Single sign-on enables you and your agents to log in to your Vonage Contact Center (VCC) account by logging in to the linked Salesforce, Microsoft, or Vonage account, or any other configured provider account, instead of using their Vonage Contact Center VCC username and password. You can enable multiple single sign-on providers at one time. To configure and use single sign-on, the feature must be enabled for your account.
Note |
---|
Currently, configuring single sign-on for your Vonage Business Cloud (VBC) account enables same sign-on; same sign-on means that you must re-enter your VBC credentials to log in to Vonage Contact Center VCC even if you are already logged in to your VBC account. |
...
Panel | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
|
Anchor | ||||
---|---|---|---|---|
|
To configure single sign-on, perform the following steps:
- Log in to the VCC Admin Portal admin portal and go to Configuration (within Account Settings). Configuration appears. For information on accessing Configuration, see Editing Configuration (Account Settings).
- Click the Single Sign-On tab. The Single Sign-On area appears.
In the Vonage Contact Center Admin portal and ContactPad fields in the Single Signsign-On on URLs section, the URLs that VCC Admin Portal admin portal supervisors and agents must use to access the single sign-on pages are displayed. Click the icon alongside the field to copy the contents of the field to the Clipboard.
Info Provide the Vonage Contact Center admin portal URL to VCC Admin Portal admin portal users, both supervisors and non-Salesforce agents. Users should bookmark this URL to always use the single sign-on page.
To make the single-sign on page available to agents in ContactPad in Salesforce, paste the ContactPad URL into the CTI Adapter URL field in your call center settings in Salesforce.Configure single sign-on for one or more of Salesforce, Microsoft, and Vonage. For information about configuring single sign-on for Salesforce, Microsoft, and Vonage, see How do I configure single sign-on using Salesforce?, How do I configure single sign-on using Microsoft accounts?, and How do I configure single sign-on using Vonage?.
- Click Update. Now when you or your agents go to log into the VCC Admin Portaladmin portal or ContactPad using the appropriate URLs, the single sign-on feature is available.
For information about using single sign-on in the VCC Admin Portaladmin portal or ContactPad, see Logging in to the Vonage Contact Center Admin Portal admin portal using single sign-on or Logging in to ContactPad using single sign-on.
Note |
---|
You and your agents must use the VCC Admin Portaladmin portal's single sign-on URL to log in to the VCC Admin Portal admin portal or ContactPad. The syntax for the single sign-on URL is |
Anchor | ||||
---|---|---|---|---|
|
To configure single sign-on for Salesforce, after completing the steps in the Single Signsign-On on URLs section, provide the following information in the Salesforce section:
...
Use the Enable check box to enable and disable single sign-on using Salesforce.
Select the Enable check box to enable single sign-on using Salesforce. When you or your users go to the VCC Admin Portal's single sign-on URL, a Salesforce button appears on the login page.
Clear the Enable check box to disable single sign-on using Salesforce. The Salesforce button no longer appears on the single sign-on login page.
...
The identifier fields determine the values used to match VCC Admin Portal and Salesforce users.
By default, the VCC Admin Portal uses the email addresses of the Salesforce and VCC Admin Portal users to match the users. The Salesforce email address used to log in must match the email address of a single supervisor or agent user in the VCC Admin Portal. Use the identifier fields to define the values that the VCC Admin Portal must use to match the users if you do not want to use the default.
The help text at the bottom of the Salesforce section updates when you select identifiers.
Expand | ||
---|---|---|
| ||
Your Salesforce user has the following settings:
Your VCC Admin Portal user has the following settings in their agent record in Real Time:
The agent record does not have a value in the SSO External Id field. You must configure the following identifiers to successfully match your Salesforce and VCC Admin Portal users:
|
...
NewVoiceMedia Identifier
...
Vonage Contact Center can identify agents and supervisors in the VCC Admin Portal using the value in any of the supported identifiers. Select the identifier that you want Vonage Contact Center to use to locate the the VCC Admin Portal user that matches the logged in Salesforce user.
Supported Vonage Contact Center identifiers:
- Username
- External ID
Info |
---|
You can modify the values for these identifiers in Real Time for agents or in User Access for supervisors. External ID contains the value in the SSO External Id or SSO External ID field. |
...
Vonage Contact Center can obtain the value in any of the supported identifiers for the logged in Salesforce user. Vonage Contact Center can then use that value to locate the corresponding VCC Admin Portal user. Select the Salesforce identifier that you want Vonage Contact Center to use to locate the corresponding VCC Admin Portal user.
Supported Salesforce identifiers:
...
Username. The Username identifier contains the username that the Salesforce user uses to log in.
Note |
---|
The Salesforce username is always in an email address format. This email address may optionally be different from the VCC user's email address. |
...
Note |
---|
Your Vonage Contact Center account must be linked to a Salesforce org. If multiple Vonage Contact Center accounts are linked to the same Salesforce org, single sign-on users can choose between those accounts in the usual way after signing in through Salesforce. |
Pre-authorizing single sign-on for approved users
The first time a Salesforce user uses single sign-on to log into the VCC Admin Portal through Salesforce, by default, an Allow Access dialog box appears. The user must click Allow to enable Vonage Contact Center to use their Salesforce credentials to log in to the VCC Admin Portal.
If using Vonage Contact Center version 16.106 or above in Salesforce, you can pre-authorize this access for approved users. To pre-authorize single sign-on for approved Salesforce users, you must configure the OAuth policies and permissions for the connected app 'Vonage Contact Center'.
For more information about configuring connected apps and their OAuth policies, see Salesforce help.
...
To configure single sign-on for Microsoft accounts that use Microsoft Azure Active Directory, after completing the steps in the Single Sign-On URLs section, provide the following information in the Microsoft section:
...
Use the Enable check box to enable and disable single sign-on using Microsoft accounts.
...
Note |
---|
Your VCC account must be linked to a Salesforce org. If multiple VCC accounts are linked to the same Salesforce org, single sign-on users can choose between those accounts in the usual way after signing in through Salesforce. |
Pre-authorizing single sign-on for approved users
The first time a Salesforce user uses single sign-on to log into the VCC admin portal through Salesforce, by default, an Allow Access dialog box appears. The user must click Allow to enable VCC to use their Salesforce credentials to log in to the VCC admin portal.
If using VCC version 16.106 or above in Salesforce, you can pre-authorize this access for approved users. To pre-authorize single sign-on for approved Salesforce users, you must configure the OAuth policies and permissions for the connected app 'VCC'.
For more information about configuring connected apps and their OAuth policies, see Salesforce help.
Anchor | ||||
---|---|---|---|---|
|
To configure single sign-on for Microsoft accounts that use Microsoft Azure Active Directory, after completing the steps in the Single sign-on URLs section, provide the following information in the Microsoft section:
Field | Options | Description | |||||
---|---|---|---|---|---|---|---|
Enable | Select or clear | Use the Enable check box to enable and disable single sign-on using Microsoft accounts. Select the Enable check box to enable single sign-on using Microsoft accounts. When you or your users go to VCC admin portal's single sign-on URL, a Microsoft button appears on the login page. | |||||
Active Directory NameActive Directory name/Domaindomain | Your Microsoft Azure Active Directory domain name, typically the domain included in your Azure Active Directory username. For example, you use username@example.com, type 'example' in the Active Directory Namename/Domaindomain field. If the domain you provide does not exist, when you click Update, an error appears. | ||||||
Identifier fields | The identifier fields determine the values used to match the VCC Admin Portal admin portal users and Microsoft accounts. By default, Vonage Contact Center uses VCC uses the email addresses of the Microsoft accounts and the VCC Admin Portal admin portal users to match the accounts and users. The Microsoft email address used to log in must match the email address of a single supervisor or agent user in the VCC Admin Portaladmin portal. Use the identifier fields to define the values that Vonage Contact Center that VCC must use to match the users if you do not want to use the default. The help text at the bottom of the Microsoft section updates when you select identifiers.
| ||||||
Vonage Contact Center IdentifierVCC identifier | List of supported identifiers | Vonage Contact Center VCC can identify agents and supervisors in the VCC Admin Portal admin portal using the value in any of the supported identifiers. Select the identifier that you want Vonage Contact Center want VCC to use to locate the VCC Admin Portal admin portal user that matches the logged in Microsoft account. Supported Vonage Contact Center Supported VCC identifiers:
You can modify the values for these identifiers in Real Time for agents or in User Access for supervisorsAdmin. External ID contains the value in the SSO External Id or SSO External ID field. | |||||
Microsoft Identifieridentifier | List of supported identifiers | Vonage Contact Center VCC can obtain the value in any of the supported identifiers for the logged in Microsoft account. Vonage Contact Center VCC can then use that value to locate the corresponding the VCC Admin Portal admin portal user. Select the Microsoft identifier that you want Vonage Contact Center want VCC to use to locate the corresponding the VCC Admin Portal admin portal user. Supported Microsoft identifiers:
|
Note |
---|
If multiple Vonage Contact Center VCC accounts have the same Active Directory Domaindomain, single sign-on users can choose between those accounts in the usual way after signing in through Microsoft. |
Anchor | ||||
---|---|---|---|---|
|
To configure single sign-on for Vonage, after completing the steps in the Single Signsign-On on URLs section, provide the following information in the Vonage section:
Field | Options | Description |
---|---|---|
Enable | Select or clear | Use the Enable check box to enable and disable single sign-on using Vonage. Select the Enable check box to enable single sign-on using Vonage. When you or your users go to the VCC Admin Portaladmin portal's single sign-on URL, a Vonage button appears on the login page. |
Vonage Account account ID | Account ID field | Your Vonage account ID. Vonage Contact Center VCC needs your Vonage account ID to enable you to log in using Vonage credentials. If you provide the wrong account ID, single sign-on will not work. |
Identifier fields | The identifier fields determine the values used to match VCC Admin Portal admin portal and Vonage users. By default, Vonage Contact Center VCC uses VCC Admin Portal admin portal users' email addresses and Vonage usernames to match the users. The Vonage username used to log in must match the email of a single supervisor or agent user in the VCC Admin Portaladmin portal. Use the identifier fields to define the values that the VCC Admin Portal admin portal must use to match the users if you do not want to use the default. The help text at the bottom of the Vonage section updates when you select identifiers. | |
Vonage Contact Center IdentifierVCC identifier | List of supported identifiers | Vonage Contact Center VCC can identify agents and supervisors in the VCC Admin Portal admin portal using the value in any of the supported identifiers. Select the identifier that you want Vonage Contact Center want VCC to use to locate the the VCC Admin Portal admin portal user that matches the logged in Vonage user. Supported Vonage Contact Center Supported VCC identifiers:
You can modify the values for these identifiers in Real Time for agents or in User Access for supervisorsUser Admin. External ID contains the value in the SSO External Id or SSO External ID field. |
Vonage Identifieridentifier | List of supported identifiers | Vonage Contact Center VCC can obtain the value in any of the supported identifiers for the logged in Vonage user. Vonage Contact Center VCC can then use that value to locate the corresponding VCC Admin Portal admin portal user. Select the Vonage identifier that you want Vonage Contact Center want VCC to use to locate the corresponding VCC Admin Portal admin portal user. Currently Vonage supports only Username. The Username identifier contains the username that the Vonage user uses to log in. |
Anchor | ||||
---|---|---|---|---|
|
If enabled for your account, you can configure single sign-on for any external identity provider who supports OpenID Connect (OIDC). You must be able to generate a Client ID and provide a URL for the OIDC issuer (the domain you use with the provider). For information about OIDC, see OpenID Connect.
Note | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Your external identity provider must support OpenID Connect Discovery. Your provider must also make a JSON document available at Our servers must have access to your provider—make sure you include our servers in any firewall permissions. For information about our servers and their addresses, see Technical prerequisites. Flows Your provider must use the hybrid flow (a combination of aspects of authorization code flow and implicit flow):
Scopes Your provider must permit the following scopes:
Claims The generated
The claim required depends on the External Identifieridentifier you specify when you configure single sign-on. Redirect URIs When authorized, your provider must redirect the request to https://***.cc.newvoicemediavonage.com/Auth/signin-customoidc, where *** represents a regional subdomain. Replace *** with the correct subdomain for your region.
|
...
Info | ||
---|---|---|
| ||
Be careful when configuring single sign-on for an external cloud provider. With multi-tenanted and cloud providers, OAuth applications can often be used by any tenant or customer. You should use this feature where only your users can use the OAuth app with the provided client ID to login to Vonage Contact CenterVCC. We have checked and support the use of Okta, Auth0 and ADSF 2016. Do not configure single-sign on for Google using this method. |
To configure single sign-on for an external provider, provide the following information in the Custom OIDC SSO section:
Field | Options | Description | ||
---|---|---|---|---|
Enable | Select or clear | Use the Enable check box to enable and disable single sign-on using OIDC. Select the Enable check box to enable single sign-on using OIDC. When you or your users go to the VCC Admin Portaladmin portal's single sign-on URL, an OIDC button appears on the login page, using the Name you have specified. | ||
Name | The label that appears on the button on the single sign-on login page. Type the label you want to appear on the button that you and your users will use to log in to Vonage Contact Center VCC using the external provider. The value can be up to 14 characters. | |||
Client IdID | The client ID used to authenticate with the external provider. Generate the client ID in the provider's application. Copy the ID into Client IdID. | |||
OpenID Connect (OIDC) Issuer URL | The single sign-on initialization URL that is used to log in to the external provider. Type the URL into OpenID Connect (OIDC) Issuer URL. | |||
Identifier Fieldsfields | By default, the VCC Admin Portal admin portal uses email addresses to match external provider users and Vonage Contact Center and VCC users. The external provider user's email address used to log in must match the email address of a single Vonage Contact Center VCC supervisor or agent user. If you do not want to use email addresses, use one or both identifier fields to define the values that the VCC Admin Portal admin portal should use to match the users. When you change identifier values, the help text at the bottom of the Custom OIDC SSO section updates. | |||
Vonage Contact Center IdentifierVCC identifier | List of supported identifiers | Vonage Contact Center VCC can identify agents and supervisors in the VCC Admin Portal admin portal using the value in any of the supported identifiers. Select the identifier that you want Vonage Contact Center want VCC to use to locate the VCC Admin Portal admin portal user that matches the logged in external provider user. Supported Vonage Contact Center Supported VCC identifiers:
| ||
External Identifier | List of supported identifiers | Vonage Contact Center can obtain the value in any of the supported identifiers for the logged in external provider user. Vonage Contact Center can then use that value to locate the corresponding VCC Admin Portal user. Select the External identifier that you want Vonage Contact Center to use to locate the corresponding VCC Admin Portal user. Supported external provider identifiers: Username. The Username identifier contains the username that the external provider user uses to log in. | List of supported identifiers | VCC can obtain the value in any of the supported identifiers for the logged in external provider user. VCC can then use that value to locate the corresponding VCC admin portal user. Select the External identifier that you want VCC to use to locate the corresponding VCC admin portal user. Supported external provider identifiers:
|
How do I enforce single sign-on for agents and supervisors?
When you have configured single sign-on using one or more single-sign-on providers, you can prevent agent or supervisor users from logging in using a username and password. To do so, in the Advanced Settings section, select the Non-admin users must use single sign-on check box. When this check box is selected, only admin users can log in using their username and password. All other users must log in using single sign-on.
Panel | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
|
...