1. Administering Live Experience
  2. Create a SAML Application for Live Experience in Oracle Identity Cloud Service (IDCS)

Create a SAML Application for Live Experience in Oracle Identity Cloud Service (IDCS)

Using IDCS, create and configure a Security Assertion Markup Language (SAML) application for Live Experience.

SSO (Single Sign-On) is achieved by authenticating Live Experience through IDCS, which is configured as a trusted proxy. When a Sales or Fusion Service agent opens the Live Experience service from the media toolbar, IDCS redirects authentication attempts to Oracle Access Manager (OAM), which is the Sales and Fusion Service authentication application. You get your IDCS application configuration settings from the Live Experience Admin Console.
In this procedure, you create and configure a SAML application for Live Experience in IDCS, import the IDCS identity provider, establish a two-way trust relationship between IDCS and Sales or Fusion Service, verify the SSO configuration, and lastly, create matching users in Sales or Fusion Service, Live Experience, and IDCS.
Note: Follow these steps only if you are adding Live Experience to your existing Oracle Sales or Fusion Service site. If you purchased Live Experience and Sales or Fusion Service together, SSO is already enabled between the products.
  1. From the Admin Console Navigation menu, select Integration.
  2. On the CRM Integration page, select Oracle Engagement Cloud.
  3. In the Configure your IDCS application section, note down the values of Entity ID, Assertion Consumer URL, and Single Logout URL.
  4. In IDCS, from the navigation menu on the left, select Applications.
  5. On the Applications page, select Add and choose SAML Application.
  6. On the App Details page, enter details about your application and click Next.
  7. On the SSO Configuration page, enter details in the General section.
    1. Enter the Entity ID and the Assertion Consumer URL, which you noted down from the Live Experience Admin Console.
    2. For NameID Format, select Email address.
    3. For NameID Value, select Primary Email.
  8. Enter details in the Advanced section of the SSO Configuration page.
    1. Select the Enable Single Logout option.
    2. For Logout Binding, select Redirect.
    3. Enter the Single Logout URL, which you noted down from the Live Experience Admin Console.
    4. For Logout Response URL, enter the same value as for Single Logout URL.
  9. In the top-right corner of the page, click Download Identity Provider Metadata.
    This downloads the IDCSMetadata.xml file, which you will need later.
  10. Click Finish.
  11. When the page for your new application appears, click Activate.
  12. In the Live Experience Admin Console, return to the Activate Engagement Cloud Integration page.
  13. In the Configure your IDCS application section, click Continue.
    The Import Engagement Cloud Identity Provider Configuration section appears.
  14. Import the IDCSMetadata.xml file that you downloaded and click Import.
  15. Contact your Oracle account manager and request to have federation set up between IDCS and Sales or Fusion Service to establish a two-way trust relationship between IDCS and Sales or Fusion Service.
    In this trust relationship, also known as federation, Sales or Fusion Service acts as the identity provider and IDCS as a service provider (or proxy) to Sales or Fusion Service. In this configuration, IDCS redirects authentication requests between Live Experience and Sales or Fusion Service. The Sales or Fusion Service authentication is managed by OAM.
  16. In the Live Experience Admin Console, return to the Activate Engagement Cloud Integration page.
  17. In the Import Engagement Cloud Identity Provider Configuration section, click Verify to test that Live Experience can communicate through IDCS to Sales or Fusion Service.
  18. If you get a successful message in Live Experience, click Continue.
    Note: Although Live Experience takes you to the Configure Media Toolbar in Engagement Cloud section, you need to set up IDCS to communicate with Sales or Fusion Service.
  19. In IDCS, from the navigation menu, select Applications.
  20. On the Applications page, select the Live Experience SAML application you created.
  21. Do one of the following tasks:
    • On the Users tab, map IDCS users to the application.
    • On the Groups tab, map a group of IDCS users to the application.
    For every Sales or Fusion Service agent to whom you want to give Live Experience access, create an account in Live Experience and in IDCS. The account user name in Live Experience must be a valid email address. For SSO to work, the email address must match the agent's email address on their Sales or Fusion Service account.

    The users you create in IDCS need to be associated, either individually, or as part of a group, with the Live Experience SAML application.

What to do next

Next, see Confirm the Sales or Fusion Service Activation.