Loading
Salesforce now sends email only from verified domains. Read More
Agentforce Contact Center
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Create S3 Bucket for SCV SAML Metadata

            You are here:

            1. Salesforce Help
            2. Docs
            3. Agentforce Contact Center

            Create S3 Bucket for SCV SAML Metadata

            Create an AWS S3 bucket with S3 bucket policy for SAML metadata in the same region where you execute the BYOATenantStack.

            Required Editions

            This article applies to:

            • Service Cloud Voice with Partner Telephony from Amazon Connect (Voice manually integrated with your Amazon Connect instance by importing the contact center definition XML file)
            View supported editions.
            1. Create an AWS S3 bucket for SAML metadata. Though you can use any name for the AWS S3 bucket, it’s recommended to use the <CustomerPrefereds3bucketPrefix>-scv-saml-metadata pattern for the name.
              You must create the S3 bucket in the same region where you execute the BYOATenantStack.
            2. Add the bucket policy.

              { "Version": "2008-10-17", "Statement": [ { "Sid": "AllowS3PutAccessForIntegrationUser", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<AWS_ACCOUNT_ID>:user/<USER_NAME>" }, "Action": "s3:Put*", "Resource": "arn:aws:s3:::<CustomerPrefereds3bucketPrefix>-scv-saml-metadata/*" }, { "Sid": "AllowS3AccessForResourcessToSubAccount", "Effect": "Allow", "Principal": "*", "Action": "s3:Get*", "Resource": "arn:aws:s3:::<CustomerPrefereds3bucketPrefix>-scv-saml-metadata/*", "Condition": { "StringEquals": { "aws:PrincipalServiceName": "cloudformation.amazonaws.com" } } }, { "Sid": "AllowS3AccessForIamRole", "Effect": "Allow", "Principal": "*", "Action": "s3:Get*", "Resource": "arn:aws:s3:::<CustomerPrefereds3bucketPrefix>-scv-saml-metadata/*", "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::*:role/IDPLambdaRole", "arn:aws:iam::*:role/SCVIDPLambdaRole" ] } } }, { "Sid": "DenyUnsecuredS3Access", "Effect": "Deny", "Principal": "*", "Action": "*", "Resource": "arn:aws:s3:::<CustomerPrefereds3bucketPrefix>-scv-saml-metadata/*", "Condition": { "Bool": { "aws:SecureTransport": "false" } } } ] }

            The S3 bucket for SAML metadata stores the SAML metadata document. The ProviderCreator resource of BYOATenantStack fetches the SAML Metadata document to configure the SAML authentication between the Salesforce org and the Amazon Connect instance.

            The BYOATenantStack fetches the SAML metadata document with the same name as provided in the parameter for the S3 bucket for SAML metadata.

             
            Loading
            Salesforce Help | Article