Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Single sign-on enables you and your agents to log in to your Vonage Contact Center (VCC) account by logging in to the linked Salesforce, Microsoft, or Vonage account, or any other configured provider account, instead of using their Vonage Contact Center VCC username and password. You can enable multiple single sign-on providers at one time. To configure and use single sign-on, the feature must be enabled for your account.

Note

Currently, configuring single sign-on for your Vonage Business Cloud (VBC) account enables same sign-on; same sign-on means that you must re-enter your VBC credentials to log in to Vonage Contact Center VCC even if you are already logged in to your VBC account.

...

Panel
borderColor#eeeeee
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#232323
borderStylesolid
titleIn this page

Table of Contents

Anchor
URLs
URLs
How do I configure single sign-on?

To configure single sign-on, perform the following steps:

  1. Log in to the VCC Admin Portal admin portal and go to Configuration (within Account Settings). Configuration appears. For information on accessing Configuration, see Editing Configuration (Account Settings).
  2. Click the Single Sign-On tab. The Single Sign-On area appears.
    Single Sign-On settings
  3. In the Vonage Contact Center Admin portal and ContactPad fields in the Single Signsign-On on URLs section, the URLs that VCC Admin Portal admin portal supervisors and agents must use to access the single sign-on pages are displayed. Click the icon alongside the field to copy the contents of the field to the Clipboard.

    Info
    Provide the Vonage Contact Center admin portal URL to VCC Admin Portal admin portal users, both supervisors and non-Salesforce agents. Users should bookmark this URL to always use the single sign-on page.
    To make the single-sign on page available to agents in ContactPad in Salesforce, paste the ContactPad URL into the CTI Adapter URL field in your call center settings in Salesforce.


  4. Configure single sign-on for one or more of Salesforce, Microsoft, and Vonage. For information about configuring single sign-on for Salesforce, Microsoft, and Vonage, see How do I configure single sign-on using Salesforce?How do I configure single sign-on using Microsoft accounts?, and How do I configure single sign-on using Vonage?.

  5. Click Update. Now when you or your agents go to log into the VCC Admin Portaladmin portal or ContactPad using the appropriate URLs, the single sign-on feature is available.
    For information about using single sign-on in the VCC Admin Portaladmin portal or ContactPad, see Logging in to the Vonage Contact Center Admin Portal admin portal using single sign-on or Logging in to ContactPad using single sign-on.
Note

You and your agents must use the VCC Admin Portaladmin portal's single sign-on URL to log in to the VCC Admin Portal admin portal or ContactPad. The syntax for the single sign-on URL is https://***.newvoicemediacc.vonage.com/CallCentre/?account=AccountName, where *** represents the subdomain for your region and AccountName represents the name of your account.

Anchor
Salesforce
Salesforce
How do I configure single sign-on using Salesforce?

To configure single sign-on for Salesforce, after completing the steps in the Single Signsign-On on URLs section, provide the following information in the Salesforce section:

...

Use the Enable check box to enable and disable single sign-on using Salesforce.

Select the Enable check box to enable single sign-on using Salesforce. When you or your users go to the VCC Admin Portal's single sign-on URL, a Salesforce button appears on the login page.
Clear the Enable check box to disable single sign-on using Salesforce. The Salesforce button no longer appears on the single sign-on login page.

...

The identifier fields determine the values used to match VCC Admin Portal and Salesforce users.

By default, the VCC Admin Portal uses the email addresses of the Salesforce and VCC Admin Portal users to match the users. The Salesforce email address used to log in must match the email address of a single supervisor or agent user in the VCC Admin Portal. Use the identifier fields to define the values that the VCC Admin Portal must use to match the users if you do not want to use the default.

The help text at the bottom of the Salesforce section updates when you select identifiers.

Expand
titleExample

Your Salesforce user has the following settings:

  • Email address: realemail@example.com
  • Username: username@example.com
  • User ID: 015x0005503ZAF2BAP

Your VCC Admin Portal user has the following settings in their agent record in Real Time:

  • Email: username@example.com
  • Username: Agent123

The agent record does not have a value in the SSO External Id field.

You must configure the following identifiers to successfully match your Salesforce and VCC Admin Portal users:

  • ContactWorld Identifier: Email
  • Salesforce Identifier: Username

...

NewVoiceMedia Identifier

...

Vonage Contact Center can identify agents and supervisors in the VCC Admin Portal using the value in any of the supported identifiers. Select the identifier that you want Vonage Contact Center to use to locate the the VCC Admin Portal user that matches the logged in Salesforce user.

Supported Vonage Contact Center identifiers:

  • Email
  • Username
  • External ID
Info
You can modify the values for these identifiers in Real Time for agents or in User Access for supervisors. External ID contains the value in the SSO External Id or SSO External ID field.

...

Vonage Contact Center can obtain the value in any of the supported identifiers for the logged in Salesforce user. Vonage Contact Center can then use that value to locate the corresponding VCC Admin Portal user. Select the Salesforce identifier that you want Vonage Contact Center to use to locate the corresponding VCC Admin Portal user.

Supported Salesforce identifiers:

...

Username. The Username identifier contains the username that the Salesforce user uses to log in.

Note
The username is in an email address format but may not be the same as the user's email address.

...

Note

Your Vonage Contact Center account must be linked to a Salesforce org.

If multiple Vonage Contact Center accounts are linked to the same Salesforce org, single sign-on users can choose between those accounts in the usual way after signing in through Salesforce.

Single Sign-On settings SalesforceImage Removed

Pre-authorizing single sign-on for approved users

The first time a Salesforce user uses single sign-on to log into the VCC Admin Portal through Salesforce, by default, an Allow Access dialog box appears. The user must click Allow to enable Vonage Contact Center to use their Salesforce credentials to log in to the VCC Admin Portal.

Single Sign-On allow accessImage Removed

If using Vonage Contact Center version 16.106 or above in Salesforce, you can pre-authorize this access for approved users. To pre-authorize single sign-on for approved Salesforce users, you must configure the OAuth policies and permissions for the connected app 'Vonage Contact Center'.

For more information about configuring connected apps and their OAuth policies, see Salesforce help.

...

To configure single sign-on for Microsoft accounts that use Microsoft Azure Active Directory, after completing the steps in the Single Sign-On URLs section, provide the following information in the Microsoft section:

...

Use the Enable check box to enable and disable single sign-on using Microsoft accounts.

...

Note

Your VCC account must be linked to a Salesforce org.

If multiple VCC accounts are linked to the same Salesforce org, single sign-on users can choose between those accounts in the usual way after signing in through Salesforce.

Single Sign-On settings SalesforceImage Added

Pre-authorizing single sign-on for approved users

The first time a Salesforce user uses single sign-on to log into the VCC admin portal through Salesforce, by default, an Allow Access dialog box appears. The user must click Allow to enable VCC to use their Salesforce credentials to log in to the VCC admin portal.

Single Sign-On allow accessImage Added

If using VCC version 16.106 or above in Salesforce, you can pre-authorize this access for approved users. To pre-authorize single sign-on for approved Salesforce users, you must configure the OAuth policies and permissions for the connected app 'VCC'.

For more information about configuring connected apps and their OAuth policies, see Salesforce help.

Anchor
Microsoft
Microsoft
How do I configure single sign-on using Microsoft accounts?

To configure single sign-on for Microsoft accounts that use Microsoft Azure Active Directory, after completing the steps in the Single sign-on URLs section, provide the following information in the Microsoft section:

FieldOptionsDescription
EnableSelect or clear

Use the Enable check box to enable and disable single sign-on using Microsoft accounts.

Select the Enable check box to enable single sign-on using Microsoft accounts. When you or your users go to VCC admin portal's single sign-on URL, a Microsoft button appears on the login page.
Clear the Enable check box to disable single sign-on using Microsoft accounts. The Microsoft button no longer appears on the single sign-on login page.

Active Directory NameActive Directory name/Domaindomain

Your Microsoft Azure Active Directory domain name, typically the domain included in your Azure Active Directory username. For example, you use username@example.com, type 'example' in the Active Directory Namename/Domaindomain field.

If the domain you provide does not exist, when you click Update, an error appears.

Identifier fields

The identifier fields determine the values used to match the VCC Admin Portal admin portal users and Microsoft accounts.

By default,  Vonage Contact Center uses VCC uses the email addresses of the Microsoft accounts and the VCC Admin Portal admin portal users to match the accounts and users. The Microsoft email address used to log in must match the email address of a single supervisor or agent user in the VCC Admin Portaladmin portal. Use the identifier fields to define the values that Vonage Contact Center that VCC must use to match the users if you do not want to use the default.

The help text at the bottom of the Microsoft section updates when you select identifiers.

Expand
titleExample

Your Microsoft user logs in to their Microsoft account with username@example.com as their username.

Your VCC Admin Portal admin portal user has the following settings in their agent record in Real Time:

The agent record does not have a value in the SSO External IdID field.

You must configure the following identifiers to successfully match your Microsoft account and VCC Admin Portal admin portal user:

  • ContactWorld IdentifierVCC identifier: Email
  • Microsoft Identifieridentifier: Username


Vonage Contact Center IdentifierVCC identifierList of supported identifiers

Vonage Contact Center VCC can identify agents and supervisors in the VCC Admin Portal admin portal using the value in any of the supported identifiers. Select the identifier that you want Vonage Contact Center want VCC to use to locate the VCC Admin Portal admin portal user that matches the logged in Microsoft account.

Supported Vonage Contact Center Supported VCC identifiers:

  • Email
  • Username
  • External ID

You can modify the values for these identifiers in Real Time for agents or in User Access for supervisorsAdmin. External ID contains the value in the SSO External Id or SSO External ID field.
Microsoft IdentifieridentifierList of supported identifiers

Vonage Contact Center VCC can obtain the value in any of the supported identifiers for the logged in Microsoft account. Vonage Contact Center  VCC can then use that value to locate the corresponding the VCC Admin Portal admin portal user. Select the Microsoft identifier that you want Vonage Contact Center want VCC to use to locate the corresponding the VCC Admin Portal admin portal user.

Supported Microsoft identifiers:

  • Username. The Username identifier contains the username used to log into the Microsoft account to access Microsoft or Office 365 services. The username name is generally in the format name@domain.com.
  • Email. Typically you should use the Username identifier instead. If you have custom email addresses configured in Active Directory you can use the Email identifier.

  • User ID. The User ID identifier contains the Object ID (GUID) for the Microsoft account in the Azure Active Directory. You can access the Object ID using the Microsoft Graph API or in the Azure Portal.


Note

If multiple Vonage Contact Center VCC accounts have the same Active Directory Domaindomain, single sign-on users can choose between those accounts in the usual way after signing in through Microsoft.

Single Sign-On settings Microsoft

Anchor
Vonage
Vonage
How do I configure same sign-on using Vonage?

To configure single sign-on for Vonage, after completing the steps in the Single Signsign-On on URLs section, provide the following information in the Vonage section:

FieldOptionsDescription
EnableSelect or clear

Use the Enable check box to enable and disable single sign-on using Vonage.

Select the Enable check box to enable single sign-on using Vonage. When you or your users go to the VCC Admin Portaladmin portal's single sign-on URL, a Vonage button appears on the login page.
Clear the Enable check box to disable single sign-on using Vonage. The Vonage button no longer appears on the single sign-on login page.

Vonage Account account IDAccount ID field

Your Vonage account ID.

Vonage Contact Center VCC needs your Vonage account ID to enable you to log in using Vonage credentials. If you provide the wrong account ID, single sign-on will not work.

Identifier fields

The identifier fields determine the values used to match VCC Admin Portal admin portal and Vonage users.

By default, Vonage Contact Center VCC uses VCC Admin Portal admin portal users' email addresses and Vonage usernames to match the users. The Vonage username used to log in must match the email of a single supervisor or agent user in the VCC Admin Portaladmin portal. Use the identifier fields to define the values that the VCC Admin Portal admin portal must use to match the users if you do not want to use the default.

The help text at the bottom of the Vonage section updates when you select identifiers.

Vonage Contact Center IdentifierVCC identifier

List of supported identifiers

Vonage Contact Center VCC can identify agents and supervisors in the VCC Admin Portal admin portal using the value in any of the supported identifiers. Select the identifier that you want Vonage Contact Center want VCC to use to locate the the VCC Admin Portal admin portal user that matches the logged in Vonage user.

Supported Vonage Contact Center Supported VCC identifiers:

  • Email
  • Username
  • External ID

You can modify the values for these identifiers in Real Time for agents or in User Access for supervisorsUser Admin. External ID contains the value in the SSO External Id or SSO External ID field.

Vonage IdentifieridentifierList of supported identifiers

Vonage Contact Center VCC can obtain the value in any of the supported identifiers for the logged in Vonage user. Vonage Contact Center  VCC can then use that value to locate the corresponding VCC Admin Portal admin portal user. Select the Vonage identifier that you want Vonage Contact Center want VCC to use to locate the corresponding VCC Admin Portal admin portal user.

Currently Vonage supports only Username. The Username identifier contains the username that the Vonage user uses to log in.

Single Sign-On settings Vonage

Anchor
Custom
Custom
How do I configure single sign-on for an external provider?

If enabled for your account, you can configure single sign-on for any external identity provider who supports OpenID Connect (OIDC). You must be able to generate a Client ID and provide a URL for the OIDC issuer (the domain you use with the provider). For information about OIDC, see OpenID Connect.

Note
titlePrerequisites for configuring single sign-on for an external provider

Your external identity provider must support OpenID Connect Discovery.

Your provider must also make a JSON document available at {Issuer URL}/.well-known/openid-configuration. For more information, see Obtaining OpenID Provider Configuration Information.

Our servers must have access to your provider—make sure you include our servers in any firewall permissions. For information about our servers and their addresses, see Technical prerequisites.

Flows

Your provider must use the hybrid flow (a combination of aspects of authorization code flow and implicit flow):

  • No client_secret is required.
  • Response type (response_type) is code id_token.
  • Response mode (response_mode) is form_post.

Scopes

Your provider must permit the following scopes:

  • openid
  • email
  • profile

Claims

The generated id_token must contain one or more of the following claims; we do not make additional requests to the userinfo endpoint:

  • email (External Identifieridentifier is Email)
  • preferred_username (External Identifieridentifier is Username)
  • sub (External Identifieridentifier is Subject)

The claim required depends on the External Identifieridentifier you specify when you configure single sign-on.

Redirect URIs

When authorized, your provider must redirect the request to https://***.cc.newvoicemediavonage.com/Auth/signin-customoidc, where *** represents a regional subdomain. Replace *** with the correct subdomain for your region.

Insert excerpt
_ExcerptVCCRegions
_ExcerptVCCRegions
nopaneltrue

...

Info
titleMulti-tenancy and cloud providers

Be careful when configuring single sign-on for an external cloud provider. With multi-tenanted and cloud providers, OAuth applications can often be used by any tenant or customer. You should use this feature where only your users can use the OAuth app with the provided client ID to login to Vonage Contact CenterVCC.

We have checked and support the use of Okta, Auth0 and ADSF 2016. Do not configure single-sign on for Google using this method.

To configure single sign-on for an external provider, provide the following information in the Custom OIDC SSO section:

Single sign-on settings for an external provider

FieldOptionsDescription
EnableSelect or clear

Use the Enable check box to enable and disable single sign-on using OIDC.

Select the Enable check box to enable single sign-on using OIDC. When you or your users go to the VCC Admin Portaladmin portal's single sign-on URL, an OIDC button appears on the login page, using the Name you have specified.
Clear the Enable check box to disable single sign-on using OIDC . The OIDC button no longer appears on the single sign-on login page.

Name

The label that appears on the button on the single sign-on login page.

Type the label you want to appear on the button that you and your users will use to log in to Vonage Contact Center VCC using the external provider. The value can be up to 14 characters.

Client IdID

The client ID used to authenticate with the external provider. Generate the client ID in the provider's application.

Copy the ID into Client IdID.

OpenID Connect (OIDC) Issuer URL

The single sign-on initialization URL that is used to log in to the external provider.

Type the URL into OpenID Connect (OIDC) Issuer URL

Identifier Fieldsfields

The identifier fields determine the values used to match Vonage Contact Center match VCC and external provider users.

By default, the VCC Admin Portal admin portal uses email addresses to match external provider users and Vonage Contact Center and VCC users. The external provider user's email address used to log in must match the email address of a single Vonage Contact Center VCC supervisor or agent user.

If you do not want to use email addresses, use one or both identifier fields to define the values that the VCC Admin Portal admin portal should use to match the users.

When you change identifier values, the help text at the bottom of the Custom OIDC SSO section updates.

Vonage Contact Center IdentifierVCC identifier

List of supported identifiers

Vonage Contact Center VCC can identify agents and supervisors in the VCC Admin Portal admin portal using the value in any of the supported identifiers. Select the identifier that you want Vonage Contact Center want VCC to use to locate the VCC Admin Portal admin portal user that matches the logged in external provider user.

Supported Vonage Contact Center Supported VCC identifiers:

  • Email
  • Username
  • External ID


Info
You can modify the values for these identifiers in Real Time for agents or in User Access for supervisorsAdmin. External ID contains the value in the SSO External Id orthe SSO External ID field.


External IdentifierList of supported identifiers

Vonage Contact Center can obtain the value in any of the supported identifiers for the logged in external provider user. Vonage Contact Center can then use that value to locate the corresponding VCC Admin Portal user. Select the External identifier that you want Vonage Contact Center to use to locate the corresponding VCC Admin Portal user.

Supported external provider identifiers:

  • Email. The Email identifier contains the email address in the external providers' profile.
  • Username. The Username identifier contains the username that the external provider user uses to log in.

  • Subject. The Subject identifier contains the subject that the external provider user uses to log inidentifier
    List of supported identifiers

    VCC can obtain the value in any of the supported identifiers for the logged in external provider user. VCC can then use that value to locate the corresponding VCC admin portal user. Select the External identifier that you want VCC to use to locate the corresponding VCC admin portal user.

    Supported external provider identifiers:

    • Email. The Email identifier contains the email address in the external providers' profile.
    • Username. The Username identifier contains the username that the external provider user uses to log in.

    • Subject. The Subject identifier contains the subject that the external provider user uses to log in.

    How do I enforce single sign-on for agents and supervisors?

    When you have configured single sign-on using one or more single-sign-on providers, you can prevent agent or supervisor users from logging in using a username and password. To do so, in the Advanced Settings section, select the Non-admin users must use single sign-on check box. When this check box is selected, only admin users can log in using their username and password. All other users must log in using single sign-on.

    Panel
    borderColor#eeeeee
    bgColorwhite
    titleColorwhite
    borderWidth1
    titleBGColor#FF8053
    borderStylesolid
    titleIn this section

    Child pages (Children Display)
    depth2

    ...