Welcome to Oracle Service Cloud Ask the Experts

Similar documents
RSA SecurID Access SAML Configuration for Datadog

RSA SecurID Access SAML Configuration for Kanban Tool

RSA SecurID Access SAML Configuration for StatusPage

This section includes troubleshooting topics about single sign-on (SSO) issues.

Configuring Alfresco Cloud with ADFS 3.0

SAML-Based SSO Configuration

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Welcome to Oracle Service Cloud Ask the Experts

Morningstar ByAllAccounts SAML Connectivity Guide

RSA SecurID Access SAML Configuration for Samanage

Configuration Guide - Single-Sign On for OneDesk

Add OKTA as an Identity Provider in EAA

Integrating YuJa Active Learning into Google Apps via SAML

Google SAML Integration with ETV

MyWorkDrive SAML v2.0 Okta Integration Guide

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

Setting Up the Server

SAML-Based SSO Configuration

All about SAML End-to-end Tableau and OKTA integration

Google SAML Integration

ComponentSpace SAML v2.0 Okta Integration Guide

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

SAML-Based SSO Solution

SAML-Based SSO Solution

Manage SAML Single Sign-On

CLI users are not listed on the Cisco Prime Collaboration User Management page.

AT&T Business Messaging Account Management

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

Webthority can provide single sign-on to web applications using one of the following authentication methods:

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Configuring Confluence

Single Sign-On (SSO)Technical Specification

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Cloud Secure Integration with ADFS. Deployment Guide

Uploading protocols and Assay Control Sets to the QIAsymphony SP via the USB stick

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Scheduling WebEx Meetings with Microsoft Outlook

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

Integrating YuJa Active Learning with ADFS (SAML)

MyWorkDrive SAML v2.0 Azure AD Integration Guide

Integrating YuJa Active Learning into ADFS via SAML

Five9 Plus Adapter for Microsoft Dynamics CRM

Unity Connection Version 10.5 SAML SSO Configuration Example

Introduction to application management

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Step 1: New Portal User User ID Created Using IdentityIQ (IIQ)

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Five9 Plus Adapter for Agent Desktop Toolkit

Advanced Configuration for SAML Authentication

Customized Net Conference Powered by Cisco WebEx Technology Event Center

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

Object Storage Operation Manual

Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide

SAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager

Quick Start Guide for SAML SSO Access

SafeNet Authentication Manager

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

Microsoft ADFS Configuration

Okta Integration Guide for Web Access Management with F5 BIG-IP

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

BlueJeans Administrator s Guide

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

VMware AirWatch Integration with RSA PKI Guide

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Access Manager Applications Configuration Guide. October 2016

owncloud Android App Manual

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Quick Connection Guide

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6

Configure Unsanctioned Device Access Control

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

IBM Domino WEB Federated Login

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Google Apps Integration

Oracle WebLogic. Overview. Prerequisites. Baseline. Architecture. Installation. Contents

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

McAfee Cloud Identity Manager

VAM. ADFS 2FA Value-Added Module (VAM) Deployment Guide

Troubleshooting Single Sign-On

Troubleshooting Single Sign-On

WebEx Connector. Version 2.0. User Guide

Oracle Access Manager Configuration Guide

Quick Start Guide for SAML SSO Access

INSTALLATION GUIDE FOR ACPL FM220 RD WINDOWS APPLICATION INDEX

2 Oracle WebLogic Overview Prerequisites Baseline Architecture...6

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

SAP NetWeaver Cloud Security Tutorial Single Sign-On and Identity Federation with SAP NetWeaver Single Sign-On

Transcription:

Welcome to Oracle Service Cloud Ask the Experts Best Practices for Implementing & Maintaining SSO Presenter: Shane Parsons Dial-In: 1-866-682-4770 Conference Code: 7817715 Security Passcode: 1234 Lines have automatically been muted. #6 to unmute *Ignore the attendee ID that appears in the pop up once logging into WebEx.* Global Numbers: Australia: +61 2 9491 2888 Brazil (San Paulo): +55 11 5189 7347 Brazil (Rio de Janeiro): +55 21 3534 6200 Canada (Vancouver): +1 604 637 9200 Canada (Toronto): +1 647 775 1275 Hong Kong: +85 236 551 900 India (Bangalore): +91 803 989 0080 India (Chennai): +91 443 989 0080 India (Kolkata): +91 333 989 0080 India (New Delhi): +91 113 989 0060 Netherlands: +31 30 669 9100 Pakistan: +65 6436 1118 Romania: +40 21 367 8899 Spain: +34 9 1414 3755 Switzerland: +41 227 999 898 United Kingdom: +44 20 8118 1001

Topics Covered Concepts to understand before implementing SSO Implementing different types of SSO Common mistakes during implementation Demo Questions 2

Concepts to understand before implementing SSO

Concepts to understand before implementing SSO General understanding of how SSO works Saml response decoders Fiddler https://www.samltool.com Saml Chrome extensions Saml tracer in Firefox Decode and read assertion Certificate Management Is certificate valid Does certificate require intermediate certificates for validation 4

Implementing different types of SSO

Customer portal SSO Supports identity provider (IDP) initiated SSO only Assertion Consumer Service (ACS) url https://<vhost>/ci/openlogin/saml/<login parameter> Ex. contact.login or contact.emails.address Entity ID can be any value in IDP Redirect added to assertion consumer service (ACS) url Ex. /ci/openlogin/saml/redirect/app/ask 6

Agent console IDP SSO Version 1 ACS url https://<vhost>/cgi-bin/>interface>.cfg/php/admin/sso_launch.php?p_subject=<login parameter> Ex. Account.Login or Account.Emails.Address Version 2 Must be used if implementing for AgentWeb ACS url https://<vhost>/cgi-bin/<interface>.cfg/php/sso/saml2/sp/post/acs.php Configuration performed in console via component Single Sign On Configurations Export out metadata file and import into IDP Import IDP metadata file into Oracle Service Cloud Active checkbox should only be checked Entity ID can be any value in IDP Must use Internet Explorer to launch console 7

Agent console IDP SSO login process 8

Browser User Interface (Browser UI) IDP SSO ACS url https://<vhost>/cgi-bin/<interface>.cfg/php/sso/saml2/sp/post/acs.php Configuration performed in console via component Single Sign On Configurations Export out metadata file and import into IDP Import IDP metadata file into Oracle Service Cloud Active checkbox only Relay State set to https://<vhost>/agentweb 9

Agent Console and Browser UI service provider (SP) SSO ACS url https://<vhost>/cgi-bin/<interface>.cfg/php/sso/saml2/sp/post/acs.php Configuration performed in console via component Single Sign On Configurations Export out metadata file and import into IDP Import IDP metadata file into CX Supports single logout Active and Web SSO checkbox No setup for Agent Web needed Entity ID for console must match in IDP 10

Mandatory requirements for all SSO types Signing certificate uploaded into File Manager Additional Root Certificates folder Intermediate certificates must also be uploaded Config SAML_20_SIGN_CERTS Fingerprint of signing cert Remove colons 11

Common mistakes during implementation SAML_20_SIGN_CERTS Colons not removed Hidden spaces at either front or back of fingerprint Wrong value all together IDP using http instead of https for ACS url Causes assertion to get lost during redirect to https Entity id doesn t meet requirements of IDP - SP initiated SSO Some IDPs don t support special characters such as plus sign Subject not passed over since request unable to be validated 12

Common mistakes during implementation Signing certificate unable to be validated Expired Requires intermediate/chain certificates Wrong certificate uploaded Subject incorrect Value doesn t match authenticating column in database Case sensitive Email not set as login Account or Contact not in database ANY-TRUSTED used in production Signing certificate not validated against uploaded certificates 13

Demo 14

Q&A Chat and Phone Lines Send your chats to ALL PANELISTS Lines are muted. Press #6 to unmute. Recommend unmuting and then muting via your device or desk phone 15

Have a Question? Ask the Experts! SAVE Extending Data Into Your Site Thursday, Jan. 25 @ 11 a.m. EST Troubleshooting Wizardry Thursday, Feb. 8 @ 11 a.m. EST Register at: http://bit.ly/osvcexperts

Continue the Conversation www.cx.rightnow.com 18

Your Feedback Once I end the meeting, You will get a notification that the host has ended the meeting. Click OK. A short feedback survey will appear in your browser. 19

Thank You! 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback