Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

ON THIS PAGE

What it's about

SAML is an acronym used to describe the Security Assertion Markup Language (SAML). Its primary role in online security is that it enables you to access multiple web applications using one set of login credentials. It works by passing authentication information in a particular format between two parties, usually an identity provider (IDP) and a web application (in our case, XCALLY).

The technology industry created SAML to simplify the authentication process where users needed to access multiple, independent web applications across domains. Prior to SAML, single sign-on (SSO) was achievable but relied on cookies that were only viable within the same domain. It achieves this objective by centralizing user authentication with an identity provider. Web applications can then leverage SAML via the identity provider to grant access to their users. This SAML authentication approach means users do not need to remember multiple usernames and passwords. It also benefits service providers as it increases security of their own platform, primarily by avoiding the need to store (often weak and insecure) passwords and not having to address forgotten password issues.

How to set up

To activate the login with SAML on XCALLY, you need to: 

A. Configure XCALLY Server

B. Enable XCALLY connection in IDP

C. Enable SAML login for Administrator, Users and Agents

Configure XCALLY Server

Follow these steps to configure the XCALLY server:

  1. Use SSH to connect to your XCALLY server

  2. Login with root user

  3. Set SAML strings for activating the connection between XCALLY and the IDP:

    XC_SAML_ENTRYPOINT -> Identity Provider (IDP) entrypoint
XC_SAML_CERT -> IDP's public signing certificate
XC_SAML_ISSUER -> Issuer string to retrieve from the IDP
XC_SAML_LOGOUT_URL (optional) -> IDP Single Logout

Enable Active Directory connection in XCALLY

To use Active Directory login, you need to add Active Directory settings on XCALLY.

Retrieve Active Directory configuration

Ask to Active Directory Administrator the following properties:

Property

Description

url

Active Directory server to connect to, e.g. ldap://ad.example.com

baseDN

The root DN from which all searches will be performed, e.g. dc=example,dc=com.

domain

Domain of email address, e.g. example.com

Configure Active Directory in XCALLY

Follow these steps to configure the Active Directory:

  1. Use SSH to connect to your XCALLY server

  2. Login with motion user

    su - motion

  3. Open /var/opt/motion2/.env and edit the following properties (add it if not existing)

    XC_ACTIVEDIRECTORY_BASE_DN='<baseDN>'
XC_ACTIVEDIRECTORY_URL='<url>'
XC_ACTIVEDIRECTORY_DOMAIN='<domain>'

  4. Stop motion application (with root privileges)

    service motion stop

  5. Initialize environment variables

    cd /var/opt/motion2
npm run initialize

Enable SAML login for Administrator, Users and Agents

Enable login in General Settings

The Login with SAML must be enabled under Settings → General:

Users and Agents will be able to connect to XCALLY using identity provider credentials.

Staff emails on XCALLY must be equal to the Staff emails registered on the identity provider.

Login for XCALLY users

On the Login page, the button Login with SAML is available:

Clicking on Login with SAML, XCALLY Users will be redirected on the identity provider portal.

After entering the provider credentials on the provider portal, XCALLY Interface will be opened as usual.

If configured, from the second login on, each time Users click on Login with SAML, they will directly access to XCALLY, without entering credentials again.

  • No labels