The visitor Single Sign-On (SSO) feature allows you to authenticate your visitor’s account information before the chat starts. It allows you to map your customer account information with Comm100 Contact fields and synchronize the information from your account system to Comm100 Messenger when the customer starts a chat.
Once your visitors log in via Single Sign-On and start a conversation, your agents can view the mapped Contact Information in Agent Console while replying to those tickets. This helps them know who they are chatting with and avoid asking the same standard questions, speeding up the resolution and improving customer satisfaction.
How Visitor SSO works?
Comm100 Messenger Visitor SSO uses Security Assertion Mark-up Language (SAML), an XML-based open-standard data format for exchanging authentication and authorization data between your IDP (Identity Provider) and the Comm100 Messenger server.
When a customer clicks on the chat window's login option, the Comm100 Messenger server asks your IDP server whether the customer has been authenticated. If the customer has already logged in to SSO using the same browser, the IDP server returns the response to Comm100, and the customer is connected to Messenger immediately. Otherwise, the login page shows up in the chat window, asking customers to log in.
The credentials provided on the page are sent directly to your SSO server, not Comm100, which means this authenticating process is done solely on the SSO service side, preventing man-in-the-middle hacks and other possible password breaches. Once authenticated, customer account information is sent to Comm100 Messenger.
Your agents can see the information right in the Agent Console, where you chat with customers. You can also make SSO authentication optional. Customers who choose to chat as a visitor skip the authentication step. In this case, your agents cannot view their account information in Comm100 Messenger
Requirements for Setting up Visitor SSO
Before configuring Visitor SSO, you need to collect the following details:
- Sign-In URL: This is the URL of the sign-in page provided by your identity provider to authenticate users.
- Artifact Resolution Service URL: This is the URL provided by your identity provider to receive the Artifact Resolve request from the service provider.
- Logout URL: This is the Logout URL provided by your identity provider. The service provider will send the logout response to this endpoint to notify your identity provider of an IDP initiated single logout.
- SAML Certificate: You can obtain the SAML certificate from your identity provider.
To ensure data security, Comm100 suggests adding a signature to the SAML Response returned from IDP to Comm100 SSO, which requires a certificate to verify signature validation.
Enabling Visitor SSO in Your Comm100 account
After gathering the required information, follow these steps:
- Log in to your Comm100 account.
- From the left navigation menu, go to Ticketing & Messaging > Settings > Visitor Single Sign-On.
- Turn ON the Visitor Single Sign-On toggle key.
- In the SSO Settings section, add the following information that you have gathered. See section Requirements for Setting up Visitor SSO.
- In the SSO Data Mapping section, add all user attributes that you want to collect. You can collect Contact information, like name, email, phone number, and so forth.
- From the Sign-In Options drop-down list, select a sign-in option. Two sign-in options are available to satisfy different business requirements:
- No sign-in: Your customers and visitors can start a conversation with you right after clicking on your chat button or filling out your pre-chat survey (if you have a pre-chat survey enabled).
- Sign-in required: Your customers and visitors are required to log in before conversation. If a visitor does not have an account with you, they will not be able to access Messenger. This option helps you automatically keep out ineligible visitors if your Messenger is exclusive to customers with accounts.
- Click Save.