Cyara Virtual Agent supports a generic Single Sign On option to authenticate your agents logging into your Cloud environment.
To enable SSO for your Cloud Virtual Agents, follow the steps below.
- In the Agents menu in the top toolbar, select Environments
- Select the Environment that you have
already configured for your Cloud Virtual Agents.
- See the Environments article for more information on setting up an Environment.
- In the Attributes Table, enter the following
required key/value pairs.
SSO attributes varies depending on below factors:
- SSO Provider Type
- Cyara natively supports Okta, Microsoft Azure, and Amazon AWS SSO
- For supported SSO providers very few options need to be defined
- Custom SSO providers require a more complex configuration, refer to Custom SSO Providers Chapter
-
Idp Initiated SSO
- In Idp initiated sso implementation, login is made to cloud adapter specific sso url; which redirects to cloud adapter home page after successful sso login.
-
Provider Initiated
SSO
- In Provider initiated sso implementation, login is made to provider’s apps page; which redirects to sso provider’s app page after successful sso login.
Note: You may also override supported providers' attributes using the optional configuration key value pairs in the attribute table below. - SSO Provider Type
Cyara Virtual Agent Single Sign-On Support:
The following table highlights which SSO solutions are supported on each Application
Application | Version | Okta | Azure | AWS (Direct SSO URL Only) | Custom SSO |
---|---|---|---|---|---|
Genesys Engage | 9.x | ✓ | ✓ | ✓ | ✓ |
Genesys Cloud | All | ✓ | ✓ | ✓ | ✓ |
Amazon Connect | All | ✓ | ✓ | ✓ | ✓ |
Twilio | All | ✓ | ✓ | ✓ | ✓ |
Nice CXone* | Max | ✓ | ✓ | ✓ | ✓ |
IDP Initiated SSO
The table below provides list of available keys for IDP Initiated SSO:
Key | Valid Values | Usage | Comment |
sso-url | https://example.sso.login.com | Required |
This value is provided by the vendor admin.
|
sso-by |
|
Required |
Use "okta" for Okta SSO provider. Use "azure" for Azure SSO provider. Use "aws" for AWS SSO provider. Use "generic" for Custom SSO provider |
sso-ui-confirm-page-navigation |
|
Optional | If set to true(String)/1(Boolean), the SSO flow will wait for the page navigation to load before proceeding. |
overridebrowseruseragent |
|
Optional | This should be set to true(String)/1(Boolean), if the environment is blocking access (with Access denied error) to the SSO url (value of sso-url environment key) |
Provider Initiated SSO
The table below provides list of available keys for Provider Initiated SSO:
Key | Valid Values | Usage | Comment |
sso-apps |
|
Required | This is a must parameter for provider initiated sso implementation. |
sso-by |
|
Required |
Enter "okta" for Okta sso provider.
Enter "azure" for Azure sso provider. |
sso-url |
https://myapps.example.com |
Required |
sso provider’s app page url. Note: Optional if “sso-by” is azure. |
sso-ui-application | Optional |
If the apps section of sso provider has apps configured with below exact name, then this parameter need not be supplied. - AmazonConnect - GenesysPureEngage9 - Twilio |
|
sso-ui-confirm-page-navigation |
|
Optional | If set to true(String)/1(Boolean), the SSO flow will wait for the page navigation to load before proceeding. |
overridebrowseruseragent |
|
Optional | This should be set to true(String)/1(Boolean), if the environment is blocking access (with Access denied error) to the SSO url (value of sso-url environment key) |
Custom SSO Providers
Cyara supports standard Single Sign On proceduires for providers different to Okta, Azure, or AWS. In this case, additional configuration options must be configured under Environments
Key | Valid Values | Comment |
sso-url | https://example.sso.login.com | The complete landing page url to begin the login flow at. |
sso-ui-username | #okta-signin-username | The selector of the element to be recognised as the username entry field during SSO login. |
sso-ui-password | #okta-signin-password | The selector of the element to be recognised as the password entry field during SSO login. |
sso-ui-domain | For inhouse identity providers where multiple domains exist. This sso-ui-domain is the selector of the element that allows for domain selection of the user. (e.g AUS, US) | |
sso-ui-next | #idSIButton9 | Used if the SSO flow presents dual page login, and a continue step is needed after entering the username but before the password field is available. If left blank, a single page flow with both fields on the same login page is assumed. The selector of the element to be recognised as the continue / next button during SSO login. Can be used to override the expected value if a known sso-by is provided. |
sso-ui-submit | button[type='submit'] | The selector of the element to be recognised as the submit login button during SSO login. |
sso-ui-rememberme | If the sign on flow triggers a remember me page after logging in. This is the selector of the button to dismiss it. If blank, it is assumed the login flow does not have such a prompt. | |
sso-ui-confirm-page-navigation |
false (type String) or 0 (type Boolean) Note: This is true by default |
If set to true(String)/1(Boolean), the SSO flow will wait for the page navigation to load before proceeding. |
sso-ui-loggedin | #changeStatusButton | A selector of an object on the application, that can be used to assume we are finally logged in through the sign on flow. |
overridebrowseruseragent |
|
This should be set to true(String)/1(Boolean), if the environment is blocking access (with Access denied error) to the SSO url (value of sso-url environment key) |
Once you have entered the SSO key value pairs, click Save Details.
Comments
0 comments
Please sign in to leave a comment.