Revision as of 18:23, November 27, 2018 by Djudge (talk | contribs) (SSO Configuration - PureEngage Cloud)
Jump to: navigation, search

Single Sign-On

PureEngage Cloud supports single sign-on (SSO) using the SAML 2.0 protocol. There are many advantages to enabling SSO in PureEngage Cloud—for example:

  • Users need to remember only one password.
  • User credentials are managed by a third-party identity provider.
  • Users only need to log in once to gain access to all PureEngage Cloud applications that have SSO enabled.

SSO Support by Application

Click here to see which PureEngage Cloud applications support SSO.

SSO Configuration - PureEngage Cloud

Contact your Genesys representative to enable SSO configuration for your organization.

The use of SSO within an organization is configured at two different levels:

  • Each "Contact Center" object can be configured with a unique Identity Provider.
  • Each "Access Group" can have SSO enabled or disabled. Users associated with an Access Group with SSO enabled will utilize SSO.

Additional requirements for provisioning within PureEngage Cloud:

  • The domain declared in the identity provider metadata should be part of the user name stored within Genesys, to create the most seamless experience. (Example: john@mycompany.com) Otherwise users would need to enter a Tenant or enter the domain before their username. (Example, mycompany\john)
  • The username provisioned within PureEngage Cloud should match the username in the external identity provider.

SSO Configuration - Identity Provider

PureEngage Cloud must be defined as an application within the identity provider to support the SSO integration. Specific details for uploading PureEngage Cloud metadata and configuring claims will be published soon, but are available now by contacting your Genesys representative. Reference configurations for identity providers:

  • Okta (to be published soon)

How does SSO work for users?

1

Let's look at the login process for Agent Desktop with SSO enabled and Okta configured as the third-party identity provider. Note: The login flow is the same for all supported identity providers.

First, click the Agent Desktop icon in Genesys Portal and enter your username. You must log in to the application even though you're already logged in to your workstation.

Click Next. Genesys redirects you to Okta where you're prompted to enter your username and password. Once you log in with Okta, you're redirected back to Agent Desktop and automatically logged in. Alternatively, if you are already logged in with Okta when you click Next, Genesys skips the Okta login and automatically logs you in to Agent Desktop.

Now that you're authenticated with the identity provider, you can choose any SSO-enabled application from Genesys Portal and you'll be automatically logged in without entering your credentials.

SSO authentication is separate from application login, so you'll stay logged in with PureEngage Cloud for the length of your SSO session (this is a configurable time period), even if you log out of an application. This means you can log out of Agent Desktop, for example, and remain logged in with Agent Setup.

Comments or questions about this documentation? Contact us for support!