The visitor Single Sign-On (SSO) feature allows you to authenticate your visitor’s account information before the chat starts.
Once customers log in, your agents can view their account information in Comm100 Live Chat. This helps them know who they are chatting with and avoid asking the same standard questions, speeding up the resolution and improving customer satisfaction.
How Does Visitor SSO Work?
Comm100 Live Chat Visitor SSO supports SAML (Security Assertion Mark-up Language) and JWT (JSON Web Token) for exchanging authentication and authorization data between your IdP (Identity Provider) and the Comm100 Live Chat server.
When a customer clicks on the chat window's login option, the Comm100 Live Chat server asks your IDP server whether the customer has been authenticated. If the customer has already logged in SSO using the same browser, the IDP server returns the response to Comm100, and the customer is connected to live chat immediately. Otherwise, the login page shows up in the chat window, asking customers to log in.
The credentials provided on the page are sent directly to your SSO server, not Comm100, which means this authenticating process is done solely on the SSO service side, preventing man-in-the-middle hacks and other possible password breaches. Once authenticated, customer account information is sent to Comm100 Live Chat.
Your agents can see the information in the Agent Console, where you chat with customers. You can also make SSO authentication optional. Customers who choose to chat as a visitor skips the authentication step. In this case, your agents cannot view their account information in Comm100 Live Chat.
Requirements for Setting Up Visitor SSO
Before configuring Visitor SSO via SAML or JWT, you need to collect required information depending on the standard you use.
Requirements for Setting Up SAML Visitor SSO
Before configuring SAML Visitor SSO, you need to download the service provider metadata from Comm100 and share the file with your identity provider first. Your IDP provides the required configuration details accordingly. The configurations include the following:
- The SSO Sign-In URL which can receive SAML Request
- Artifact Resolution Service URL
- Logout URL
- SAML Certificate
To ensure data security, Comm100 suggests adding a signature to the SAML Response returned from IdP to Comm100 SSO, which requires a certificate to verify signature validation.
Requirements for Setting Up JWT Visitor SSO
Before setting up JWT visitor SSO on Comm100, you need to generate the JWT and collect the following information:
- Remote login URL: The URL that visitors are redirected to for remote authentication in the chat window. If you set up IdP-initiated SSO login, the URL is optional.
Note: IdP-initiated SSO login allows a visitor to log in to Comm100 directly without being redirected as long as the visitor has logged in to your system. To set up IdP-initiated SSO login, you need to pass the JWT via Visitor Side JavaScript API. To learn how to use the API, refer to Visitor Side JavaScript API.
- Certificate: The public portion of the RSA key generated by your Identity Provider. Comm100 Live Chat uses the key to validate the JWT generated by you.
Enabling Visitor SSO in Your Comm100 Account
After gathering the information, follow these steps:
- Log in to your Comm100 account.
- From the left navigation menu, go to Live Chat > Settings > Visitor Single Sign-On.
- Turn on the Visitor Single Sign-On toggle key, and choose SAML SSO or JWT SSO according to your needs.
- In the SSO Settings section, add all information that you have gathered.
- For SAML SSO, you need to download the Service Provider Metadata file and share it with your identity provider first.
Your IdP server may request the following information. For the value of "AssertionConsumerService", you need to replace "dash11" and site ID with the actual value of your site.
Attribute
Value
entityID
comm100livechat
AssertionConsumerService
https://dash11.comm100.io/visitorsso/AssertionConsumer?SiteId=100
Note: You can find the dash number and site ID in the address bar on your Control Panel. - For JWT SSO, if you have set up IdP-initiated SSO login via JavaScript API, the Remote login URL can be empty.
- For SAML SSO, you need to download the Service Provider Metadata file and share it with your identity provider first.
- In the SSO Data Mapping section, add all user attributes that you wish to collect.
You can collect visitor information, like name, email, and phone number, and so forth.
- From the Sign-In Options drop-down list, select a sign-in option.
Three sign-in options are available to satisfy different business requirements:- No sign-in: Your customers and visitors can start chatting with you right after clicking on your chat button or filling out your pre-chat survey (if you have a pre-chat survey enabled).
- Sign-in optional: Give your customers and visitors the choice to log into their accounts or chat anonymously when initiating a chat. Logged-in customers will skip the pre-chat survey, while non-logged-in visitors need to fill out your pre-chat survey before chatting.
- Sign-in required: Your customers and visitors are required to log in before chatting. If a visitor does not have an account with you, they will not be able to access live chat. This option helps you automatically keep out ineligible visitors if your live chat is exclusive to customers with accounts.
- Click Save.
To learn more about Visitor SSO, click here to read the Visitor Single Sign-On Whitepaper.