Single Sign-On: General configuration

Currently, only authentication of existing users is supported via SAML 2.0. New team members cannot be automatically created by logging in through a SAML 2.0 provider. An admin will still need to create/invite the team member through the Medallia Agent Connect platform.

Step 1. Configure your Identity Provider

Below are the settings you will need to configure a new app within your Identity Provider, if you are unsure of your subdomain please reach out to your Client Services Manager.

Global Settings

You may not need all of these data points depending on your identity provider

SettingValue

Audience URI/Entity ID

https://{your_subdomain}.stellaconnect.net/

Assertion Consumer Service (ACS) URL*

https://{your_subdomain}.stellaconnect.net/employees/auth/saml/callback

Name ID format

Email Address (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress)

Application username or Subject Type**

Username or Email

Start URL

https://{your_subdomain}.stellaconnect.net

Signed Response

Checked

** Same for Recipient and Destination URLs** Choose the field in your IdP where the email address or custom employee ID that is setup in Agent Connect can be found.

Okta

SettingValue

SSO URL

https://{your_subdomain}.stellaconnect.net/employees/auth/saml/callback

Audience URI (SP Entity ID)

https://{your_subdomain}.stellaconnect.net/

Default RelayState

Blank

Name ID format

Email

Application Username

Okta Username / Primary Email

Steps: Admin> Applications> Create New App> Platform = Web, SAML 2.0

onelogin

SettingValue

Audience/Entity ID

https://{your_subdomain}.stellaconnect.net/

Consumer URL

https://{your_subdomain}.stellaconnect.net/employees/auth/saml/callback

Name ID format

Email

User ID (Key-pair Value)

Username / Primary Email

PingIdentity

SettingValue

Entity ID

https://{your_subdomain}.stellaconnect.net/

Assertion Consumer Service (ACS) URL*

https://{your_subdomain}.stellaconnect.net/employees/auth/saml/callback

SAML Signing (Encryption Certificate)

Blank

Steps: Admin> Applications> Add Application> New SAML Application* Same for Recipient and Destination URLs

Step 2. Provide Your Configuration to Medallia

The identity provider should generate a couple of pieces of data that will need to be supplied to the Success team, which can be reached at implementation@stellaconnect.com

You will be asked to provide:

  • Identity Provider Single Sign-On/Login URL

  • X.509 Certificate

Step 3. Test the Configuration

Once the configuration has been setup within Agent Connect, you will be able to test the Single Sign-on by visiting https://{your_subdomain}.stellaconnect.net/employees/sign_in?sso=true and clicking Sign in with provider.

Step 4. Go Live

When you are completed with testing, just contact us and we will enable your SAML configuration to be the default and ONLY login option for all team members. At this point, all team members that visit the login page for Agent Connect will be immediately redirected to the Identity Provider for login.