.\n6. In the **Single sign-on URL** field, enter your SSO URL.\n7. In the **Entity ID** field, enter your entity ID.\n8. In the **Email field mapping** field, enter a text string such as `Email name` or `Name ID`. This is used as a label for the email name field on the SSO sign-in page.\n9. In the **Authentication contexts** field, select the authentication context that you want. If your IdP configuration doesn't require the authentication context to be specified, then leave this field empty. For more information, see [Authentication context](/contact-center/ccai-platform/docs/authentication-context).\n10. In the **Certificate** field, enter your SAML certificate. Be sure to include `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` from the certificate.\n11. Click **Save**.\n\nVerify SSO authentication\n-------------------------\n\nTo verify SSO authentication, follow these steps:\n\n1. Go to the agent adapter in your customer relationship management (CRM)\n application.\n\n2. Click **Login with company SSO**. A sign-in page displays.\n\n3. Sign in with your Okta credentials."]]
