From Bright Pattern Documentation
imported>Sergem |
(Updated via BpDeleteTranslateTags script) |
||
| Line 1: | Line 1: | ||
| − | + | = Enable Single Sign-On in Salesforce = | |
Single Sign-on (SSO) functionality allows call center users to log in to Salesforce and Bright Pattern Contact Center applications simultaneously from a single login. | Single Sign-on (SSO) functionality allows call center users to log in to Salesforce and Bright Pattern Contact Center applications simultaneously from a single login. | ||
| − | == Step 1: Enable and deploy the domain == | + | == Step 1: Enable and deploy the domain == |
# From Salesforce Classic Setup, enable the organizational domain. Note that registration of the domain may take up to 24 hours. For more information, refer to [http://help.salesforce.com/apex/HTViewHelpDoc?id=domain_name_setup.htm&language=en_US Salesforce Help].<br /><br /> | # From Salesforce Classic Setup, enable the organizational domain. Note that registration of the domain may take up to 24 hours. For more information, refer to [http://help.salesforce.com/apex/HTViewHelpDoc?id=domain_name_setup.htm&language=en_US Salesforce Help].<br /><br /> | ||
# Deploy the domain to assigned users.<br /><br /> | # Deploy the domain to assigned users.<br /><br /> | ||
# All users must log in using this domain URL, which should be in the following format:<br /><br />'''https://<your-domain-name>.my.salesforce.com/''' | # All users must log in using this domain URL, which should be in the following format:<br /><br />'''https://<your-domain-name>.my.salesforce.com/''' | ||
| − | == Step 2: Enable identity provider == | + | == Step 2: Enable identity provider == |
After your domain name is registered, you will be able to enable your identity provider, which is necessary for SSO. | After your domain name is registered, you will be able to enable your identity provider, which is necessary for SSO. | ||
| − | |||
# Use Quick Find to go to the ''Identity Provider'' page and click on '''Enable Identity Provider'''. | # Use Quick Find to go to the ''Identity Provider'' page and click on '''Enable Identity Provider'''. | ||
# In the ''Identity Provider Setup'' section, select the actual certificate to be used. If no certificates are shown, you will have to create or import a certificate (see Step 3). | # In the ''Identity Provider Setup'' section, select the actual certificate to be used. If no certificates are shown, you will have to create or import a certificate (see Step 3). | ||
| − | == Step 3: Get certificate == | + | == Step 3: Get certificate == |
The certificate is used in the [[Sfdc-integration-guide/Classic/IntegrationAccount | Add Salesforce Integration Account]] section of this guide to establish Salesforce as the identity provider for SSO. This step will help you download the certificate. | The certificate is used in the [[Sfdc-integration-guide/Classic/IntegrationAccount | Add Salesforce Integration Account]] section of this guide to establish Salesforce as the identity provider for SSO. This step will help you download the certificate. | ||
| − | |||
# Use Quick Find to go to ''Certificate and Key Management''.<br /><br />[[File:SFDC-Classic-Certificate.PNG|800px|thumbnail|center|Certificate and Key Management]]<br /><br /> | # Use Quick Find to go to ''Certificate and Key Management''.<br /><br />[[File:SFDC-Classic-Certificate.PNG|800px|thumbnail|center|Certificate and Key Management]]<br /><br /> | ||
# If there are no certificates listed, or your certificate is expired, either create a new one or import a certificate from your setup.<br><br> | # If there are no certificates listed, or your certificate is expired, either create a new one or import a certificate from your setup.<br><br> | ||
| Line 25: | Line 23: | ||
# Save this for when you edit your Salesforce integration account properties. This is what you will paste into the ''Set Identity Provider certificate'' dialog of integration account properties. | # Save this for when you edit your Salesforce integration account properties. This is what you will paste into the ''Set Identity Provider certificate'' dialog of integration account properties. | ||
| − | == Step 4: Customize the connected app == | + | == Step 4: Customize the connected app == |
# Use Quick Find to go to ''Connected Apps'' and then select '''BrightPattern''' from the list of connected apps.<br /><br />[[File:SFDC-Classic-Manage-Conn-50.PNG|800px|thumbnail|center|Connected Apps]]<br /><br /> | # Use Quick Find to go to ''Connected Apps'' and then select '''BrightPattern''' from the list of connected apps.<br /><br />[[File:SFDC-Classic-Manage-Conn-50.PNG|800px|thumbnail|center|Connected Apps]]<br /><br /> | ||
# On the ''Connected App Detail'' page that opens, click '''Edit Policies'''.<br /><br />[[File:SFDC-Edit-Policies-Button-50.PNG|800px|thumbnail|center|Connected App Detail]]<br /><br /> | # On the ''Connected App Detail'' page that opens, click '''Edit Policies'''.<br /><br />[[File:SFDC-Edit-Policies-Button-50.PNG|800px|thumbnail|center|Connected App Detail]]<br /><br /> | ||
| Line 34: | Line 32: | ||
# Click '''Save'''. | # Click '''Save'''. | ||
| − | == Step 5: Configure user profiles and field mapping (login mapping – custom attribute) == | + | == Step 5: Configure user profiles and field mapping (login mapping – custom attribute) == |
SSO requires user profiles assigned for users that are going to utilize Bright Pattern Contact Center to be authenticated by the Salesforce Identity Provider. The following process maps the SSO parameters to the Bright Pattern Contact Center login ID. | SSO requires user profiles assigned for users that are going to utilize Bright Pattern Contact Center to be authenticated by the Salesforce Identity Provider. The following process maps the SSO parameters to the Bright Pattern Contact Center login ID. | ||
| − | |||
# Go back to ''Connected Apps'', and select '''BrightPattern''' to get to the Connected App Detail page.<br /><br /> | # Go back to ''Connected Apps'', and select '''BrightPattern''' to get to the Connected App Detail page.<br /><br /> | ||
# Scroll all the way down to ''Custom Attributes'' and click '''Edit'''.<br /><br />[[File:SFDC-Custom-Attributes-50.png|800px|thumbnail|center|Edit custom attributes]]<br /><br /> | # Scroll all the way down to ''Custom Attributes'' and click '''Edit'''.<br /><br />[[File:SFDC-Custom-Attributes-50.png|800px|thumbnail|center|Edit custom attributes]]<br /><br /> | ||
| Line 44: | Line 41: | ||
## '''Attribute value''' - '''$User.CommunityNickname'''<br /><br />[[File:sfdc-integration-guide-image9.png|thumb|650px|center|]]<br /><br /> | ## '''Attribute value''' - '''$User.CommunityNickname'''<br /><br />[[File:sfdc-integration-guide-image9.png|thumb|650px|center|]]<br /><br /> | ||
| − | |||
Bright Pattern Contact Center uses one optional custom service provider “Attribute key”: ''CSIMLoginID''. This Attribute could be matched with any user’s field. By default, it is configured to match the Salesforce user nickname ''($User.CommunityNickname)''. | Bright Pattern Contact Center uses one optional custom service provider “Attribute key”: ''CSIMLoginID''. This Attribute could be matched with any user’s field. By default, it is configured to match the Salesforce user nickname ''($User.CommunityNickname)''. | ||
| − | |||
'''Note:''' If this attribute mapping is removed and no other attribute is specified, then the login ID will be taken as part of the Salesforce username before the "@" sign. | '''Note:''' If this attribute mapping is removed and no other attribute is specified, then the login ID will be taken as part of the Salesforce username before the "@" sign. | ||
| − | == Step 6: Get the identity provider initiated login URL == | + | == Step 6: Get the identity provider initiated login URL == |
# Still on the '''BrightPattern''' Connected App Detail page, see section ''SAML Login Information''.<br /><br /> | # Still on the '''BrightPattern''' Connected App Detail page, see section ''SAML Login Information''.<br /><br /> | ||
# Copy the full URL from the '''Idp-initiated Login URL'''.<br /><br />[[File:SFDC-Classic-SAML-54.PNG|thumb|800px|center|]]<br /><br /> | # Copy the full URL from the '''Idp-initiated Login URL'''.<br /><br />[[File:SFDC-Classic-SAML-54.PNG|thumb|800px|center|]]<br /><br /> | ||
# Save this URL for when you add the Salesforce integration account in the Bright Pattern Contact Center Administrator application. This URL will go in the "Identity provider initiated login URL" property.<br /><br /> | # Save this URL for when you add the Salesforce integration account in the Bright Pattern Contact Center Administrator application. This URL will go in the "Identity provider initiated login URL" property.<br /><br /> | ||
| − | == Step 7: Set up SSO integration with Bright Pattern Contact Center == | + | == Step 7: Set up SSO integration with Bright Pattern Contact Center == |
| − | SSO integration configuration is completed when you paste the certificate and Idp-initiated Login URL into [[Sfdc-integration-guide/Classic/IntegrationAccount | Salesforce integration account properties]] in Bright Pattern's Contact Center Administrator application. | + | SSO integration configuration is completed when you paste the certificate and Idp-initiated Login URL into [[Sfdc-integration-guide/Classic/IntegrationAccount | Salesforce integration account properties]] in Bright Pattern's Contact Center Administrator application. |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Latest revision as of 04:10, 29 May 2024
• 日本語
Enable Single Sign-On in Salesforce
Single Sign-on (SSO) functionality allows call center users to log in to Salesforce and Bright Pattern Contact Center applications simultaneously from a single login.
Step 1: Enable and deploy the domain
- From Salesforce Classic Setup, enable the organizational domain. Note that registration of the domain may take up to 24 hours. For more information, refer to Salesforce Help.
- Deploy the domain to assigned users.
- All users must log in using this domain URL, which should be in the following format:
https://<your-domain-name>.my.salesforce.com/
Step 2: Enable identity provider
After your domain name is registered, you will be able to enable your identity provider, which is necessary for SSO.
- Use Quick Find to go to the Identity Provider page and click on Enable Identity Provider.
- In the Identity Provider Setup section, select the actual certificate to be used. If no certificates are shown, you will have to create or import a certificate (see Step 3).
Step 3: Get certificate
The certificate is used in the Add Salesforce Integration Account section of this guide to establish Salesforce as the identity provider for SSO. This step will help you download the certificate.
- Use Quick Find to go to Certificate and Key Management.
- If there are no certificates listed, or your certificate is expired, either create a new one or import a certificate from your setup.
- To import, click the Import from Keystore button. Any certificates you import will be shown in the Idp Certificate field on the Connected App Edit page.
- To import, click the Import from Keystore button. Any certificates you import will be shown in the Idp Certificate field on the Connected App Edit page.
- After you have created or imported a certificate, click Download Certificate.
- Open the file and copy the certificate contents only (i.e., the text between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
- Save this for when you edit your Salesforce integration account properties. This is what you will paste into the Set Identity Provider certificate dialog of integration account properties.
Step 4: Customize the connected app
- Use Quick Find to go to Connected Apps and then select BrightPattern from the list of connected apps.
- On the Connected App Detail page that opens, click Edit Policies.
- Set the following app settings:
- IP Relaxation - Relax IP restrictions
- Refresh Token Policy - Refresh token i s valid until revoked
- ACS URL - The URL should take the following form, where "<your-tenant>" is your contact center name: https://<your-tenant>.brightpattern.com/agentdesktop/agentdesktop/sfsso/response
- IP Relaxation - Relax IP restrictions
- Click Save.
Step 5: Configure user profiles and field mapping (login mapping – custom attribute)
SSO requires user profiles assigned for users that are going to utilize Bright Pattern Contact Center to be authenticated by the Salesforce Identity Provider. The following process maps the SSO parameters to the Bright Pattern Contact Center login ID.
- Go back to Connected Apps, and select BrightPattern to get to the Connected App Detail page.
- Scroll all the way down to Custom Attributes and click Edit.
- In the Update Custom Attribute page that opens, set the following:
- Attribute key - CSIMLoginID
- Attribute value - $User.CommunityNickname
- Attribute key - CSIMLoginID
Bright Pattern Contact Center uses one optional custom service provider “Attribute key”: CSIMLoginID. This Attribute could be matched with any user’s field. By default, it is configured to match the Salesforce user nickname ($User.CommunityNickname).
Note: If this attribute mapping is removed and no other attribute is specified, then the login ID will be taken as part of the Salesforce username before the "@" sign.
Step 6: Get the identity provider initiated login URL
- Still on the BrightPattern Connected App Detail page, see section SAML Login Information.
- Copy the full URL from the Idp-initiated Login URL.
- Save this URL for when you add the Salesforce integration account in the Bright Pattern Contact Center Administrator application. This URL will go in the "Identity provider initiated login URL" property.
Step 7: Set up SSO integration with Bright Pattern Contact Center
SSO integration configuration is completed when you paste the certificate and Idp-initiated Login URL into Salesforce integration account properties in Bright Pattern's Contact Center Administrator application.