Difference between revisions of "PEC-Admin/Current/Admin/SSO"
From Genesys Documentation
(Published) |
m (Reverted edits by Jeffrey.erickson@genesys.com (talk) to last revision by Julie.munn@genesys.com) (Tag: Rollback) |
||
| Line 7: | Line 7: | ||
|Section={{Section | |Section={{Section | ||
|alignment=Vertical | |alignment=Vertical | ||
| − | |structuredtext=Most Genesys Engage cloud applications | + | |structuredtext=Most Genesys Engage cloud applications allow a logged-in user to navigate across those applications without prompting for credentials again. It can also be configured to use {{#Widget:ExtLink|link=https://en.wikipedia.org/wiki/SAML_2.0|displaytext=SAML 2.0}} for integrations with third-party identity providers such as Okta or Google. There are many advantages to enabling single sign-on (SSO) in Genesys Engage cloud—for example: |
*Users need to remember only one password. | *Users need to remember only one password. | ||
| Line 13: | Line 13: | ||
*Users must have multi-factor authentication by a third-party identity provider for additional security. | *Users must have multi-factor authentication by a third-party identity provider for additional security. | ||
*Users only need to log in once to gain access to Genesys Engage cloud applications that have SSO enabled and non-Genesys applications that use the same identity provider. | *Users only need to log in once to gain access to Genesys Engage cloud applications that have SSO enabled and non-Genesys applications that use the same identity provider. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|Status=No | |Status=No | ||
}}{{Section | }}{{Section | ||
|sectionHeading=SSO support by application | |sectionHeading=SSO support by application | ||
| − | |||
|alignment=Vertical | |alignment=Vertical | ||
|structuredtext=View which Genesys Engage cloud applications support SSO. | |structuredtext=View which Genesys Engage cloud applications support SSO. | ||
| Line 31: | Line 23: | ||
!Single Sign On Support | !Single Sign On Support | ||
!Notes | !Notes | ||
| − | |||
{{!}}- | {{!}}- | ||
{{!}}Agent Desktop | {{!}}Agent Desktop | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}Agent Setup | {{!}}Agent Setup | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}Callback | {{!}}Callback | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}Cloud Data Download Service | {{!}}Cloud Data Download Service | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}CX Contact | {{!}}CX Contact | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}Designer | {{!}}Designer | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}Developer Console | {{!}}Developer Console | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
| Line 71: | Line 55: | ||
{{!}}Yes | {{!}}Yes | ||
{{!}}Supported in version 9.0.013.0+. Contact your Genesys representative to enable. | {{!}}Supported in version 9.0.013.0+. Contact your Genesys representative to enable. | ||
| − | |||
{{!}}- | {{!}}- | ||
{{!}}Genesys Softphone | {{!}}Genesys Softphone | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
| Line 81: | Line 63: | ||
{{!}}Yes | {{!}}Yes | ||
{{!}}Supported in Agent Desktop version 9, but not with custom desktops. | {{!}}Supported in Agent Desktop version 9, but not with custom desktops. | ||
| − | |||
{{!}}- | {{!}}- | ||
{{!}}Real-Time Reporting (Pulse) | {{!}}Real-Time Reporting (Pulse) | ||
{{!}}Yes | {{!}}Yes | ||
{{!}}Supported in Real-Time Reporting version 9 on selective deployments. Contact your Genesys representative for details. | {{!}}Supported in Real-Time Reporting version 9 on selective deployments. Contact your Genesys representative for details. | ||
| − | |||
{{!}}- | {{!}}- | ||
{{!}}Gplus Adapter Salesforce | {{!}}Gplus Adapter Salesforce | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}Recording, Quality Management and Speech Analytics | {{!}}Recording, Quality Management and Speech Analytics | ||
{{!}}Future Roadmap | {{!}}Future Roadmap | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
| Line 101: | Line 79: | ||
{{!}}Yes | {{!}}Yes | ||
{{!}}Not supported for supervisor accounts for administrative activities. | {{!}}Not supported for supervisor accounts for administrative activities. | ||
| − | |||
{{!}}- | {{!}}- | ||
{{!}}Agent Scripting Administration | {{!}}Agent Scripting Administration | ||
{{!}}No | {{!}}No | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}Interactive Insights | {{!}}Interactive Insights | ||
{{!}}No | {{!}}No | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}Outbound | {{!}}Outbound | ||
{{!}}No | {{!}}No | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
| Line 121: | Line 95: | ||
''Includes plug-ins like eServices Manager and IVR Administration'' | ''Includes plug-ins like eServices Manager and IVR Administration'' | ||
{{!}}No | {{!}}No | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}- | {{!}}- | ||
{{!}}WebRTC | {{!}}WebRTC | ||
{{!}}Yes | {{!}}Yes | ||
| − | |||
{{!}} | {{!}} | ||
{{!}}} | {{!}}} | ||
| Line 132: | Line 104: | ||
}}{{Section | }}{{Section | ||
|sectionHeading=Configuring SSO in Genesys Engage | |sectionHeading=Configuring SSO in Genesys Engage | ||
| − | |||
|alignment=Vertical | |alignment=Vertical | ||
| − | |structuredtext=To enable | + | |structuredtext=To enable Single Sign-On for your environments, see {{Link-AnywhereElse|product=PEC-AS|version=Current|manual=ManageCC|topic=Single_Sign-On}} in Agent Setup. |
{{NoteFormat|SSO can be configured for different groups and you can have multiple identity providers, as long as there is only one per region.}} | {{NoteFormat|SSO can be configured for different groups and you can have multiple identity providers, as long as there is only one per region.}} | ||
| Line 145: | Line 116: | ||
}}{{Section | }}{{Section | ||
|sectionHeading=Configuring SSO in the identity provider | |sectionHeading=Configuring SSO in the identity provider | ||
| − | |||
|alignment=Vertical | |alignment=Vertical | ||
|structuredtext=Genesys Engage cloud must be defined as an application within the identity provider to support the SSO integration. | |structuredtext=Genesys Engage cloud must be defined as an application within the identity provider to support the SSO integration. | ||
| Line 153: | Line 123: | ||
}}{{Section | }}{{Section | ||
|sectionHeading=How does SSO work for users? | |sectionHeading=How does SSO work for users? | ||
| − | |||
|alignment=Horizontal | |alignment=Horizontal | ||
|Media=Image | |Media=Image | ||
| Line 166: | Line 135: | ||
If you happen to close all browser tabs without logging out of the applications, you will remain logged in for five minutes. If a second window or browser is opened after five minutes, to either the same application or any other SSO-enabled application, you will once again be prompted for your credentials. | If you happen to close all browser tabs without logging out of the applications, you will remain logged in for five minutes. If a second window or browser is opened after five minutes, to either the same application or any other SSO-enabled application, you will once again be prompted for your credentials. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|Status=No | |Status=No | ||
}} | }} | ||
Revision as of 16:40, March 18, 2021
This topic is part of the manual Cloud Basics for Administrators for version Current of Administrator.
Contents
Learn how single sign-on is supported in Genesys Engage cloud.
Most Genesys Engage cloud applications allow a logged-in user to navigate across those applications without prompting for credentials again. It can also be configured to use SAML 2.0 for integrations with third-party identity providers such as Okta or Google. There are many advantages to enabling single sign-on (SSO) in Genesys Engage cloud—for example:
- Users need to remember only one password.
- User credentials are managed by a third-party identity provider.
- Users must have multi-factor authentication by a third-party identity provider for additional security.
- Users only need to log in once to gain access to Genesys Engage cloud applications that have SSO enabled and non-Genesys applications that use the same identity provider.
SSO support by application
View which Genesys Engage cloud applications support SSO.
| Applications | Single Sign On Support | Notes |
|---|---|---|
| Agent Desktop | Yes | |
| Agent Setup | Yes | |
| Callback | Yes | |
| Cloud Data Download Service | Yes | |
| CX Contact | Yes | |
| Designer | Yes | |
| Developer Console | Yes | |
| Genesys CX Insights | Yes | Supported in version 9.0.013.0+. Contact your Genesys representative to enable. |
| Genesys Softphone | Yes | |
| Screen Recording | Yes | Supported in Agent Desktop version 9, but not with custom desktops. |
| Real-Time Reporting (Pulse) | Yes | Supported in Real-Time Reporting version 9 on selective deployments. Contact your Genesys representative for details. |
| Gplus Adapter Salesforce | Yes | |
| Recording, Quality Management and Speech Analytics | Future Roadmap | |
| Workforce Management | Yes | Not supported for supervisor accounts for administrative activities. |
| Agent Scripting Administration | No | |
| Interactive Insights | No | |
| Outbound | No | |
| Platform Administration (GAX)
Includes plug-ins like eServices Manager and IVR Administration |
No | |
| WebRTC | Yes |
Configuring SSO in Genesys Engage
To enable Single Sign-On for your environments, see Single Sign-On in Agent Setup.
Important
SSO can be configured for different groups and you can have multiple identity providers, as long as there is only one per region.If you're planning to enable SSO, consider the following conventions for creating users:
- The domain declared in the identity provider metadata should be part of the user name stored within Genesys, to create the most seamless experience. (Example: john@mycompany.com) Otherwise, users would need to enter a Tenant or enter the domain before their username. (Example: mycompany\john)
- The username provisioned within Genesys Engage cloud should match the username in the external identity provider.
Configuring SSO in the identity provider
Genesys Engage cloud must be defined as an application within the identity provider to support the SSO integration.
Genesys Engage cloud supports the SAML 2.0 protocol as a standard interface to identity providers, and has successfully validated with popular IdPs, including Okta and Ping. Other identity providers can be supported provided they comply with SAML 2.0 and you validate the integration before using in production.
How does SSO work for users?
Let's look at the login process for Agent Desktop with SSO enabled and Okta configured as the third-party identity provider. Note: The login flow is the same for all supported identity providers.
First, click the Agent Desktop icon in Genesys Portal and enter your username. You must log in to the application even though you're already logged in to your workstation.
Click Next. Genesys redirects you to Okta where you're prompted to enter your username and password. Once you log in with Okta, you're redirected back to Agent Desktop and automatically logged in. Alternatively, if you are already logged in with Okta when you click Next, Genesys skips the Okta login and automatically logs you in to Agent Desktop.
Now that you're authenticated with the identity provider, you can choose any SSO-enabled application from Genesys Portal and you'll be automatically logged in without entering your credentials.
If you happen to close all browser tabs without logging out of the applications, you will remain logged in for five minutes. If a second window or browser is opened after five minutes, to either the same application or any other SSO-enabled application, you will once again be prompted for your credentials.Comments or questions about this documentation? Contact us for support!