1. Administering Live Experience
  2. Enable Oracle Identity Cloud Service (IDCS) Authentication

Enable Oracle Identity Cloud Service (IDCS) Authentication

As an administrator, you can configure IDCS single sign-on (SSO) for authentication to enable agents and supervisors sign in to Desktop Agent Experience (DAE) and Admin Console using IDCS.

You can use IDCS SSO for identification and access control across all user roles and interfaces in Live Experience. After you configure IDCS, users added in IDCS are autoprovisioned in Live Experience, and their roles are autopopulated based on the assigned groups.

Contact your Oracle account manager to enable IDCS authentication. You can then follow these steps to enable SSO using IDCS.

  1. Sign in to the Live Experience Admin Console as an administrator.
  2. From the Admin Console navigation menu, click Integration and click the IDP tab.
  3. In the Configure your IDCS application section, note down the values of Entity ID, Assertion Consumer URL, Single Logout URL, and Single Logout URL Callback.
  4. Sign in to the IDCS Admin Console as an administrator.
  5. From the navigation menu, click Users.
  6. Add your users.
    1. Click Add.
    2. In the Add User dialog box, enter the user details, and click Finish.
  7. From the navigation menu, click Groups.
  8. Create the groups LX Administrators, LX Associates, and LX Supervisors.
    1. Click Add.
    2. In the Add Group dialog box, enter the group details.
    3. Click Finish.
  9. From the navigation menu, click Users.
  10. Click the user you created, and then click the Groups tab.
  11. Click Assign.
  12. In the Assign Groups dialog box, select the groups that you want to assign to the user, and click OK.
    Tip: You can assign multiple groups to a user and associate a user with multiple roles.
  13. From the navigation menu, click Applications.
  14. On the Applications page, click Add.
  15. In the Add Application dialog box, click SAML Application.
  16. In the Add SAML Application page, App Details section, enter the name and description of the application.
  17. Enter the application URL that you use to access the application.
    Note: Ensure that the Application URL points to Admin Console and not DAE. For example, /ui/?tenant=tenantname.
  18. In the Display Settings section, select the Display in My Apps check box.
  19. Click Next to move to the SSO Configuration stop.
  20. In the General section, enter these details:
    1. Enter the Entity ID and the Assertion Consumer URL that you noted down from the Live Experience Admin Console.
    2. From the NameID Format list, select Email address.
    3. From the NameID Value list, select Primary Email.
  21. In the Advanced Settings section, enter these details:
    1. Select the Enable Single Logout check box.
    2. From the Logout Binding list, select Redirect.
    3. Enter the Single Logout URL that you noted down from the Live Experience Admin Console.
    4. In the Logout Response URL field, enter the Single Logout URL Callback that you noted down from the Live Experience Admin Console.
  22. In the Attribute Configuration section, click the plus icon next to the attributes, and enter these details:
    1. Enter memberOf for the name of the assertion attribute.
    2. From the Format list, select Basic.
    3. From the Type list, select User Attribute.
    4. From the attribute Value list, select Group Membership.
    5. From the Condition list, select Starts with and in the condition Value field, enter LX.
    6. Optionally, enter user.firstName and user.lastName as additional user attributes for First Name and Last Name. If you don’t provision the first name and the last name of the IDCS users, the Live Experience users will use email address as full name.
  23. Click Download Identity Provider Metadata.
    This downloads the IDCSMetadata.xml file that you need later.
  24. Click Finish to activate the application.
  25. Switch to the Live Experience Admin Console.
  26. In the Import IDCS Authentication Identity Provider Configuration section, click Import.
  27. Import the IDCSMetadata.xml file that you downloaded earlier.
  28. Click Verify.
    Verification of SSO authenticates and provides users access to the Live Experience Admin Console. Ensure that the user verifying SSO is part of the LX Administrators group in IDCS.
    Existing users won't be able to sign in to IDCS. Delete existing users to avoid any conflicts with autoprovisioned users from IDCS who have configured with the same email address. It's best practice to retain at least one user with administrator privileges in case you accidentally remove the IDCS authentication integration option so you can sign in as admin and add users.