Complete the steps in the following procedure to configure Single Sign-On (SSO) using the WS-Federation protocol in the Security & Control module of the Bots Admin Console. Kore.ai also supports Security Assertion Markup Language (SAML) and OpenID Connect protocols. For more information, see Using Single Sign-On.
- In the Security & Control module on the Single Sign On page in the Bots Admin Console, click Enable SSO.
- In the Select suitable Sign-On Protocol section, select WS-Federation.
- In the Configure SSO for WS-Federation section, select an identity provider, and then define the settings for:
- Windows Azure®
- Azure AD Sign-On End Point URL – The URL that Kore.ai sends sign on and sign off requests using Azure. The response for the authentication is sent to the Reply URL defined in your Azure Active Directory configuration settings.
- Azure AD Federation Metadata Document – The URL for the federation metadata document used for authentication with Azure Active Directory.
- Other – Generic WS-Federation identity provider configuration. Select this option if you are not using Windows Azure.
- AD Sign-On End Point URL – The URL that Kore.ai sends sign on and sign off requests using your WS-Federation identity provider.
- AD Federation Metadata Document URL – The URL for the WS-Federation metadata document used for authentication with Active Directory.
In the administrative console for your Single Sign-On provider, you will also need to define the URLs that are used to exchange data between Kore.ai and your SSO provider. While the URL names may vary by SSO provider, you will need to define these URLs:
- Assertion Consumer Service (ACS) URL or Callback URL as https://idp.kore.ai/authorize/callback. In addition to authentication values, you must pass the email address of the user as an LDAP attribute from Active Directory when using ADFS. For more information, see Attributes for ADFS.
- Identity URL or Sign On URL as https://idp.kore.ai
- Windows Azure®
- Click Save.
The Identity Provider information successfully updated message is displayed at the top of the page. The following illustration shows the Single Sign On page with WS-Federation sign-on protocol selected: