(Update with the copy of version: draft) |
(Modified comment string {{Template:PEC_Migrated}} with __NOINDEX__ {{Template:PEC_Migrated}}) |
||
| (7 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
= Enable Single Sign-On = | = Enable Single Sign-On = | ||
| + | |||
| + | __NOINDEX__ | ||
| + | {{Template:PEC_Migrated}} | ||
| + | |||
| + | |||
Single Sign-On (SSO) identity authentication enables your users to securely access multiple Genesys applications with a single credential. | Single Sign-On (SSO) identity authentication enables your users to securely access multiple Genesys applications with a single credential. | ||
| − | After entering their username in the application login screen, users are taken to your company's authentication provider where they will enter their username and password. After that, they will not have to log in again until your authentication expires which is typically every eight hours. For a list of | + | After entering their username in the application login screen, users are taken to your company's authentication provider where they will enter their username and password. After that, they will not have to log in again until your authentication expires which is typically every eight hours. For a list of Genesys Engage cloud applications supporting SSO, see [[Documentation:PSAAS:Administrator:SingleSignOn|Single Sign-On]]. |
| − | |||
| − | |||
| + | You can enable Single Sign-On for your environments in the '''SAML''' section of Agent Setup under '''Single Sign-On'''. Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider (IdP) and a service provider (SP). | ||
| + | {{NoteFormat|You do not need to enter any IdP-metadata in the "Region Name" field in order to enable SAML.}} | ||
{{CloudStep_Stack | {{CloudStep_Stack | ||
| Line 22: | Line 27: | ||
** '''Upload SAML metadata''' enables you to upload your metadata; | ** '''Upload SAML metadata''' enables you to upload your metadata; | ||
** '''Download SAML metadata''' enables you to download SP metadata for your use. This is available after your IdP metadata has been uploaded; | ** '''Download SAML metadata''' enables you to download SP metadata for your use. This is available after your IdP metadata has been uploaded; | ||
| − | ** '''Clear SAML metadata''' enables you to clear previously uploaded | + | ** '''Clear SAML metadata''' enables you to clear previously uploaded metadata; |
** '''Reload SAML configuration''' refreshes the configuration for a specific region. | ** '''Reload SAML configuration''' refreshes the configuration for a specific region. | ||
|media1=AS_SAMLtable.png | |media1=AS_SAMLtable.png | ||
| Line 31: | Line 36: | ||
|text= | |text= | ||
To configure SSO: | To configure SSO: | ||
| − | #From the Access Groups | + | #From the '''Access Groups''' list, select one or more access groups. These groups contain users who will use SSO. |
| − | #Optional: In the '''SAML Name Identifier''' field, enter the attribute of your SAML assertion that contains the user identifier. | + | #Optional: From the '''SAML Binding''' list, select the SAML Binding type (HTTP POST or HTTP Redirect). |
| − | + | #The next 2 fields specify how to match the user defined in your IdP with its corresponding Genesys user at the time of login. In the '''Genesys User Identifier''' field, select the field you wish to use as the user identifier on the Genesys side - either the Username or the External ID. | |
| + | #In the '''SAML Name Identifier''' field, enter the name of the attribute of your SAML assertion that contains the user identifier. This attribute is matched with the Genesys Username (or External ID). If you leave this field empty, the "NameID" attribute is used by default. | ||
#Set the Base URL to the region(s). | #Set the Base URL to the region(s). | ||
| − | #Upload the idP metadata to the region(s). | + | #Upload the idP metadata to the region(s). |
#Turn the '''Enable SAML''' to the '''On''' position. | #Turn the '''Enable SAML''' to the '''On''' position. | ||
#Click '''Save'''. | #Click '''Save'''. | ||
| − | When SAML configuration completes, the status changes from PENDING to ON and the ''' | + | When SAML configuration completes, the status changes from PENDING to ON and the '''Download SAML metadata''' button is enabled. Note: for secondary regions, SAML configuration can take about 15 minutes. |
| − | |media1= | + | |media1=AS_SAMLpage052020.png |
}} | }} | ||
Latest revision as of 12:32, October 2, 2020
Contents
Enable Single Sign-On
Important
This content may not be the latest Genesys Engage cloud content. To find the latest content, go to Genesys Engage cloud for Administrators.
Single Sign-On (SSO) identity authentication enables your users to securely access multiple Genesys applications with a single credential.
After entering their username in the application login screen, users are taken to your company's authentication provider where they will enter their username and password. After that, they will not have to log in again until your authentication expires which is typically every eight hours. For a list of Genesys Engage cloud applications supporting SSO, see Single Sign-On.
You can enable Single Sign-On for your environments in the SAML section of Agent Setup under Single Sign-On. Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider (IdP) and a service provider (SP).
Important
You do not need to enter any IdP-metadata in the "Region Name" field in order to enable SAML.SAML fields and actions
On the SAML Configuration screen, a table displays the following information:
- Region Name - the name of the region in which your contact center is located.
- Base URL - the base URL associated with the region. This field is editable - simple double click anywhere within the text box to edit it.
- Status - indicates the status of configuration:
- ON - the configuration is complete.
- OFF - there is no configuration.
- PENDING - configuration is in progress.
- Actions - you take any of the following actions for a particular region:
- Upload SAML metadata enables you to upload your metadata;
- Download SAML metadata enables you to download SP metadata for your use. This is available after your IdP metadata has been uploaded;
- Clear SAML metadata enables you to clear previously uploaded metadata;
- Reload SAML configuration refreshes the configuration for a specific region.
Configure SAML
To configure SSO:
- From the Access Groups list, select one or more access groups. These groups contain users who will use SSO.
- Optional: From the SAML Binding list, select the SAML Binding type (HTTP POST or HTTP Redirect).
- The next 2 fields specify how to match the user defined in your IdP with its corresponding Genesys user at the time of login. In the Genesys User Identifier field, select the field you wish to use as the user identifier on the Genesys side - either the Username or the External ID.
- In the SAML Name Identifier field, enter the name of the attribute of your SAML assertion that contains the user identifier. This attribute is matched with the Genesys Username (or External ID). If you leave this field empty, the "NameID" attribute is used by default.
- Set the Base URL to the region(s).
- Upload the idP metadata to the region(s).
- Turn the Enable SAML to the On position.
- Click Save.
When SAML configuration completes, the status changes from PENDING to ON and the Download SAML metadata button is enabled. Note: for secondary regions, SAML configuration can take about 15 minutes.
Reconfigure SAML
If SAML is already enabled and you need to reconfigure it with new IdP metadata, do the following:
- Upload the new IdP metadata (remember: for secondary regions, SAML configuration can take up to 15 minutes).
- Next, you must click the Reload SAML configuration button.
This page was last edited on October 2, 2020, at 12:32.
Comments or questions about this documentation? Contact us for support!