SSO: General configuration

Values needed for configuring SSO identity providers

This guide contains values needed when configuring common SSO Identity Providers (IdP) for the SSO integration with Medallia Agent Connect.

Note: Only existing users can be supported via SAML 2.0. New team members cannot be automatically created by logging in through a SAML 2.0 provider. An administrator must create or invite new team members through the Agent Connect UI first.

Common values

Below are the values you will need to configure a new app within your IdP. If you are unsure of your subdomain, contact the Support team. You may not need all of these values, depending on your IdP.

Global Settings

SettingValue

Audience URI/Entity ID

https://{your_subdomain}.stellaconnect.net/

Assertion Consumer Service (ACS) URL*

https://{your_subdomain}.stellaconnect.net/employees/auth/saml/callback

Name ID format

Email Address (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress)

Application username or Subject Type**

Username or Email

Start URL

https://{your_subdomain}.stellaconnect.net

Signed Response

Checked

* Same for Recipient and Destination URLs

** Choose the field in your IdP where the email address or custom employee ID that is set up in Agent Connect can be found.

Okta

In Okta – Admin > Applications > Create New App > Platform = Web, SAML 2.0

SettingValue

SSO URL

https://{your_subdomain}.stellaconnect.net/employees/auth/saml/callback

Audience URI (SP Entity ID)

https://{your_subdomain}.stellaconnect.net/

Default RelayState

Blank

Name ID format

Email

Application Username

Okta Username / Primary Email

OneLogin

SettingValue

Audience/Entity ID

https://{your_subdomain}.stellaconnect.net/

Consumer URL

https://{your_subdomain}.stellaconnect.net/employees/auth/saml/callback

Name ID format

Email

User ID (key-value pair)

Username / Primary Email

PingIdentity

In PingIdentity — Admin > Applications > Add Application > New SAML Application​

SettingValue

Entity ID

https://{your_subdomain}.stellaconnect.net/

Assertion Consumer Service (ACS) URL*

https://{your_subdomain}.stellaconnect.net/employees/auth/saml/callback

SAML Signing (Encryption Certificate)

Blank

* Same for Recipient and Destination URLs

Provide your configuration to Medallia

The IdP should generate data that will need to be supplied to the Support team. You will be asked to provide:

  • Identity Provider Single Sign-On/Login URL

  • X.509 certificate

Test the configuration

Once the configuration has been set up within Agent Connect, test the SSO functionality by visiting https://{your_subdomain}.stellaconnect.net/employees/sign_in?sso=true and clicking Sign in with provider.

Go live

With testing complete, contact us and we will enable your SAML configuration to be the default and only login option for all team members. At this point, all team members that visit the login page for Agent Connect will be immediately redirected to the IdP for login.