Set Up Single Sign-On

Set Up the SSO Connected App and Salesforce with Identity Provider (IdP)

1. From Setup, enter Identity Provider in the Quick Find box, then select Identity Provider and enable it. Download the certificate and metadata file.
2. Enter App Manager in the Quick Find box. Click App Manager | New connected App.
3. Create a new connected app and provide the details in Basic information and Web App settings.
   1. Name the connected app.
   2. Enable SAML.
   3. Enter the ACS URL and Entity ID.
   4. Select Subject Type as required and update the name ID format to match the SSO expected.
   5. Select your IdP Certificate from the dropdown options.
   6. Click Save.
   7. Click Manage profile and select all the profiles for which you want to grant access to use SSO.
4. After enabling Identify Provider, download the metadata file for using Salesforce as IdP. This metadata XML file should be used for setting up SSO.

Perform Headless SSO

If a telephony system login page isn’t needed, you can use a headless single sign-on (SSO) to your service. Salesforce sends a message to the connector iFrame with the entire contact center configuration as defined in {contactCenterName}.callCenter. Use these details to allow SSO, and notify Salesforce by returning a fulfilled Promise with a value of type InitResult when the Promise is successful or rejected.

Here’s a sample contact center configuration sent from Salesforce during connector init:

init(ssoConfig) {
  const ssoResult = pbx.performSSO(ssoConfig)
  if (ssoResult.success) {
    return Promise.resolve(new InitResult({}));
  } else {
    return Promise.reject("Failed to login");
  }
}

If SSO is successful, the SSO dialer is enabled to allow the rep to make outbound calls. If SSO fails, the base connector dispatches a CAN_NOT_LOG_IN error. The rep receives an error message in the Omni-Channel utility or the Salesforce window, and their keypad remains disabled.