- Contents
SSO Identity Providers Technical Reference
Select identity provider method
For your CIC environment, you can use one of the following identity providers that support the Session Assertion Markup Language (SAML) authentication standard:
-
Microsoft Active Directory Federation Services (AD FS)
-
An Internet-based, third-party identity provider service
-
Customer Interaction Center user database
The type of identity provider that you select determines what information about your service provider that you must collect and provide for initial configuration.
Important!
For PureConnect Cloud customers, the Uniform Resource Locator (URL) address
for your identity provider must be accessible by your client workstations
that host the CIC applications that will use Single Sign-On.
Microsoft AD FS identity provider
Microsoft Active Directory Federation Services (AD FS) enables you to create your own Single Sign-On identity provider, which you can install on-premises within an Active Directory domain.
Both Microsoft AD FS 2.0 and 3.0 support Windows Authentication over HTTPS and web browser-based authentication. However, CIC client applications support only Microsoft AD FS 3.0 for web browser-based authentication.CIC client applications support both Microsoft AD FS 2.0 and 3.0 for Windows Authentication over HTTPS.
Third-party identity provider services
-
PingOne
-
IBM LightHouse
-
Salesforce.com
-
Other SAML 2.0-compliant identity provider services
Note: Genesys previously verified CIC Single Sign-On compatibility with the open-source identity provider Shibboleth.net (https://shibboleth.net). However, Genesys does not provide technical support for configuring CIC Single Sign-On with Shibboleth.
Customer Interaction Center user database
If your Single Sign-On goals involve only CIC clients, you can use the CIC server as both a service provider and an identity provider.CIC clients can use the same security token that the CIC server provides after it validates the credentials of the principal (user) through its database.You do not need to collect any service provider information to provide to the identity provider, which is the same system for this method.
Note: Some CIC subsystems, such as Interaction Media Server and Interaction SIP Proxy, contain their own user databases for accessing the web-based administration interface.These CIC subsystems are not included in the CIC Single Sign-On solution as most CIC users do not require access to these subsystems.