Configure Single Sign-On using SAML

Complete the steps in the following procedure to configure Single Sign-On (SSO) using the Security Assertion Markup Language (SAML) protocol on the Single Sign On page in the Security module of the Enterprise Admin Console. Kore.ai also supports WS-Federation and OpenID Connect protocols. For more information, see Using Single Sign-On.

  1. In the Security module on the Single Sign On page in the Enterprise Admin Console, click Enable SSO.
  2. In the Select suitable Sign-On Protocol section, select SAML.
  3. In the Configure SSO for SAML section:
    1. On the Scope tab, select one of:
    2. On the Configure tab, select an identity provider, and then define the settings for one of:
      1. Okta - For more information, see Configure Kore.ai SSO for Okta.
        • Okta Single Sign-On URL - The SSO URL for Okta.
        • Identity Provider Issuer - The entity that provides the user identities including the ability to authenticate a user.
        • Certificate - The public certificate stored by the service provider from the identity provider used to validate a user signature.
      2. OneLogin - For more information, see Configure Kore.ai SSO for OneLogin, or in the OneLogin documentation, see Configuring SSO for Kore.ai.
        • SAML 2.0 Endpoint - The HTTP SSO endpoint for OneLogin, for example, https://app.onelogin.com/trust/saml2/http-post/sso/358111.
        • Issuer URL - The URL for the OneLogin issuer, for example, https://app.onelogin.com/saml/metadata/358111.
        • X.509 Certificate - The public certificate stored by the service provider from the identity provider used to validate a user signature.
      3. Bitium - For more information, see Configure Kore.ai SSO for Bitium.
        • Single Sign-On URL - The HTTP SSO endpoint for Bitium, for example, https://www.bitium.com/7655.
        • Issuer URL - The URL for the OneLogin issuer, for example, https://bitium.com/7655/saml/82456/metadata.xml.
        • Certificate - The public certificate stored by the service provider from the identity provider used to validate a user signature.
      4. Other - Generic SAML identity provider configuration. Select this option if you are not using a Kore.ai built-in configuration.
        • Single Sign-On URL - The URL that Kore.ai sends sign on and sign off requests using your WS-Federation identity provider.
        • Issuer URL - The URL for the WS-Federation metadata document used for authentication with Active Directory.
        • Certificate - The public certificate stored by the service provider from the identity provider used to validate a user signature.
        • In the administrative console for your Single Sign-On provider, you will also need to define the URLs that are used to exchange data between Kore.ai and your SSO provider. While the URL names may vary by SSO provider, you will need to define these URLs:
  4. Click Save.

The Identity Provider information successfully updated message is displayed at the top of the page. The following illustration shows the Single Sign On page with SAML sign-on protocol selected:

Comments