Setting up Single Sign-On (SSO)

You can configure SSO between Sinch Contact Pro and external identity provider (IdP) if the idP system supports SAML 2.0.

You can use SSO with the following applications:

  • System Configurator
  • Communication Panel
  • Dashboard
  • Data Protection Officer (DPO)
  • Visitor Chat Configurator
  • Launchpad

Online Monitoring and SAP BusinessObjects don't support SSO.

To set up SSO in your system, follow the procedures below.

Establishing SAML federation

First SAML federation is established between Sinch Contact Pro and the identity provider. This is done by exchanging SAML metadata.

  1. Download Sinch Contact Pro tenant metadata using one of the URL listed below.

    Choose the URL according to your tenant location and enter your tenant name using uppercase letters.

    • Europe: https://login-eu-c1.cc.sinch.com/[TENANT]/metadata
    • North America: https://login-na-w2.cc.sinch.com/[TENANT]/metadata
    • Australia: https://login-au-s2.cc.sinch.com/[TENANT]/metadata
  2. Create a support ticket to Sinch and include the following information:
    • Your SAML metadata file or the metadata URL (federation metadata)
      Note:

      We recommend that you send us a URL to your metadata instead of the actual file. When using the URL, changes to your metadata, for example a new certificate, will be updated automatically on the Sinch Contact Pro side. If you send the file, you will need to resend it every time there are changes to your metadata.

    • Sinch Contact Pro tenant ID (tenant name)
    • SAML attribute for the email (attribute name exactly as it is in the target system)

      An email attribute is used to map users between the two systems. It is case sensitive so it must be exactly as it is in the idP system. Below are examples:

      • Azure AD: typically of format (also included in metadata) http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      • SAP IdP: typically just email

Configuring user certificates in System Configurator

You need to configure certificate settings for each SSO user.

  1. Go to System Configurator > User and Role Management > Users
  2. Select the user and click Certificates.
  3. Fill in the following information:
    • Subject: user's email address as it is configured in your idP system
    • Issuer: one of the following depending on your tenant location
      • cc-<tenant>.auth.eu-central-1.amazoncognito.com
      • cc-<tenant>.auth.us-west-2.amazoncognito.com
      • cc-<tenant>.auth.ap-southeast-2.amazoncognito.com

SSO URLs

URLs for SSO use are the following:

  • Standalone Communication Panel: https://cc-<tenant>.cc.sinch.com/ecf/latest/communicationpanel/index.jsp
  • Communication Panel embedded in C4C: https://cc-<tenant>.cc.sinch.com/ecf/latest/communicationpanel/embedded.jsp
  • DPO: https://cc-<tenant>.cc.sinch.com/ecf/2102/dporeport/index.jsp
  • Dashboard: https://cc-<tenant>.cc.sinch.com/SupervisorDashboard/index.jsp
  • Visitor Chat Configurator: https://cc-<tenant>.cc.sinch.com/ecf/latest/VisitorConfigurator/index.jsp
  • Launchpad: https://cc-<tenant>.cc.sinch.com/launchpad
  • System Configurator: https://cc-<tenant>.cc.sinch.com/scweb/sc/aws.jsp