Configure SSO using Google Workspace

This section describes how to configure SSO using Google Workspace for use enterprise-wide Google Workspace credentials to sign into Contact Center AI Platform and the agent adapter. Google Workspace SSO uses the Security Assertion Markup Language (SAML) authentication protocol.

Before you begin

To configure SSO using Google Workspace, be sure you have the following:

  • Google Workspace administrator

  • CCAI Platform administrator credentials

Configure Workspace for SSO

To configure Google Workspace, follow these steps:

  1. In Google Workspace Admin Console, go to Apps > Web and mobile apps.

  2. Click Add app.

  3. Select Add custom SAML app.

  4. In the App name field, add a name that will help you identify this SAML app as belonging to your knowledge base, like CCAI Platform instance SSO.

  5. Click Continue.

    You'll be directed to the Google Identity Provider detail page. Google offers two options for getting the Google Workspace IdP info CCAI Platform instance needs. For CCAI Platform, used the section option.

  6. Copy the SSO URL, Entity ID, and certificate.

Configure your CCAI Platform instance for SSO

To configure SSO for your CCAI Platform instance, follow these steps:

  1. In the Google Cloud console, go to the project selector dashboard and select the project that contains your instance.

    Project selector dashboard

  2. In the navigation menu, click CCAI Platform.

    CCAI Platform instances

    The CCAI Platform instances page displays.

  3. In the Name column, click the instance that you want to configure SSO for.

  4. On the CCAI Platform instance Detail page, click Edit.

  5. For the login method, select SAML.

  6. In the Single sign-on URL field, enter the Google Workspace SSO URL value from Configure Google Workspace.

  7. In the Entity ID field, enter the Workspace Entity Identifier value from Configure Google Workspace.

  8. In the Email field mapping field, enter a text string such as Email name or Name ID. This is used as a label for the email name field on the SSO sign-in page.

  9. In the Certificate field, enter the X.509 certificate from Configure Google Workspace. Be sure to include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the certificate.

  10. Click Save.

Add your CCAI Platform instance service provider details into the Google Workspace SAML App configuration

  1. Return to the Google Workspace Admin console and select Continue.

  2. In the Service Provider page enter the following details.

    • Enter the ACS URL: https://'instance'.ccaiplatform.com/saml/v1/consume

    • Enter the Identifier (Entity ID) URL: enter https://'instance'.ccaiplatform.com/saml/v1/metadata

    • Enter Start URL: https://'instance'.ccaiplatform.com/

    • Set Name ID format to Email.

  3. Click Continue at the bottom of the screen.

  4. Select the user group that will be able to access the application.

  5. Click Finish.

Verify SSO authentication

To verify SSO authentication, follow these steps:

  1. Go to the agent adapter in your customer relationship management (CRM) application.

  2. Click Login with company SSO. A sign-in page displays.

  3. Sign in with your Google Workspace credentials.