Welcome to the Genesys
DX Support Center

Digital DX provides Single Sign-On support based on SAML 2.0 protocol. It accepts SAML Assertions using the SAMLResponse parameter where the NameID of the authenticated user is a mandatory claim.

On the Identity Provider (IdP) side you must set up the connection with the following parameters:

• Protocol type: SAML 2.0
• Service type: AssertionConsumerService
• Binding type: HTTP-POST
• WantAssertionsSigned: True

Alternatively, you can set up the connection using the Digital DX metadata XML below that contains the required parameters.

Important: Change both instances of xxxxxxxxxx to your account ID. You can find your Bold360 SSO URL on the settings form. Change both instances of yyyyyyyyyy to the web client URL extended with the server set for your data residency region.

Data Center	URL
USA	web.boldchat.com
EU	web-eu.boldchat.com

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="https://yyyyyyyyyy/aid/xxxxxxxxxx/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
  <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
    <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yyyyyyyyyy/aid/xxxxxxxxxx/"/>
  </SPSSODescriptor>
</EntityDescriptor>

1. In the Web Admin Center, go to General > Single Sign On.
2. Remember: You must configure SSO on the Identity Provider side first.
   Click Test to check the authentication process.

   You are redirected to the Identity Provider's URL in a pop-up window. If you get back SAMLResponse from the ID Provider then its response will be presented on this setting form. If no SAMLResponse parameter returns or you simply misconfigured your URL, the pop-up window may stay open.

   Important: The Identity Provider URL must be a common link that authenticates and redirects the user to the Digital DX SSO URL with SAMLResponse token, if the user have the necessary rights.

   Result	Description
   SAMLResponse is returned	The response is presented in the form. Note: Copy the public key for later use.
   SAMLResponse is not returned	The pop-up window may stay open. It is likely that you have simply misconfigured your URL.

3. Check that NameID is a mandatory claim in the SAMLResponse token.

   You must add this claim on the Identity Provider side to be a unique attribute of the authenticated user, for example their e-mail address. When you map an authenticated user later on, the NameID field must be the SSO Name ID on the operator field.

4. In the Public Key field, paste the public key of your signed SAMLResponse token that you received in Step 2.
5. Save the public key.

   Result: To work with SSO, use the following URL format:

   • To access Agent Workspace:
     • https://agent.bold360.com/sso/account-id/ACCOUNTID (Replace ACCOUNTID with your account ID)
     • https://agent.bold360.com/sso/username/USERNAME (Replace USERNAME with your username)

   • To access reports:

     https://reports.boldchat.com/aid/ACCOUNTID (Replace ACCOUNTID with your account ID)

   • To access Dashboard:

     https://dashboard.boldchat.com/aid/ACCOUNTID (Replace ACCOUNTID with your account ID)

6. Check that parsing was successful to ensure that Digital DX servers understand the response as a SAML 2.0 Assertion Token.
   Remember: First you must make sure that the SAMLResponse token is returned correctly.