Stay organized with collections
Save and categorize content based on your preferences.
This section explains how to configure single sign-on (SSO) using the Security
Assertion Markup Language (SAML) authentication protocol for a standard identity
provider (IdP) that supports the SAML interface. When configured, you can use
credentials from the IdP to sign in to Contact Center AI Platform (CCAI Platform)
(CCAI Platform) and the agent adapter.
Before you begin
Before you begin, configure an application or service provider profile with your
identity provider (IdP). From this, you get the following information:
An SSO URL
An entity ID
An email mapping field, usually Name ID
A SAML certificate (in Base64)
CCAI Platform administrator credentials
Some IdPs provide this information using an XML manifest file. However,
CCAI Platform doesn't support importing this information from a
manifest.
Configure your CCAI Platform instance for SSO
To configure SSO for your CCAI Platform instance, follow these steps:
In the Google Cloud console, go to the project selector dashboard and select the project that
contains your instance.
In the Name column, click the instance that you want to configure SSO for.
On the CCAI Platform instance Detail page, click editEdit.
For the login method, select SAML.
In the Single sign-on URL field, enter your SSO URL.
In the Entity ID field, enter your entity ID.
In the Email field mapping field, enter a text string such as Email name or
Name ID. This is used as a label for the email name field on the SSO sign-in page.
In the Authentication contexts field, select the authentication context that you want. If
your IdP configuration doesn't require the authentication context to be specified, then leave this
field empty. For more information, see Authentication context.
In the Certificate field, enter your SAML certificate. Be sure to include
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the
certificate.
Click Save.
Verify SSO authentication
To verify SSO authentication, follow these steps:
Go to the agent adapter in your customer relationship management (CRM)
application.
Click Login with company SSO. A sign-in page displays.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis guide outlines how to set up Single Sign-On (SSO) for CCAI Platform and its agent adapter using the SAML authentication protocol with a compatible Identity Provider (IdP).\u003c/p\u003e\n"],["\u003cp\u003eBefore configuring SSO, you must set up an application or service provider profile with your IdP and obtain the SSO URL, Entity ID, Email mapping field, and SAML certificate.\u003c/p\u003e\n"],["\u003cp\u003eConfiguring SSO within the CCAI Platform instance involves selecting SAML as the login method and inputting the SSO URL, Entity ID, email field mapping label, and the base64 SAML certificate.\u003c/p\u003e\n"],["\u003cp\u003eVerifying SSO authentication is done through the agent adapter by selecting "Login with company SSO" and signing in using the credentials of your configured IdP.\u003c/p\u003e\n"]]],[],null,["# Configure SSO using standard SAML\n\nThis section explains how to configure single sign-on (SSO) using the Security\nAssertion Markup Language (SAML) authentication protocol for a standard identity\nprovider (IdP) that supports the SAML interface. When configured, you can use\ncredentials from the IdP to sign in to Contact Center AI Platform (CCAI Platform)\n(CCAI Platform) and the agent adapter.\n\nBefore you begin\n----------------\n\nBefore you begin, configure an application or service provider profile with your\nidentity provider (IdP). From this, you get the following information:\n\n- An SSO URL\n- An entity ID\n- An email mapping field, usually Name ID\n- A SAML certificate (in Base64)\n- CCAI Platform administrator credentials\n\nSome IdPs provide this information using an XML manifest file. However,\nCCAI Platform doesn't support importing this information from a\nmanifest.\n\nConfigure your CCAI Platform instance for SSO\n---------------------------------------------\n\nTo configure SSO for your CCAI Platform instance, follow these steps:\n\n1. In the Google Cloud console, go to the project selector dashboard and select the project that contains your instance.\n\n [Project selector dashboard](https://console.cloud.google.com/projectselector2/home/dashboard)\n\n \u003cbr /\u003e\n\n2. In the navigation menu, click **CCAI Platform** .\n\n\n [CCAI Platform instances](https://console.cloud.google.com/contact-center-ai-platform)\n\n \u003cbr /\u003e\n\n The **CCAI Platform instances** page displays.\n3. In the **Name** column, click the instance that you want to configure SSO for.\n4. On the **CCAI Platform instance Detail** page, click edit **Edit**.\n5. For the login method, select **SAML**.\n6. In the **Single sign-on URL** field, enter your SSO URL.\n7. In the **Entity ID** field, enter your entity ID.\n8. In the **Email field mapping** field, enter a text string such as `Email name` or `Name ID`. This is used as a label for the email name field on the SSO sign-in page.\n9. In the **Authentication contexts** field, select the authentication context that you want. If your IdP configuration doesn't require the authentication context to be specified, then leave this field empty. For more information, see [Authentication context](/contact-center/ccai-platform/docs/authentication-context).\n10. In the **Certificate** field, enter your SAML certificate. Be sure to include `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` from the certificate.\n11. Click **Save**.\n\nVerify SSO authentication\n-------------------------\n\nTo verify SSO authentication, follow these steps:\n\n1. Go to the agent adapter in your customer relationship management (CRM)\n application.\n\n2. Click **Login with company SSO**. A sign-in page displays.\n\n3. Sign in with your IdP credentials."]]
