SAML SSO can be enabled by Admins by selecting the default Single Sign-on provider for their account as 'SAML':
Talkdesk supports the integration with Active Directory Federation Services as a SAML SSO provider. This document details the configuration steps required to configure the communication between these two services.
Note: These instructions are based on Windows 2012 R2.
Active Directory Federation Services
After having your ADFS running, there are a few configurations needed in order to enable the communication with Talkdesk ID.
- Click on 'Tools' (top-right corner) and select ‘AD FS Management’:
- In the tree list on the left, expand Trust Relationships. Right-click on 'Relying Party Trusts' and click 'Add Relying Party Trust':
- Select the third option (“Enter data about the relying party manually”) and click ‘Next’:
- Enter a Display name (e.g. Talkdesk) and click ‘Next’:
- Select the first option (AD FS profile) and click ‘Next’:
- Click ‘Next’ in “Configure Certificate”:
- Select the option ‘Enable support for the SAML 2.0 WebSSO protocol’.
Add your Talkdesk account URL, followed by “/login/saml/sso” (e.g. https://myaccountname.talkdeskid.com/login/saml/sso). Click ‘Next’:
- Add the previous URL as Relying party trust identifier. Click ‘Next’:
- Click ‘Next’:
- Click ‘Next’:
- Click ‘Next’:
- Click the checkbox "Open the Edit Claim Rules dialog for this relying party trust when the wizard closes". Click ‘Close’:
- In the ‘Issuance Transform Rules’ tab, click ‘Add rule’. In ‘Claim rule template select “Send LDAP Attributes”, and click ‘Next’:
- Enter a name for the Claim rule and configure it as below. Click ‘Finish’:
- Click ‘Add rule’ again. In ‘Claim rule template’, select “Transform an Incoming Claim”, and click ‘Next’:
- Enter a name for the Claim rule and configure it as below. Click ‘Finish’:
- Click ‘Apply’ and OK:
- Check that the Relying Party Trust has been added:
- Now that the configuration of how to process the Service Provider SAML requests is done, let's check the metadata URL endpoint.
Go to the same ADFS management window, select ‘Service’, then ‘Endpoints’ (in the left pane). The Federation Metadata URL path will be presented in the Metadata section as seen below. Copy this URL and save it somewhere safe (you will need to add this URL in Talkdesk):
Talkdesk
In order to configure Active Directory Federation Services as the Identity Provider, login into your Talkdesk account and navigate to Admin Preferences. Add the Metadata URL, which was copied in step 19, to the Single Sign-On Provider section and save it: