Configuring single sign-on

Single sign-on enables you and your agents to log in to your Vonage Contact Center (VCC) account by logging in to the linked Salesforce, Microsoft, or Vonage account, or any other configured provider account, instead of using their VCC username and password. You can enable multiple single sign-on providers at one time. To configure and use single sign-on, the feature must be enabled for your account.

Currently, configuring single sign-on for your Vonage Business Cloud (VBC) account enables same sign-on; same sign-on means that you must re-enter your VBC credentials to log in to VCC even if you are already logged in to your VBC account.

In this page

How do I configure single sign-on?

To configure single sign-on, perform the following steps:

Log in to the VCC admin portal and go to Configuration (within Account Settings). Configuration appears. For information on accessing Configuration, see Editing Configuration (Account Settings).
Click the Single Sign-On tab. The Single Sign-On area appears.
In the Admin portal and ContactPad fields in the Single sign-on URLs section, the URLs that VCC admin portal supervisors and agents must use to access the single sign-on pages are displayed. Click the icon alongside the field to copy the contents of the field to the Clipboard.
Configure single sign-on for one or more of Salesforce, Microsoft, and Vonage. For information about configuring single sign-on for Salesforce, Microsoft, and Vonage, see How do I configure single sign-on using Salesforce?, How do I configure single sign-on using Microsoft accounts?, and How do I configure single sign-on using Vonage?.
Click Update. Now when you or your agents go to log into the VCC admin portal or ContactPad using the appropriate URLs, the single sign-on feature is available.
For information about using single sign-on in the VCC admin portal or ContactPad, see Logging in to the Vonage Contact Center admin portal using single sign-on or Logging in to ContactPad using single sign-on.

You and your agents must use the VCC admin portal's single sign-on URL to log in to the VCC admin portal or ContactPad. The syntax for the single sign-on URL is https://***.cc.vonage.com/CallCentre/?account=AccountName, where *** represents the subdomain for your region and AccountName represents the name of your account.

How do I configure single sign-on using Salesforce?

To configure single sign-on for Salesforce, after completing the steps in the Single sign-on URLs section, provide the following information in the Salesforce section:

Your VCC account must be linked to a Salesforce org.

If multiple VCC accounts are linked to the same Salesforce org, single sign-on users can choose between those accounts in the usual way after signing in through Salesforce.

Single Sign-On settings Salesforce

Pre-authorizing single sign-on for approved users

The first time a Salesforce user uses single sign-on to log into the VCC admin portal through Salesforce, by default, an Allow Access dialog box appears. The user must click Allow to enable VCC to use their Salesforce credentials to log in to the VCC admin portal.

Single Sign-On allow access

If using VCC version 16.106 or above in Salesforce, you can pre-authorize this access for approved users. To pre-authorize single sign-on for approved Salesforce users, you must configure the OAuth policies and permissions for the connected app 'VCC'.

For more information about configuring connected apps and their OAuth policies, see Salesforce help.

How do I configure single sign-on using Microsoft accounts?

To configure single sign-on for Microsoft accounts that use Microsoft Azure Active Directory, after completing the steps in the Single sign-on URLs section, provide the following information in the Microsoft section:

Field	Options	Description

Field	Options	Description
Enable	Select or clear	Use the Enable check box to enable and disable single sign-on using Microsoft accounts. Select the Enable check box to enable single sign-on using Microsoft accounts. When you or your users go to VCC admin portal's single sign-on URL, a Microsoft button appears on the login page. Clear the Enable check box to disable single sign-on using Microsoft accounts. The Microsoft button no longer appears on the single sign-on login page.
Active Directory name/domain		Your Microsoft Azure Active Directory domain name, typically the domain included in your Azure Active Directory username. For example, you use username@example.com, type 'example' in the Active Directory name/domain field. If the domain you provide does not exist, when you click Update, an error appears.
Identifier fields		The identifier fields determine the values used to match the VCC admin portal users and Microsoft accounts. By default, VCC uses the email addresses of the Microsoft accounts and the VCC admin portal users to match the accounts and users. The Microsoft email address used to log in must match the email address of a single supervisor or agent user in the VCC admin portal. Use the identifier fields to define the values that VCC must use to match the users if you do not want to use the default. The help text at the bottom of the Microsoft section updates when you select identifiers. Your Microsoft user logs in to their Microsoft account with username@example.com as their username. Your VCC admin portal user has the following settings in their agent record in Real Time: Email: username@example.com Username: Agent123 The agent record does not have a value in the SSO External ID field. You must configure the following identifiers to successfully match your Microsoft account and VCC admin portal user: VCC identifier: Email Microsoft identifier: Username
VCC identifier	List of supported identifiers	VCC can identify agents and supervisors in the VCC admin portal using the value in any of the supported identifiers. Select the identifier that you want VCC to use to locate the VCC admin portal user that matches the logged in Microsoft account. Supported VCC identifiers: Email Username External ID You can modify the values for these identifiers in User Admin. External ID contains the value in the SSO External ID field.
Microsoft identifier	List of supported identifiers	VCC can obtain the value in any of the supported identifiers for the logged in Microsoft account. VCC can then use that value to locate the corresponding the VCC admin portal user. Select the Microsoft identifier that you want VCC to use to locate the corresponding the VCC admin portal user. Supported Microsoft identifiers: Username. The Username identifier contains the username used to log into the Microsoft account to access Microsoft or Office 365 services. The username name is generally in the format name@domain.com. Email. Typically you should use the Username identifier instead. If you have custom email addresses configured in Active Directory you can use the Email identifier. User ID. The User ID identifier contains the Object ID (GUID) for the Microsoft account in the Azure Active Directory. You can access the Object ID using the Microsoft Graph API or in the Azure Portal.

If multiple VCC accounts have the same Active Directory domain, single sign-on users can choose between those accounts in the usual way after signing in through Microsoft.

Single Sign-On settings Microsoft

How do I configure same sign-on using Vonage?

To configure single sign-on for Vonage, after completing the steps in the Single sign-on URLs section, provide the following information in the Vonage section:

Field	Options	Description

Field	Options	Description
Enable	Select or clear	Use the Enable check box to enable and disable single sign-on using Vonage. Select the Enable check box to enable single sign-on using Vonage. When you or your users go to the VCC admin portal's single sign-on URL, a Vonage button appears on the login page. Clear the Enable check box to disable single sign-on using Vonage. The Vonage button no longer appears on the single sign-on login page.
Vonage account ID	Account ID field	Your Vonage account ID. VCC needs your Vonage account ID to enable you to log in using Vonage credentials. If you provide the wrong account ID, single sign-on will not work.
Identifier fields		The identifier fields determine the values used to match VCC admin portal and Vonage users. By default, VCC uses VCC admin portal users' email addresses and Vonage usernames to match the users. The Vonage username used to log in must match the email of a single supervisor or agent user in the VCC admin portal. Use the identifier fields to define the values that the VCC admin portal must use to match the users if you do not want to use the default. The help text at the bottom of the Vonage section updates when you select identifiers.
VCC identifier	List of supported identifiers	VCC can identify agents and supervisors in the VCC admin portal using the value in any of the supported identifiers. Select the identifier that you want VCC to use to locate the the VCC admin portal user that matches the logged in Vonage user. Supported VCC identifiers: Email Username External ID You can modify the values for these identifiers in User Admin. External ID contains the value in the SSO External ID field.
Vonage identifier	List of supported identifiers	VCC can obtain the value in any of the supported identifiers for the logged in Vonage user. VCC can then use that value to locate the corresponding VCC admin portal user. Select the Vonage identifier that you want VCC to use to locate the corresponding VCC admin portal user. Currently Vonage supports only Username. The Username identifier contains the username that the Vonage user uses to log in.