Single Sign On with Salesforce as Identity Provider

Administrators may configure Salesforce as their identity provider to automatically authenticate their agents to the Agent for Salesforce platform.

Create a Connected Application in Salesforce

The process of creating a connected application in Salesforce provides you with the information to input into Central in the following steps.

  1. Click Setup located in the upper right corner.

  2. In the App Manager section, click New.
  3. For more information on the New Connected App fields, visit help.salesforce.com. Search for Create a Connected App. Refer to the Basic Information section. When appropriate, enter the information below.
  4. Under API (Enable OAuth Settings), select Enable OAuth Settings.

  5. Enter a callback URL in the Callback URL field, as applicable:

    Salesforce Application NICE inContact Callback URL for Single Sign-On Configuration
    Classic https://icagentconsole.{SalesforceInstance}.visual.force.com/apex/icagentconsole__authcallback

    Your {Salesforce Instance} is formatted as ap5, na88, cs80, eu4, and so forth.

    For example: https://icagentconsole.ap5.visual.force.com/apex/icagentconsole__authcallback

    Classic with a custom domain

    https://{MyDomain}–icagentconsole.visualforce.com/apex/icagentconsole__authcallback or alternately https://{MyDomain}--icagentconsole.{SalesforceInstance}.visual.force.com/apex/icagentconsole__authcallback. Your {Salesforce Instance} is formatted as ap5, na88, cs80, eu4, and so forth. {MyDomain} is the customer domain setup in your Salesforce organization.

    For example: https://customer.incontact.com--icagentconsole.ap5.visual.force.com/apex/icagentconsole__authcallback

    Lightning

    https://icagentconsole.{SalesforceInstance}.lightning.force.com/apex/icagentconsole__authcallback or alternately https://icagentconsole.{SalesforceInstance}.visual.force.com/apex/icagentconsole__authcallback. Your {Salesforce Instance} is formatted as ap5, na88, cs80, eu4, and so forth.

    For example: https://icagentconsole.ap5.lightning.force.com/apex/icagentconsole__authcallback

    Lightning with a custom domain

    https://{MyDomain}--icagentconsole.visualforce.com/apex/icagentconsole__authcallback or alternately https://{MyDomain}--icagentconsole.{SalesforceInstance}.visual.force.com/apex/icagentconsole__authcallback.

    Your {Salesforce Instance} is formatted as ap5, na88, cs80, eu4, and so forth. {MyDomain} is the customer domain setup in your Salesforce organization.

    For example: https://customer.incontact.com--icagentconsole.ap5.visual.force.com/apex/icagentconsole__authcallback

    These URLs are case sensitive and need to be entered as shown.

  6. In addition to one of the URLs above, enter the following in the Callback URL field if you want to use your Salesforce login for accessing Central:

    Your {custom domain} is formatted similar to customer1.incontact.com

    https://{customdomain}/inContact/LoginByCode.asp

    For example: https://customer1.incontact.com/incontact/LoginByCode.aspx

  7. Under Selected OAuth Scopes, in the Available OAuth Scopes field, select Access your basic information (id, profile, email, address, phone) and Allow access to your unique identifier (openid).

  8. Click Add.

  9. Click Save and Continue.

Take note of Consumer Key as Client Identifier and Consumer Secret as Client Password while configuring the OpenID Connect settings in Central, this will be used later in the process.

Modify the OAuth Policy for the Connected App

  1. In the Quick Find/Search box, search for Connected Apps. Under Manage Apps, select Connected Apps.
  2. Click the name of the newly created app. Do not click Edit.
  3. Click Edit Policies.
  4. In the Permitted Users field, select Admin approved users are pre-authorized.
  5. Click Save.
  6. Under the Profiles section, click Manage Profiles.
  7. Select the users you would like to have access to the connected app.
  8. Click Save.

Configure Salesforce as the Identity Provider in Central

Complete the Configure Open ID Connect process then, where indicated, enter the following information during the process below:

  • Consumer Key
  • Consumer Secret
  1. In Central, click AdminAccount SettingsBusiness Units

  2. Select your business unit.
  3. Select the OpenID Connect tab.
  4. Click Edit.
  5. In a new tab, log in to your Salesforce.
  6. Click Setup located in the upper right corner.
  7. In the Quick Find/Search box, search for Connected Apps. Under Manage Apps, select Connected Apps.
  8. Click the name of the newly created app. Do not click Edit.
  9. Populate the following fields with the information from your connected app. For more information on the fields and their valies, refer to the Business Unit Open ID Connect Tab topic.
  10. Select Discover Settings and enter your Salesforce Open ID Configuration URL.
  11. In the Client ID field, enter the Consumer Key.
  12. In the Client Password field, enter the Consumer Secret.
  13. Select client_secret_post for the Client Authentication Method.
  14. Click Done.
  15. Click Validate and Link.The Salesforce login is displayed.
  16. Enter your Salesforce credentials.

Configure Single Sign-On in Salesforce

The following steps allows you to configure single sign-on for Salesforce Agent.

  1. Click Setup located in the upper right corner.

  2. Use the Search box to search for CallCenters, then click Call Centers.

  3. If the Introducing Salesforce CRM Call Center screen appears, click Continue.
  4. Click NICE inContact CXone - Central. Click the call center link, not the Edit link.

  5. Under the Call Center Users section, click Manage Call Center Users.

  6. Click Add Users.

  7. Enter your search criteria.
  8. Click Find.
  9. Select the preferred users.
  10. Click Add Users to Call Center.
  11. Below the name of your call center, click the blue highlighted name of your call center.
  12. Click Edit.
  13. In the Custom Domain field, enter the fully qualified hostname, which is a combination of your Business Unit Hostname and your domain, configured in Central.
  14. Click Save.