Contents

Import SAML 2.0 metadata from identity provider

The SAML 2.0 metadata file from the identity provider contains metadata in an XML format.Interaction Administrator can import this metadata and automatically configure some CIC server Single Sign-On settings for that identity provider.

Important!

The SAML 2.0 metadata file does not contain claims that the identity provider returns with SAML <AuthnRequest> responses.You must have the claims from the identity provider so that you can enter them in the wizard interface.You should have already gathered the claims in Gather identity provider information.

Open Interaction Administrator for the CIC server for which you want to configure Single Sign-On settings for the identity provider.
In the left pane of the Interaction Administrator window, expand the Single Sign-On container and select the Identity Providers object.
In the right pane of the Interaction Administrator window, right-click an empty area and select New from the resulting shortcut menu.

Interaction Administrator displays the Identity Provider Configuration dialog box.

In the Authentication Types list, select the SAML profile and binding to use for this identity provider.
Select the Import button.

Interaction Administrator displays the Import from SAML Metadata dialog box.
In the available box, enter the location of the SAML 2 metadata file.

The location can be a local directory, UNC path for a network resource, or URL address.

Tip: You can use the Browse button to open a Windows Explorer window to manually navigate to the file.

Select the Import button.

Interaction Administrator validates the contents of the SAML 2.0 metadata file and then displays the New Claim dialog box.
In the Assertion box, enter the Name attribute of an <Attribute> element that the identity provider will supply in SAML <AuthnRequest> responses.
In the User IC Setting group, select the option that enables you to map the SAML claim to the appropriate CIC attribute:

Option

Usage

Use a common IC attribute

Select this option if you want to map the specified SAML claim to a CIC user attribute.Select that CIC user attribute in the list box:

Email Address
User ID
Windows Domain Account

These attributes typically exist for each CIC user account.

Specify an IC attribute

Select this option if you want to map the specified SAML claim to a CIC Directory Services (DS) attribute that you previously defined.

CIC Directory Services (DS) contain additional information on users, workgroups, workstations, lines, line groups, and other areas.

For a partial list of CIC DS attributes for non-interaction objects, see "Attributes that can be looked up in Directory Services Keys" in Interaction Designer Help.You can also use Interaction Designer Help to find information on Interaction Designer tools that enable you to see the list of existing CIC Directory Services attributes.

You can also assign SAML claims to custom CIC user attributes.To create a custom CIC user attribute, double click a user entry under People > Users in Interaction Administration, select the Custom Attributes tab, and then select the Add button.

When you specify this custom attribute in the Configuration dialog box for the selected SAML profile and binding, you must enter it in the following format:

CUSTOM::AttributeName

AttributeName is a variable that represents the name of the custom CIC user attribute that you defined.

You must set the value of this customer attribute for each user entry under People > Users in Interaction Administrator.

Select the OK button.
The claim is mapped to a CIC attribute and is saved as an entry in the list.

Interaction Administrator prompts you to determine if you need to enter additional claims from the identity provider.
If you need to enter another claim from the identity provider, select the Continue button and repeat steps 8 through 10.Otherwise, select the Finish button.

Interaction Administrator returns you to the Identity Providers Configuration dialog box.
Select the OK button to close the Identity Providers Configuration dialog box.