Since July 6, 2023, Atlassian has no longer been used for Release Notes or knowledge base articles.
* Find Release Notes here (https://support.mycontactcenter.net/app/articles/detail/a_id/23378/) and articles here (https://support.mycontactcenter.net/app/main).
* Authenticated Partners can access content here (https://support.mycontactcenter.net/cc/sso/authenticator/oauth/authorize/imcontrolpanel?redirect=main&source=mycontactcenter)
Microsoft Azure AD SSO
Configure single sign-on for your organization using Microsoft Azure Active Directory.
Getting Started
First, you'll need to sign in to your Azure account. You can do so at https://azure.microsoft.com. If you don't yet have an Azure account, you can use this same URL to set one up.
Once you're logged in, click Portal, in the top right.
Now, from the navigation pane at left, click Azure Active Directory.
A secondary navigation pane will open - from there, click App Registrations (not "App Registrations (Legacy)").
You'll see a third and final pane. From this one, click New Registration.
Register an App
Please note that URI is required for SSO, although the Azure portal labels it as optional.
Fill out all the information required to register an App:
- Name: A user-friendly name to display when using the SSO Service.
- Supported account types: There are three options. At this time, we strongly recommend using the option: Accounts in this organizational directory only (Default Directory). All user and guest accounts in your directory can use your application or API. Use this option if your target audience is internal to your organization.
- Redirect URI (optional): This is mandatory. Select “Web” and type in the return URL textbox one of these URLs:
- Facility 0 AKA Toronto:
- https://pop0-apps.mycontactcenter.net/sso/saml/azuread/acs.aspx (for Portal + Desktop CCA)
https://pop0-apps.mycontactcenter.net/cca.sso/saml/azuread/acs.aspx (for web CCA)
- Facility 1 AKA Virginia:
- https://pop1-apps.mycontactcenter.net/sso/saml/azuread/acs.aspx (for Portal + Desktop CCA)
https://pop1-apps.mycontactcenter.net/cca.sso/saml/azuread/acs.aspx (for web CCA)
- Facility 0 AKA Toronto:
When you're finished, click Register. Upon registration, the site will show the app's information, which should look something like the below.
From this view, you can copy the Application (client) ID and the Directory (tenant) ID by simply hovering over them and clicking Copy to Clipboard.
There are some additional settings you'll need, so please continue through the steps below.
Branding
Under the Manage section, click Branding. Here you'll need to provide:
- Name (should already be set).
- Upload new logo: A logo to show when signing on Azure AD. Optional.
- Home page Url: https://pop0-apps.mycontactcenter.net/sso/ for clients in Facility 0 (AKA Toronto) OR https://pop1-apps.mycontactcenter.net/sso/ for Facility 1 (AKA Virginia).
- The terms of Service and Privacy statement can be left blank at this time.
Remember to click on Save.
Authentication
Now click Authentication. In this section, you'll need to provide:
- Redirect URIs section: leave this value as is (already entered at the beginning).
- Advanced settings section: at this time we do not use the logout URL; please leave it blank.
- Implicit grants section: place a checkmark to enable ID tokens.
- Default client type: set this option to No (which should be the default).
- Supported account types: set to Accounts in this organizational directory only. Again, this should already be the selection based on your earlier settings, but please ensure it's the case.
You may need to scroll down to see the options for Default client type and Supported account types.
As before, be sure to click Save before proceeding.
API Permissions
It's not necessary to make changes here, but there is an optional setting you can change - see below.
As an administrator, you can grant consent on behalf of all users in this directory. Granting admin consent for all users means that end-users will not be shown a consent screen when using the application.
To do this, click the button labeled Grant admin consent for Default Directory. Note that you must be signed in as an administrator or this option will be greyed out.
Expose an API
In this section, you're setting the scope that this API will cover.
Click the Add a scope button, and then provide the following info.
Scope name: user_impersonation
Who can consent? Select Admins and users
Admin consent display name: provide a name, such as "Access My Contact Center."
Admin consent description: enter a description, such as "Allow the application to access My Contact Center on behalf of the signed-in user."
User consent display name: provide a display name, such as "Access My Contact Center."
User consent description: enter a description, such as "Allow the application to access My Contact Center on behalf of the signed-in user.
State: Enabled.
Click on Add scope.
Manifest
The manifest is the Application configuration file; here you can define or override various aspects of the application's configuration.
In this file manifest please replace the whole line containing:
"optionalClaims": null,
with the following:
"optionalClaims": { "idToken": [ { "name": "family_name", "source": null, "essential": true, "additionalProperties": [] }, { "name": "given_name", "source": null, "essential": true, "additionalProperties": [] }, { "name": "ipaddr", "source": null, "essential": true, "additionalProperties": [] } ], "accessToken": [ { "name": "family_name", "source": null, "essential": true, "additionalProperties": [] }, { "name": "given_name", "source": null, "essential": true, "additionalProperties": [] }, { "name": "ipaddr", "source": null, "essential": true, "additionalProperties": [] } ], "saml2Token": [] },
The below screenshot shows the location of this code (line 43). Scroll down for a screenshot showing the manifest after the changes.
Here is the manifest after making the above changes. Note that you may need to scroll to ensure all of the code has been pasted. After the change, the "optionalClaims": section should occupy 42 lines in total (in our example, from lines 43 through 85, inclusive).
Since July 6, 2023, Atlassian has no longer been used for Release Notes or knowledge base articles.
* Find Release Notes here (https://support.mycontactcenter.net/app/articles/detail/a_id/23378/) and articles here (https://support.mycontactcenter.net/app/main).
* Authenticated Partners can access content here (https://support.mycontactcenter.net/cc/sso/authenticator/oauth/authorize/imcontrolpanel?redirect=main&source=mycontactcenter)