Configuring Your SAML Identity Provider

You can use most identity providers that support SAML 2.0 to configure Single Sign On (SSO) for CxEngage. The process to allow CxEngage as new service provider varies by identity provider. Please refer to your identity provider's help resources for instructions. You might require the following information about CxEngage during the set-up process:

  • Single Sign On URL: https://cxengage.auth.us-east-1.amazoncognito.com/saml2/idpresponse
  • Entity ID:urn:amazon:cognito:sp:us-east-1_hQ7OLGUaM
     Some identity provider refer to the Entity ID as Audience URI or Audience Restriction.

These values are the same for any tenant in any CxEngage region.

You need the following details to set up the identity provider in CxEngage:

  • Metadata file:  There are two methods you can choose from to provide a metadata file:
    • If your identity provider isn't behind a firewall, you can add the link to the metadata file in CxEngage. A URL is preferred because it allows your CxEngage configuration to update when there are changes made to your identity provider.
    • If your identity provider is behind a firewall, you have the option to upload an XML file or enter the XML directly in CxEngage. If there are changes made to your identity provider, you'll need to update the file or XML in CxEngage.
  • Email address field: Email addresses are used to link and validate the users who are trying to access CxEngage. You'll need the name of the email address field from the SAML assertion when you set up the identity provider in CxEngage.
     The default value is Email for a new identity provider. CxEngage expects the SAML assertion to contain the email address of the user in this parameter. If the assertion sends the email address in another parameter, ensure that you update the Email Mapping field value to match the parameter name contained in the assertion.

After you've configured your SAML provider, you can create an identity provider in CxEngage.


You might also be interested in: