About Agent Single Sign-On (SSO)

Organizations and their staff often must use multiple applications that require authentication in order to perform necessary tasks. However, each application typically has its own authentication mechanism. This creates extra work for the administration of users if they must be created and maintained in each system. It is also inconvenient to the end user as they must remember login credentials for each system.

Single Sign-On (SSO) is a feature that allows users to access their applications using the same login credentials, without having to needlessly go through the individual authentication process for every application. SSO can be enabled on any system that uses SAML 2.0.

Single sign-on also can be configured for customers to use specific services of the application. Customers who are already recognized on the company website can use a SSO-enabled entry point to chat with a customer without having to provide redundant information. Customers can also access secure message centers, which act as private mail inboxes in which businesses can share sensitive information with their customers without the risk of compromising security. For more information, see About Customer Single Sign-On.

Important things to note about Single Sign-On:

• The process of configuring a system for single sign-on must be performed to the Security node at the partition level by a partition user with the following necessary actions: View Application Security and Manage Application Security.

• Once single sign-on has been configured, all users in the deployment are enabled for SSO.

• For users to log into the consoles other than the agent desktop, once SSO is enabled, you must provide the External URL of the Application. See General Partition Settings for more information.

• SSO only supports Service Provider initiated authentication.