Edit

Webchat SSO-SAML with Azure/Entra

The instructions in this topic are similar to the topic that follows, except the next topic includes Auth0.

This topic contains the following sections:

Create SAML SSO on app on Azure portal

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.

  2. On the left navigation pane, select the Microsoft Entra ID service.

  3. Navigate to Enterprise Applications and then select All Applications.

  4. To add new application, select New application.

  1. Find and select Microsoft Entra SAML Toolkit.

  1. Name the app and then click Create.

Configure SAML SSO app on Azure portal

To enable Azure AD SSO in the Azure portal:

  1. In the Azure portal, on the application integration page, find the Manage section and select single sign-on.

  2. On the Select a single sign-on method page, select SAML.

  1. On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.

  1. Use the following table to set the parameter values. Note that in the examples below, acme should be replaced with your tenant id and chatbot should not be replaced with a variable. The word chatbot should appear in the URL as shown.

Name

Description

Identifier (Entity ID)

This should be cluster specific vanity of the tenant.

Example Webchat: https://acme.chatbot.aisera.cloud/ Note that the Webchat vanity url can be found in the snippet url.

Reply URL (Assertion Consumer Service URL)

This is tenant vanity url + /aisera/ssoLoginCallback

Example Webchat: https://acme.chatbot.aisera.cloud/aisera/ssoLoginCallback Note that the Webchat vanity url can be found in the snippet url.

Default RelayState

The default relay state is used to access the Webchat from the Idp portal.

Webchat: snippet url + embed parameter Example Webchat: https://acme.chatbot.aisera.cloud/awc/js?t=9bb08531-a212-0a94-5c19-4eab7c811fe7&embed

Primary attributes

The user email address should be returned as the primary attribute

Secondary attributes

The full name of the user should be returned as a value of the key name

The screenshot below is an example for webchat SAML SSO.

Copy or download values from Azure AD/Entra ID:

  • Certificate (Base64)

  • Login URL

  • Logout Url

Configure SSO for your Aisera Webchat Bot

To configure SSO for your webchat bot:

  1. Navigate to Settings > Channels in the Aisera Admin UI.

  2. Open the Webchat channel that your application/bot is using.

  3. In the Channel Details window, open the Authentication tab and Select SAML SSO in the Authentication field.

Field

Value

Login URL

Use the value provided by customer.

Logout URL

Set it up if customer has provided this information

Issuer

Use the same value you provided to the customer as Entity ID; see above

Skip Compression

If checked then the SAML request from the service provider will not be compressed. Normally this should be unchecked, but it is needed to be checked for some versions of Microsoft AD SSO.

If AD is used and you get an invalid request error then you can try to check this box.

x509 certificate

Copy and paste content of certificate here.

Webchat only extra fields

IFrame Embedding

false (unchecked) - Azure AD doesn’t allow iframe embedding of their login form.

PreviousAisera WebchatNextWebchat SSO-SAML and OAuth2-SSO Integration with Auth0

Last updated

Was this helpful?