Add multiple single sign-on providers to Genesys Cloud
- Single Sign-on > Provider > Add, Delete, Edit, and View permissions
- rôle administrateur dans le compte fournisseur d’identité de votre organisation
- A single email address for both the identity provider account and Genesys Cloud
- Metadata from your identity provider
- An encoded public certificate from your identity provider
Genesys Cloud allows you to configure up to 30 single sign-on (SSO) integrations with the same identity provider or a mix of identity providers. To help you create, manage, and use your SSO integrations effectively, Genesys Cloud provides a set of features.
Single Sign-On page
To make it easy to keep track of multiple SSO integrations, Genesys Cloud displays all of the integrations as a list on the Single Sign-On page. The page provides a summary of each integration including the login name, logo, identity provider, and certificate expiration details. In the Action column, you can click More to display a short menu that allows you to edit and delete an integration. On the Name, Identity Provider, and Certificate Expiration column headers, you can click Sort to rearrange the view in ascending or descending order.
The page also provides options that allow you to add an identity provider and download a Genesys certificate. You can click Download Genesys Certificate anytime you need to have a Genesys certificate to send to an identity provider.
Customize login screen for each SSO integration
You can customize how to display each SSO integration with a different login name and a logo of your choice. You can even choose to display only the name or only the logo; or display both the name and logo. The choice you make determines how the SSO integration displays on the Single Sign-On and Genesys Cloud login page.
To conserve space, only six SSO integrations can appear directly on the Genesys Cloud login page.
If you have more than six SSO integrations, they will appear in a drop down list on the login page.
Create an SSO integration
SAML authentication
As an additional security measure, Genesys Cloud provides the ability to sign authentication requests. A signed authentication request is a SAML (Security Assertion Markup Language) request that has been digitally signed to ensure its authenticity and integrity.
Genesys Cloud metadata
To configure an SSO integration between Genesys Cloud and an identity provider, you need to configure settings on both ends. Identity providers supply you with a metadata file that contains the Issuer URI, Single Sign-On URI, and Single Logout URI that you need to enter into Genesys Cloud as you configure your organization’s identity provider account. You can generate a SAML metadata file that contains all of the Genesys Cloud metadata and certificate information that an identity provider needs to configure settings on their end.
To create an SSO integration:
- Cliquez sur Admin.
- Under Integrations, click Single Sign-on.
- Click Add an Identity Provider.
- Enter the name that you want to assign to your integration.
- To display the logo on the Genesys Cloud login page, select Display Name On Login Page.Note: If you have more than six identity providers, the Display Name On Login Page option is not available.
- Click Identity Provider Name and select one of the available, fully supported, identity providers.Note: If you do not see your identity provider, type the full name. Once you save the configuration, the new identity provider will be included in future searches.
- Click Select logo and upload the logo image file that you want to display on the login page. Alternatively, you can drag and drop the logo image file.Note: The logo image file must be in SVG format and cannot be larger than 25 KB in size.
- In the Identity Provider Data section, enter the following details using the metadata that you received from the identity provider.
| Champ | Description |
|---|---|
| URI de l'émetteur | Type the identity provider’s Issuer ID. |
| Single Sign-On URI | Type the identity provider’s Single Sign On URL. |
| Single Sign-On Binding | Select the sign-on binding that your identity provider specified. |
| Sign Authentication Requests | Select this option if you want to add an extra layer of security to verify that requests are coming from a verified source. |
| URI de déconnexion unique | Enter the logout URL that your identity provider specified. |
| Liaison de déconnexion unique | Select the logout binding that your identity provider specified. If no binding is specified, select HTTP Redirect. |
| Format d'identifiant de nom | Select the format that your identity provider specified. If the format is unknown, select Unspecified. |
| Certificat |
Pour télécharger des certificats X.509 pour la validation de la signature SAML, effectuez l'une des opérations suivantes.
Ou vous pouvez :
Les certificats téléchargés apparaissent avec leur date d'expiration. Pour supprimer un certificat, cliquez sur X. Remarque : Pour renouveler ou mettre à jour un certificat arrivant à expiration, suivez ces instructions pour télécharger des certificats X.509, en répétant les étapes 1 à 3. Vous pouvez télécharger jusqu'à cinq certificats dans Genesys Cloud par configuration SSO, et Genesys Cloud choisit le certificat correct lors de l'authentification unique et de la déconnexion.
|
- Cliquez sur Sauvegarder.
Genesys Cloud service provider data
When you you click Save, Genesys Cloud generates the SAML metadata that your identity provider will use when configuring your identity provider account.
- To download a SAML metadata file that contains all of the Genesys Cloud metadata and certificate information that an identity provider needs to configure settings on their end, under Genesys Cloud Metadata, click Download Metadata.
- If you only need to have a Genesys certificate to send to an identity provider, under Single Logout URI, click Download Certificate.
