General Account Settings Articles

How to set up SAML 2.0 Single Sign-On via an Identity Provider

BoldChat provides Single Sign-On support based on SAML 2.0 protocol. It accepts SAML Assertions using the SAMLResponse parameter where the NameID of the authenticated user is a mandatory claim.

On the Identity Provider (IdP) side you must set up the connection with the following parameters:

  • Protocol type: SAML 2.0
  • Service type: AssertionConsumerService
  • Binding type: HTTP-POST
  • WantAssertionsSigned: True

Alternatively, you can set up the connection using the BoldChat metadata XML below that contains the required parameters.

Important: Change both instances of xxxxxxxxxx to your account ID. You can find your BoldChat SSO URL on the settings form. Change both instances of yyyyyyyyyy to the web client URL extended with the server set for your data residency region.
Data Center URL
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="https://yyyyyyyyyy/aid/xxxxxxxxxx/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
  <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yyyyyyyyyy/aid/xxxxxxxxxx/"/>
  1. Go to Setup > General Account Settings > Single Sign-On and select the Main Setup tab.
  2. Remember: You must configure SSO on the Identity Provider side first.
    Click Test to check the authentication process.

    You are redirected to the Identity Provider's URL in a popup. If you get back SAMLResponse from the ID Provider than its response will be presented on this setting form. If no SAMLResponse parameter returns or you simply misconfigured your URL, the popup window may stay open.

    Important: The Identity Provider URL must be a common link that authenticates and redirects the user to the BoldChat SSO URL with SAMLResponse token, if the user have the necessary rights.
    Result Description
    SAMLResponse is returned

    The response is presented in the form.

    Note: Copy the public key for later use.
    SAMLResponse is not returned

    The popup may stay open.

    It is likely that you have simply misconfigured your URL.

  3. Check that NameID is a mandatory claim in the SAMLResponse token.

    You must add this claim on the Identity Provider side to be a unique attribute of the authenticated user, for example their e-mail address. When you map an authenticated user later on, the NameID field must be the SSO Name ID on the operator field.

  4. Under the Public Key Setup tab, paste the public key of your signed SAMLResponse token that you received in Step 2.
  5. Save the public key.
    1. Agent Workspace setup. To access Agent Workspace by SSO, use the following URL format:
      • (Replace ACCOUNTID with your account ID)
      • (Replace USERNAME with your username)
    2. Desktop Operator Client setup. You can use the desktop Operator Client in SSO mode with version 7.40 or newer. To configure the desktop Operator Client, do either of the following:
      • Go to Start Menu > All Programs > SSO Mode.
      • Use the following registry commands.

        SSO Launch Enabled Registry Script

        Windows Registry Editor Version 5.00

        SSO Launch Disabled Registry Script

        Windows Registry Editor Version 5.00
    3. Web Client SSO setup. Once you have configured SSO on both sides, launch your WebClient SSO lookup mode with either of the following URLs:
      URL Description
      https://yyyyyyyyyyy/aid/xxxxxxxxxx/ xxxxxxxxxx is your Account ID ; yyyyyyyyyy is the URL with server set
      https://yyyyyyyyyyy/un/uuuuuuuuuu/ uuuuuuuuuu is any BoldChat username defined under your account; yyyyyyyyyy is the URL with server set
  6. Check that parsing was successful to ensure that BoldChat servers understand the response as a SAML 2.0 Assertion Token.
    Remember: First you must make sure that the SAMLResponse token is returned correctly.

Once parsing has completed successfully, you can check the following:

  • Issuer found: A required attribute in the SAML 2.0 protocol
  • IssueInstant: A required attribute that contains the issuer timestamp. It must be in UTC format by default. BoldChat accepts tokens within a valid time frame.
  • NameID: Required for mapping a BoldChat operator record with the authenticated user.
  • Public key: Required and must be stored in BoldChat settings as well for signature validation.

How to enable Single Sign-On through login controls

Single Sign-On (SSO) integration simplifies the sign-in process for Enterprise users by providing access to multiple products with a single login. This feature integrates with your current SSO technology and is easily accessible though the Operator Client, Agent Workspace, and Web Client.

  1. Within the .NET or the Web Client, go to Setup > Login Control Settings > Setup.
  2. Check the box next to Single Sign On Settings > Enable Single Sign On.

    To see the edits and modifications you will need to make, click Help.

  3. When finished making edits, click Save on the Single Sign-On Setup tab and then click Save on the Login Control Settings tab.

How to set up your network

This section describes each field in the My Network Setup dialog window.

Settings Tab

Use Internet Explorer Settings

If selected, your desktop Operator Client will attempt to connect with our data center server(s) using the non-dynamic proxy settings from your Internet Explorer configuration. If your proxy settings in Internet Explorer are set by a dynamic script, this option may not work for you. You may instead need to choose the Override with my own values option and provide the specific proxy server settings to be used.

Note: Changes to these settings impact only the connectivity of this operator client application.

Override with my own Values

If selected, your desktop Operator Client will attempt to connect with our data center server(s) via a proxy server, as specified by the Proxy Host, Proxy Port, Proxy User Name and Proxy Password settings that you specify. You may need to consult with your Network Administrator regarding the values to put in these fields.

Proxy Host
Specify the host name (i.e. domain name or IP address) of the proxy server that you want your desktop Operator Client to connect through. You may need to consult with your Network Administrator regarding the value to put in this field.
Proxy Port
Specify the port number to use when connecting through the specified proxy server. Normally, this would be port 80 if the Secure Connection option is not checked, or this would be port 443 if the Secure Connection option is checked. You may need to consult with your network administrator regarding the value to put in this field.
Proxy User Name (optional)
If your proxy server requires user authentication for connectivity through it, specify your user name is this field. You may need to consult with your Network Administrator regarding the value to put in this field.
Proxy Password
If your proxy server requires user authentication for connectivity through it, specify your password is this field. You may need to consult with your Network Administrator regarding the value to put in this field.

Do not connect via a proxy

If checked, your desktop Operator Client will attempt to connect with our data center server(s) directly, without trying to connect via a proxy server.

Secure Connection (SSL)
If checked, your desktop Operator Client connects with our data center server(s) using an SSL-encrypted, secure connection.

Connection Status Tab

Connection Status

This tab is an indicator of the status of your connection to our servers. Our support team will request you to send us details on this tab when troubleshooting any connectivity issues. The status will help us determine your bandwidth and latency to our servers. Clicking the Send Connectivity Report button will run a connectivity test and request you to email us the test results once complete.

Status indicates the connection quality as it relates to responsiveness and transfer rates. There can be three states of connection; Connected, Disconnected, and Error. The Status graph is the visual indicator for the current connection state and its strength.
The number of green bars indicate responsiveness (latency).
The number of blue bars indicate the transfer rate (bandwidth).
Note: The greater number of indicator bars, as it relates to Responsiveness and Transfer, the better.

Sending a Connectivity Report

Our support team will occasionally request a connectivity report when trying to help you work through connectivity issues. This report will help us determine your bandwidth and latency to our servers. Clicking on the Send Connectivity Report button will run connectivity tests, we will then request you to email us the test results once complete.

How to automatically log out inactive operators

You can set the desktop Operator Client to automatically log out operators after a specified period of inactivity. This helps ensure that your information is secure when the client is unattended.

By default, this feature is enabled.

  1. Go to Setup > Login Control Settings.
  2. Select Logout operator after being inactive for ... minutes.
  3. Set the amount of time from 1 to 999 minutes before the operator is automatically logged out.

Data Retention Options

Enterprise subscribers can set BoldChat to automatically recycle or delete chat data.

Enterprise subscribers with proper permission settings can activate data retention at the following location: Setup > Data Retention

The ability to change data retention settings is disabled for all permission groups and must be explicitly enabled: Can Access Data Retention Settings. Use caution when granting permission to use this feature.

You can choose to automatically move chat sessions to the Recycle Bin or to permanently delete the chat session data. In either case, this is done after the chat has been closed for the specified number of days.

Permanent deletion

  • When you choose to permanently delete chat session data, the data is permanently removed from the system without passing through the Recycle Bin.
  • This data cannot be recovered.

Recycle Bin

  • When you move chats to the Recycle Bin, they are not immediately permanently deleted: Instead operators are prevented from seeing the data in their BoldChat Client interface.
  • Chats in the Recycle Bin can be recovered (Operator Client > View > Recycle Bin)
  • Or you can set up an automatic purging of the Recycle Bin after items have been in the bin for a specified period of time (Operator Client > View > Recycle Bin > Setup).
  • Once items are purged from the Recycle Bin, they are similarly permanently deleted and cannot be recovered.

Delete partial data

  • The main chat session record can be retained for historical reference and reporting, while other data associated with the chat session is deleted.
  • For example, you can delete the chat transcript data (messages exchanged between the chat visitor and operator), but leave the rest of the chat record information for historical reference and/or reporting.
  • Partial data deletion results in permanent deletion with no recovery option
  • This feature can also be used in conjunction with the complete record deletion option. For example, you could setup to permanently delete the chat transcript data after 90 days, and then permanently delete (or recycle) the complete chat records after 180 days.
  • Additional details are provided in the context-sensitive help in the desktop Operator Client interface

How to exclude visitors based on IP address

Set visitor IP addresses that should always be blocked by Visitor Monitoring and Chat Button HTML, one IP address per line.

  1. From the main menu of the operator client, go to Setup > General Account Settings.

    Result: The General Account Settings window is displayed.

  2. On the Extra Security tab, enter IP addresses to be blocked.
    Tip: You can also use wildcards. For example: 123.123.123.*
  3. Save your changes.

How to set up auto-translation

With Auto-translation, messages between visitor and operator are translated in real-time, thus allowing both parties to chat in their own language if the language pair is available.

This feature requires a GeoFluent subscription that you can acquire by contacting Lionbridge. Lionbridge will provide you with the account key and secret you need to start using auto-translation.

How does auto-translation work?

Auto-translation takes the following parameters into account:

  • Visitor language: Determined by the chat window's language setting or the language the visitor selected on the pre-chat form. You can define chat window language defaults in the chat window configuration.
  • Operator languages: The languages the operator speaks, prioritized by fluency level. You can configure operator languages in the operator settings.
  • Language pairs: The translation pair is supported by your GeoFluent subscription.

If the operator and the visitor share a common language, translation is not needed and it is switched off by default. Otherwise, if none of the operator languages match the visitor language and the language pair is available, messages are translated automatically.

GeoFluent is a third-party service. How is my sensitive information protected?

Your content is maintained in a secure, private workspace and never enters the public domain. As per BoldChat standards, messages are transmitted via secure protocols only.

Note: For information about GeoFluent and data residency, see Data Residency Options.

Are visitors aware when chat messages are being auto-translated?

Yes. Visitors are notified in a system chat message if messages are being auto-translated.

Depending on your requirements, original messages can also be displayed for visitors if Allow visitor to see original message is selected in the Chat Window configuration. This option also affects the content of chat transcripts.

How to configure your GeoFluent subscription

  1. Go to Setup > General Account Settings > Auto-translation and select Enable auto-translation.
  2. Configure your GeoFluent subscription and defaults.
    Option Description
    GeoFluent Host The host name provided by Lionbridge for your GeoFluent subscription.
    GeoFluent Account Key The account key provided by Lionbridge for your GeoFluent subscription.
    GeoFluent Account Secret The account secret provided by Lionbridge for your GeoFluent subscription.
    Default Language The language operators speak by default. Custom operator language settings override this value.
    Supported Language Pairs The language pairs available for your GeoFluent subscription. To add or remove language pairs, contact Lionbridge about adjusting your GeoFluent subscription.
  3. Click Validate credentials and refresh language pairs to check your GeoFluent settings and synchronize language pairs available for your subscription.
    Remember: You must do this every time your GeoFluent subscription changes (such as adding a new language pair to your subscription).

Data Residency Options

Many organizations face challenges meeting strict cross-border data privacy and residency requirements. BoldChat helps you face these challenges by giving you control over where your data resides.

Beginning Oct 29, 2016, all new customers signing up for a BoldChat account can choose a data residency region where their Service Data will be stored, hosted, and replicated (that is, the information you submit, transmit, collect, post, store, or produce while using the BoldChat service). Your Service Data will remain in your selected region without unwanted transfer*. Existing customers will continue to have data residency in the USA; migration is not currently an option. Please get in touch with us if you have an existing account that requires modification for alternative approaches.

Important: When requesting a product trial, by default your account is created with the data residency location preference set as USA. Please let us know if you need to use a different region.
Note: *To the extent you utilize any third party or internal services or providers that are not set to the same data residency restriction and in anyway interface with BoldChat or its Service Data, LogMeIn bears no responsibility for information processed through those third party services or by third party providers outside of the designated geographic region.

Current data residency regions

  • United States (US)
  • European Union (EU)

Feature Specific Considerations

Video Chat. Your data residency choice applies to all Service Data associated with the Video Chat feature.

Table 1. Video Server Locations
Location Video Server Locations
US US, Singapore

Email. Emails sent/stored from our servers use your selected data residency region. However, to ensure compliance, you should also verify the location of your own email provider as specified in your IMAP or POP URL settings (for example, a Microsoft Exchange server used by your organization or a corporate gmail account) since once emails leave our systems they get routed via your email servers and BoldChat does not control their path or final destination. If you have any questions, please contact your email provider.

Third-party Integrations. When using third-party services integrated with BoldChat, appropriate controls should be put on data leaving/being stored outside of BoldChat to ensure compliance with your data residency requirements, since they are outside of the scope of this option.

APIs. Workflow, Integrations, Data Extraction and Provisioning APIs are available for accounts in all data residency regions. Integrations must use the API endpoint corresponding to the data region in which your account is hosted. For more information, see Bold360 and BoldChat Developer Center.

SSO Integration. SSO is available in all data residency regions. For details regarding setup, see How to set up SAML 2.0 Single Sign-On via an Identity Provider.

Known Limitation

  • The SMS service is currently offered via gateways located in the US only

GeoFluent for BoldChat.


Bold360 21.10 Release Notes

Bold360 21.10 release notes

Bold360 version 21.10 contains the following new enhancements:

Enforcing HTTPS and removing HTTP across widget scripts

Going forward, there will no longer be an option to choose (non-secure) HTTP-only connections when generating widget touchpoint scripts. HTTPS will be enforced across all touchpoints going forward and HTTP-only widget configurations will no longer be supported as of December 31, 2021. Any widget script using HTTP only will need to be changed by this date in order to continue uninterrupted

Access to the Genesys DX AI management (* will only be accessible through HTTPs

In-product announcements will be present to raise awareness of this change

Important: Any widget script using HTTP only will need to be changed by this date in order to continue uninterrupted.

In-Product Rebranding

As part of the transformation to Genesys DX, the product interfaces are now rebranded to reflect this change. Logos, product names, and company links are now updated to Genesys branding and is present within each of the product interfaces.

getEstimatedWaitTime API call

Using the "getEstimatedWaitTime" API call will provide the estimated wait time that the visitor would spend waiting before starting a live chat with an agent.

Details on using this API can be located in this article.

Bold360 21.11 Release Notes

Bold360 version 21.11 contains the following new enhancements:

New KB Launchpad Intent Library for COVID-19/Vaccinations

In order to help businesses with providing just-in-time information related to updates to COVID-19 and vaccination protocols, a new entry in the KB Launchpad is now available with intents that can be used to deploy knowledge to keep your workforce informed of new policies and information that you may need to enforce.

Not familiar with the KB Launchpad? The KB Launchpad contains pre-defined intent libraries to help you add industry and use-case specific questions/intents to your KBs with your own specific responses to help with adding commonly asked questions for newly created KBs.

We will be enabling the KB Launchpad as a default setup option on all accounts shortly but contact your Account or Success Manager to get it enabled early if necessary.

ICO Cookie Compliance

In order to support ICO cookie compliance in regions that require end-user consent for allowing cookies to be set, Genesys DX now complies with this standard by making the tracking and analytics related cookies that are set through the touchpoint and visitor monitoring HTML snippets to be optional.

By default, all cookies will continue to be set upon page load. To restrict these cookies from loading automatically and only upon end-user consent, additional steps will be required on the website that the Genesys DX code is being deployed to.

You can learn more about what this compliance is and how to update your Genesys DX deployment to be compliant by reviewing the details in this article: ICO Cookie Compliance.