Single Sign-On (SSO) for CX Builder
- 18 Apr 2025
- 2 Minutes to read
- Print
- DarkLight
Single Sign-On (SSO) for CX Builder
- Updated on 18 Apr 2025
- 2 Minutes to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
What is Single Sing-On?
Relay provides the ability for client organizations who use Single Sign-On (SSO) to integrate Relay’s CX Builder login into their SSO permissions. SSO is a technology which combines several different application login screens into one. With SSO, a user only has to enter their login credentials (username, password, etc.) one time on a single page hosted by their company to access all of their SaaS applications.
Access to user applications and user permissions are assigned and managed by an internal IT team or administrator.
How does SSO work with Relay CXB
For SSO clients, access to Relay CXB is defined through centralized user permissions driven by a client security role defined for each user and mapped to Relay CXB roles. For example, a user with Administrator access granted by his/her employer’s security might be mapped to and gain the Relay CXB access of a Relay Client Admin.
Client-side security is set by an Identity Provider (IdP) file maintained by the client administrator. The Client will work with Relay to review available user roles in the Relay system and identify a mapping to the equivalent user role in the Client’s system.
What is an IdP file?
An identity provider (IdP) stores and manages users' digital identities. Think of an IdP as being like a guest list, but for digital and cloud-hosted applications (including Relay CXB) instead of an event. An IdP may check user identities via username-password combinations and other factors, or it may simply provide a list of user identities that another service provider (like an SSO) checks.
Even though they are separate, IdPs are an essential part of the SSO login process. SSO providers check user identity with the IdP when users log in. Once that is done, the SSO can verify user identity with any number of connected cloud applications.
As part of client SSO setup, Relay personnel will upload an IdP file containing the list of users and their roles, which in turn will define the level of access to Relay CXB.
Requirements
We support a SAML2.0 SP-initiated flow (Note: IDP initiated flows are not currently supported)
We require an IDP file in .xml format from client
We require 2 SAML attributes to be sent:
We require 2 SAML attributes to be sent over:
in the
usernamefield we expect the user’s email addressin the
memberOffield, we expect a string indicating the user’s role in the relay portal. We can only accept one value in the member of field
Implementation Steps:
Step # | Task | Owner | Details |
|---|---|---|---|
1 | Identifying a mapping of Client-provided user roles to Relay user roles | Client/Relay | Example:
|
2 | Client to provide an IDP metadata file in .xml format | Client | See Requirements section above |
3 | Relay to load IDP file in CX Builder and add role mapping to CX Buider configuration | Relay | |
4 | Relay to provide the following to the Client:
| Relay | |
5 | Client to apply the details provided by Relay to their configuration | Client | |
6 | Testing, Configure Production, and Launch! | Client/Relay |
.png)
Was this article helpful?