Enabling Single Sign-On
Single Sign-on (SSO) functionality allows call center users to log in to Salesforce and Bright Pattern Contact Center applications simultaneously from a single login. The following instructions pertain to either Salesforce Lightning or Salesforce Classic views.
SSO in Salesforce Lightning
Step 1: Enable and deploy the domain
- From Salesforce.com, enable the organizational domain. Note that registration of the domain may take up to 24 hours. For more information, refer to Salesforce Help.
- Deploy the domain to assigned users.
- All users must log in using this domain URL, which should be in the following format: https://<your-domain-name>.my.salesforce.com/
Step 2: Customize the connected app
- In Salesforce Lightning, click the Edit Policies button at the top of the Connected App Detail page.
- Navigate to Platform Tools > Apps > Connected Apps > Manage Connected Apps and then select BrightPattern from the list of connected apps.
- Edit the following App settings:
- IP Relaxation - Relax IP restrictions
- Refresh Token Policy - Refresh token is valid until revoked
- ACS URL - https://<your-ServicePattern-tenant-URL>/agentdesktop/agentdesktop/sfsso/response
- Click Save.
Step 3: Configure user profiles and field mapping (login mapping – custom attribute)
SFDC Single Sign-On integration requires user profiles assigned for users that are going to utilize Bright Pattern Contact Center to be authenticated by the SFDC Identity Provider. The following process maps the Single Sign-On parameters to the Bright Pattern Contact Center login ID.
- Navigate to Administration Setup > Manage Apps > Connected Apps, and select BrightPattern.
- Scroll down to Custom Attributes and click edit.
- In the Update Custom Attribute page that opens, specify the Attribute key and Attribute value as shown.
Bright Pattern Contact Center uses one optional custom service provider “Attribute key”: CSIMLoginID. This Attribute could be matched with any user’s field. By default, it is configured to match the SFDC user nickname ($User.CommunityNickname).
Note: If this attribute mapping is removed and no other attribute is specified, then the login ID will be taken as part of the SFDC username before the '@' sign.
Step 4: Set up Single Sign-On integration with Bright Pattern Contact Center
Single Sign-On functionality enables you to log in to only your integration account to use your integrated Salesforce Agent Desktop interface. Bright Pattern Contact Center integration account configuration requires the full SFDC URL (starting with <your-salesforce-domain>...) for use in the Call Center configuration integration accounts. This URL is available via the SFDC browser by right-clicking on the URL and choosing Copy Link Address as required.
New integration accounts are added in the Contact Center Administrator application. For more information, see the Contact Center Administrator Guide section Integration Accounts.
To create a new integration account, follow these steps:
- In a new browser tab, log in to the Bright Pattern Contact Center Administrator application. Keep this application open. You will be going back and forth between this application and Salesforce.com.
- From the main menu, under Call Center Configuration, select Integration Accounts.
- Click + at the bottom of the screen to add a new integration account.
You will be editing the following integration account properties with the information from Salesforce:
- Name - Specify an account name
- Url - Enter the Issuer name
- Certificate - Provide the Salesforce.com Identity Provider Certificate (see instructions below)
How to Add the Certificate
Before you can add the certificate, you have to ensure that there is one.
Note: In case you have multiple certificates, you must choose the certificate you want to use as the Idp Certificate on the App Settings page.
- In Salesforce.com, go to Settings > Security > Certificate and Key Management.
- If you see no certificates listed, then either create a new self-signed certificate or import a certificate from your setup.
- To import, click the Import from Keystore button. Any certificates you import will be shown in the Idp Certificate field on the Connected App Edit page.
- In addition, you need a domain name for your call center. The domain is what you will add to your Salesforce integration account property Url. In Salesforce.com, go to Settings > My Domain to create one.
- Still in Salesforce.com, click Setup in the main menu at the top of the screen.
- Then go to Security > Certificate and Key Management.
- Select the certificate desired (or import a certificate). Note that you may have multiple certificates shown.
- Click Download Certificate.
- Open the downloaded file in Notepad (or Notepad ++) and copy the certificate content only (i.e., the text between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
- Go back to the Contact Center Administrator application and paste the certificate into the Salesforce integration account properties. Paste by clicking paste under Single Sign-on > Identity provider certificate.
- In the Set Identity Provider certificate dialog, click Set. This pastes in the certificate.
Step 5: Provide the identity provider initiated login URL
- Go back to Salesforce.com. Navigate to Platform Tools > Apps > Connected Apps > Manage Connected Apps.
- Click Connected Apps and select the App created earlier (i.e., "BrightPattern").
- Under section SAML Login Information, copy the full URL from the Idp-initiated Login URL. (Copy the URL by using the Copy/Paste menu; it will be automatically prefixed with the domain URL as created earlier (e.g., https://<your-sf-domain>.salesforce.com...).
- Paste the copied login URL (full URL) into the Salesforce integration account properties on Bright Pattern Contact Center, and click Apply.
SSO in Salesforce Classic
Step 1: Enable and deploy the domain
- From Salesforce.com, enable the organizational domain. Note that registration of the domain may take up to 24 hours. For more information, refer to Salesforce Help.
- Deploy the domain to assigned users.
- All users must log in using this domain URL, which should be in the following format: https://<your-domain-name>.my.salesforce.com/
Step 2: Customize the connected app
- In Salesforce Classic, go to Setup.
- Navigate to Administration Setup > Manage Apps > Connected Apps and then select BrightPattern from the list of connected apps.
- On the Connected App Detail page that opens, click Edit Policies.
- Edit the following App settings:
- IP Relaxation - Relax IP restrictions
- Refresh Token Policy - Refresh token is valid until revoked
- ACS URL - https://<your-ServicePattern-tenant-URL>/agentdesktop/agentdesktop/sfsso/response
- Click Save.
Step 3: Configure user profiles and field mapping (login mapping – custom attribute)
The SFDC Single Sign-On integration requires user profiles assigned for users that are going to utilize Bright Pattern Contact Center to be authenticated by the SFDC Identity Provider. The following process maps the Single Sign-On parameters to the Bright Pattern Contact Center login ID.
- Go back to Administer > Manage Apps > Connected Apps, and select BrightPattern to get to the Connected App Detail page.
- Scroll down to Custom Attributes and click Edit.
- In the Update Custom Attribute page that opens, specify the Attribute key and Attribute value as shown.
Bright Pattern Contact Center uses one optional custom service provider “Attribute key”: CSIMLoginID. This Attribute could be matched with any user’s field. By default, it is configured to match the SFDC user nickname ($User.CommunityNickname).
Note: If this attribute mapping is removed and no other attribute is specified, then the login ID will be taken as part of the SFDC username before the '@' sign.
Step 4: Set up Single Sign-On integration with Bright Pattern Contact Center
Single Sign-On functionality enables you to log in to only your integration account to use your integrated Salesforce Agent Desktop interface. Bright Pattern Contact Center integration account configuration requires the full SFDC URL (starting with <your-salesforce-domain>...) for use in the Call Center configuration integration accounts. This URL is available via the SFDC browser by right-clicking on the URL and choosing Copy Link Address as required.
New integration accounts are added in the Contact Center Administrator application. For more information, see the Contact Center Administrator Guide section Integration Accounts.
To create a new integration account, follow these steps:
- In a new browser tab, log in to the Bright Pattern Contact Center Administrator application. Keep this application open. You will be going back and forth between this application and Salesforce.com.
- From the main menu, under Call Center Configuration, select Integration Accounts.
- Click + at the bottom of the screen to add a new integration account.
You will be editing the following integration account properties with the information from Salesforce:
- Name - Specify an account name
- Url - Enter the Issuer name
- Certificate - Provide the Salesforce.com Identity Provider Certificate (see instructions below)
How to Add the Certificate
Before you can add the certificate, you have to ensure that there is one.
Note: In case you have multiple certificates, you must choose the certificate you want to use as the Idp Certificate on the App Settings page.
- In Salesforce.com, go to Administration Setup > Security Controls > Certificate and Key Management.
- If you see no certificates listed, then either create a new one or import a certificate from your setup.
- To import, click the Import from Keystore button. Any certificates you import will be shown in the Idp Certificate field on the Connected App Edit page. Note that if you have multiple certificates, you must choose the certificate you want to use as the Idp Certificate on the App Settings page.
- In addition, you need a domain name for your call center. The domain is what you will add to your Salesforce integration account property Url. In Salesforce.com, go to Administration Setup > Domain Management > My Domain to create one.
- Still in Salesforce.com, click Setup in the main menu at the top of the screen.
- Then go to Administration Setup > Security Controls > Certificate and Key Management.
- Select the certificate desired (or import a certificate). Note that you may have multiple certificates shown.
- Click Download Certificate.
- Open the downloaded file in Notepad (or Notepad ++) and copy the certificate content only (i.e., the text between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
- Go back to the Contact Center Administrator application and paste the certificate into the Salesforce integration account properties. Paste by clicking paste under Single Sign-on > Identity provider certificate.
- In the Set Identity Provider certificate dialog, click Set. This pastes in the certificate.
Step 5: Provide the identity provider initiated login URL
- Go back to Salesforce.com. Navigate to Administration Setup > Manage Apps > Connected Apps'.
- Select the App created earlier (i.e., "BrightPattern").
- Under section SAML Login Information, copy the full URL from the Idp-initiated Login URL. (Copy the URL by using the Copy/Paste menu; it will be automatically prefixed with the domain URL as created earlier (e.g., https://<your-sf-domain>.salesforce.com...).
- Paste the copied login URL (full URL) into the Salesforce integration account properties on Bright Pattern Contact Center, and click Apply.