Skip to main content

Welcome to the Cyara Knowledge Center

Search

Configuring Single Sign On for Cloud Cyara Virtual Agent

Updated: tech writers Edited:

Cyara Virtual Agent supports a generic Single Sign On option to authenticate your agents logging into your Cloud environment.

Note: The Cloud Cyara Virtual Agent Single Sign On will not function correctly if your SSO provider requires a Captcha Code to be completed, or if Two-Factor Authentication is used.

To enable SSO for your Cloud Virtual Agents, follow the steps below.

  1. In the Agents menu in the top toolbar, select Environments
  2. Select the Environment that you have already configured for your Cloud Virtual Agents.
    • See the Environments article for more information on setting up an Environment.
  3. In the Attributes Table, enter the following required key/value pairs.

    SSO attributes varies depending on below factors:

    • SSO Provider Type
      • Cyara natively supports Okta, Microsoft Azure, and Amazon AWS SSO
      • For supported SSO providers very few options need to be defined
      • Custom SSO providers require a more complex configuration, refer to Custom SSO Providers Chapter
    • Idp Initiated SSO
      • In Idp initiated sso implementation, login is made to cloud adapter specific sso url; which redirects to cloud adapter home page after successful sso login.
    • Provider Initiated SSO
      • In Provider initiated sso implementation, login is made to provider’s apps page; which redirects to sso provider’s app page after successful sso login.
    Note: You may also override supported providers' attributes using the optional configuration key value pairs in the attribute table below.

Cyara Virtual Agent Single Sign-On Support:

The following table highlights which SSO solutions are supported on each Application

Application Version Okta Azure AWS (Direct SSO URL Only) Custom SSO
Genesys Engage 9.x
Genesys Cloud All
Amazon Connect All
Twilio All
Nice CXone* Max
Note: For Nice CXone, an API key + Secret authentication method is used, not the standard SSO Username / Password combination

IDP Initiated SSO

The table below provides list of available keys for IDP Initiated SSO:

Key Valid Values Usage Comment
sso-url https://example.sso.login.com Required

This value is provided by the vendor admin.

  • For Genesys PureCloud, this value available under “Admin->Integrations ->Single Sign On ->sso provider (e.g. ADFS/AzureAD)->Target URL“ .

  • For Amazon Connect this value is available under sso provider’s (azure/okta etc) admin portal.

  • For Twilio this value is available under “Twilio Admin console->Flex->Manage->Single Sign-On->Single Sign-on URL“.

  • For Genesys Multicloud CX(pureengage9), this value is available under “Admin login → Contact Center Settings-> SAML->RegionName->BaseUrl”
sso-by
  • okta
  • azure
  • aws
  • generic
 Required

Use "okta" for Okta SSO provider.

Use "azure" for Azure SSO provider.

Use "aws" for AWS SSO provider.

Use "generic" for Custom SSO provider
sso-ui-confirm-page-navigation
  • true (Default) /false (String)
  • 1/0 (Boolean)
 Optional If set to true(String)/1(Boolean), the SSO flow will wait for the page navigation to load before proceeding.

overridebrowseruseragent

  • False (Default)
  • True (String)
  • 0 (Boolean)
  • 1 (Boolean)
 Optional This should be set to true(String)/1(Boolean), if the environment is blocking access (with Access denied error) to the SSO url (value of sso-url environment key)

Provider Initiated SSO

The table below provides list of available keys for Provider Initiated SSO:

Table 1.
Key Valid Values Usage Comment
sso-apps
  • true/false (String)
  • 1/0 (Boolean)
 Required This is a must parameter for provider initiated sso implementation.
sso-by
  • okta
  • azure
  • generic
 Required

Enter "okta" for Okta sso provider.

Enter "azure" for Azure sso provider.
sso-url

https://myapps.example.com

 Required

sso provider’s app page url.

Note: Optional if “sso-by” is azure.
sso-ui-application Optional

If the apps section of sso provider has apps configured with below exact name, then this parameter need not be supplied.

- AmazonConnect

- GenesysPureEngage9

- Twilio
sso-ui-confirm-page-navigation
  • True (Default)
  • False (String)
  • 0 (Boolean)
  • 1 (Boolean)
 Optional If set to true(String)/1(Boolean), the SSO flow will wait for the page navigation to load before proceeding.

overridebrowseruseragent

  • False (Default)
  • True (String)
  • 0 (Boolean)
  • 1 (Boolean)
 Optional This should be set to true(String)/1(Boolean), if the environment is blocking access (with Access denied error) to the SSO url (value of sso-url environment key)
Note: If sso provider is AWS and it is provider initiated SSO login (i..e via apps section), refer to the attribute table for Custom providers and provide all mentioned parameters.

Custom SSO Providers

Cyara supports standard Single Sign On proceduires for providers different to Okta, Azure, or AWS. In this case, additional configuration options must be configured under Environments

The table below table provides list of available keys for Custom SSO providers:
Note: Below parameters can be also used to override the expected value if a known sso-by is provided.
Key Valid Values Comment
sso-url https://example.sso.login.com The complete landing page url to begin the login flow at.
sso-ui-username #okta-signin-username The selector of the element to be recognised as the username entry field during SSO login.
sso-ui-password #okta-signin-password The selector of the element to be recognised as the password entry field during SSO login.
sso-ui-domain For inhouse identity providers where multiple domains exist. This sso-ui-domain is the selector of the element that allows for domain selection of the user. (e.g AUS, US)
sso-ui-next #idSIButton9 Used if the SSO flow presents dual page login, and a continue step is needed after entering the username but before the password field is available. If left blank, a single page flow with both fields on the same login page is assumed. The selector of the element to be recognised as the continue / next button during SSO login. Can be used to override the expected value if a known sso-by is provided.
sso-ui-submit button[type='submit'] The selector of the element to be recognised as the submit login button during SSO login.
sso-ui-rememberme If the sign on flow triggers a remember me page after logging in. This is the selector of the button to dismiss it. If blank, it is assumed the login flow does not have such a prompt.
sso-ui-confirm-page-navigation

false (type String)

or

0 (type Boolean)

Note: This is true by default

 If set to true(String)/1(Boolean), the SSO flow will wait for the page navigation to load before proceeding.
sso-ui-loggedin #changeStatusButton A selector of an object on the application, that can be used to assume we are finally logged in through the sign on flow.
overridebrowseruseragent
  • False (Default)
  • True (String)
  • 0 (Boolean)
  • 1 (Boolean)
 This should be set to true(String)/1(Boolean), if the environment is blocking access (with Access denied error) to the SSO url (value of sso-url environment key)

Once you have entered the SSO key value pairs, click Save Details.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.