search
githubEdit

Webchat SSO-SAML with Azure/Entra

The instructions in this topic are similar to the topic that follows, except the next topic includes Auth0.

This topic contains the following sections:

hashtag
Create SAML SSO on app on Azure portal

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.

  2. On the left navigation pane, select the Microsoft Entra ID service.

  3. Navigate to Enterprise Applications and then select All Applications.

  4. To add new application, select New application.

  1. Find and select Microsoft Entra SAML Toolkit.

  1. Name the app and then click Create.

hashtag
Configure SAML SSO app on Azure portal

To enable Azure AD SSO in the Azure portal:

  1. In the Azure portal, on the application integration page, find the Manage section and select single sign-on.

  2. On the Select a single sign-on method page, select SAML.

  1. On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.

  1. Use the following table to set the parameter values. Note that in the examples below, acme should be replaced with your tenant id and chatbot should not be replaced with a variable. The word chatbot should appear in the URL as shown.

Name

Description

Identifier (Entity ID)

This is the cluster specific vanity of the tenant.

Example Webchat: https://acme.chatbot.aisera.cloud/arrow-up-right Note that the Webchat vanity url can be found in the snippet url.

Reply URL (Assertion Consumer Service URL)

This is the tenant vanity url + /aisera/ssoLoginCallback

Example Webchat: https://acme.chatbot.aisera.cloud/aisera/ssoLoginCallbackarrow-up-right Note that the Webchat vanity url can be found in the snippet url.

Default RelayState

The default relay state is used to access the Webchat from the Idp portal.

Webchat: snippet url + embed parameter Example Webchat: https://acme.chatbot.aisera.cloud/awc/js?t=9bb08531-a212-0a94-5c19-4eab7c811fe7&embedarrow-up-right

Primary attributes

The user email address should be returned as the primary attribute

Secondary attributes

The full name of the user should be returned as a value of the key name

The screenshot below is an example for webchat SAML SSO.

hashtag
Copy or download values from Azure AD/Entra ID:

  • Certificate (Base64)

  • Login URL

  • Logout Url

hashtag
Configure SSO for your Aisera Webchat Bot

To configure SSO for your webchat bot:

  1. Navigate to Settings > Channels in the Aisera Admin UI.

  2. Open the Webchat channel that your application/bot is using.

  3. In the Channel Details window, open the Authentication tab and Select SAML SSO in the Authentication field.

Field

Value

Login URL

Use the value that you see in your Set up Azure AD SAML Toolkit window, as shown in the example screenshot above.

Logout URL

Use the value that you see in your Set up Azure AD SAML Toolkit window, as shown in the example screenshot above.

Issuer

Use the same value as the Identifier Entity ID shown in the Basic SAML Configuration window (see example above).

Skip Compression

If the checkbox is enabled, the SAML request from the service provider will not be compressed. Normally this should be unchecked, but it needs to be checked for some versions of Microsoft AD SSO.

If AD is used, and you get an invalid request error, check this box and try it again.

x509 certificate

Copy and paste the content of your certificate here.

Webchat only extra fields

IFrame Embedding

false (unchecked) - Azure AD doesn’t allow iframe embedding of their login form.

PreviousAisera WebchatNextWebchat SSO-SAML and OAuth2-SSO Integration with Auth0

Last updated

Was this helpful?