Add multiple single sign-on providers to Genesys Cloud
- Single Sign-on > Provider > Add, Delete, Edit, and View permissions
- Rol de administrador en la cuenta de proveedor de identidad de su organización
- A single email address for both the identity provider account and Genesys Cloud
- Metadata from your identity provider
- An encoded public certificate from your identity provider
Genesys Cloud allows you to configure up to 30 single sign-on (SSO) integrations with the same identity provider or a mix of identity providers. To help you create, manage, and use your SSO integrations effectively, Genesys Cloud provides a set of features.
Single Sign-On page
To make it easy to keep track of multiple SSO integrations, Genesys Cloud displays all of the integrations as a list on the Single Sign-On page. The page provides a summary of each integration including the login name, logo, identity provider, and certificate expiration details. In the Action column, you can click More to display a short menu that allows you to edit and delete an integration. On the Name, Identity Provider, and Certificate Expiration column headers, you can click Sort to rearrange the view in ascending or descending order.
The page also provides options that allow you to add an identity provider and download a Genesys certificate. You can click Download Genesys Certificate anytime you need to have a Genesys certificate to send to an identity provider.
Customize login screen for each SSO integration
You can customize how to display each SSO integration with a different login name and a logo of your choice. You can even choose to display only the name or only the logo; or display both the name and logo. The choice you make determines how the SSO integration displays on the Single Sign-On and Genesys Cloud login page.
To conserve space, only six SSO integrations can appear directly on the Genesys Cloud login page.
If you have more than six SSO integrations, they will appear in a drop down list on the login page.
Create an SSO integration
SAML authentication
As an additional security measure, Genesys Cloud provides the ability to sign authentication requests. A signed authentication request is a SAML (Security Assertion Markup Language) request that has been digitally signed to ensure its authenticity and integrity.
Genesys Cloud metadata
To configure an SSO integration between Genesys Cloud and an identity provider, you need to configure settings on both ends. Identity providers supply you with a metadata file that contains the Issuer URI, Single Sign-On URI, and Single Logout URI that you need to enter into Genesys Cloud as you configure your organization’s identity provider account. You can generate a SAML metadata file that contains all of the Genesys Cloud metadata and certificate information that an identity provider needs to configure settings on their end.
To create an SSO integration:
- Hacer clic Administración.
- Under Integrations, click Single Sign-on.
- Click Add an Identity Provider.
- Enter the name that you want to assign to your integration.
- To display the logo on the Genesys Cloud login page, select Display Name On Login Page.Note: If you have more than six identity providers, the Display Name On Login Page option is not available.
- Click Identity Provider Name and select one of the available, fully supported, identity providers.Note: If you do not see your identity provider, type the full name. Once you save the configuration, the new identity provider will be included in future searches.
- Click Select logo and upload the logo image file that you want to display on the login page. Alternatively, you can drag and drop the logo image file.Note: The logo image file must be in SVG format and cannot be larger than 25 KB in size.
- In the Identity Provider Data section, enter the following details using the metadata that you received from the identity provider.
| Campo | Descripción |
|---|---|
| URI del emisor | Type the identity provider’s Issuer ID. |
| Single Sign-On URI | Type the identity provider’s Single Sign On URL. |
| Single Sign-On Binding | Select the sign-on binding that your identity provider specified. |
| Sign Authentication Requests | Select this option if you want to add an extra layer of security to verify that requests are coming from a verified source. |
| URI de cierre de sesión único | Enter the logout URL that your identity provider specified. |
| Enlace de cierre de sesión único | Select the logout binding that your identity provider specified. If no binding is specified, select HTTP Redirect. |
| Formato del identificador del nombre | Select the format that your identity provider specified. If the format is unknown, select Unspecified. |
| Certificado |
Para cargar certificados X.509 para la validación de firmas SAML, realice una de las siguientes acciones.
O puedes:
Los certificados cargados aparecen con su fecha de caducidad. Para eliminar un certificado, haga clic en X. Nota: Para renovar o actualizar un certificado que caduca, siga estas instrucciones para cargar certificados X.509, repitiendo los pasos 1--3. Puede cargar hasta cinco certificados en Genesys Cloud por configuración de SSO, y Genesys Cloud elige el certificado correcto durante el inicio y el cierre de sesión únicos.
|
- Hacer clic Ahorrar.
Genesys Cloud service provider data
When you you click Save, Genesys Cloud generates the SAML metadata that your identity provider will use when configuring your identity provider account.
- To download a SAML metadata file that contains all of the Genesys Cloud metadata and certificate information that an identity provider needs to configure settings on their end, under Genesys Cloud Metadata, click Download Metadata.
- If you only need to have a Genesys certificate to send to an identity provider, under Single Logout URI, click Download Certificate.
