You are here:
Configuring Single Sign-On (SSO) with Amazon Connect
Set up single sign-on between Salesforce and Amazon to allow users to log in to Salesforce once and then be automatically logged in to Amazon using the same credentials.
Required Editions
This article applies to:
- Service Cloud Voice with Amazon Connect
- Service Cloud Voice with Partner Telephony from Amazon Connect
| View supported editions. |
For Service Cloud Voice with Amazon Connect or Service Cloud Voice with Partner Telephony from Amazon Connect each Service Cloud Voice contact center comes with these default behaviors:
- One Amazon Connect user is created for each Salesforce user (rep or supervisor) that you add to the Service Cloud Voice contact center.
- Service Cloud Voice manages users in Salesforce orgs only. Salesforce doesn’t manage users in Amazon Connect. For example, deactivating a user in Salesforce doesn’t deactivate them from Amazon Connect.
For each contact center you create, Salesforce creates an Amazon Connect instance with the following default SSO configuration:
- Amazon is the service provider.
- Salesforce is the identity provider (IdP). As the IdP, Salesforce authenticates users and provides credentials to Amazon, the requesting service provider. Service Cloud Voice references Salesforce users as the source of truth for identities.
- Service Cloud Voice and Amazon Connect support SAML 2.0-based authentication.
- Salesforce automatically adds the Salesforce Single Sign-On connected app to the Service Cloud Voice permission set. Salesforce assigns the permission set to all users selected as contact center admins when the center is created. Any logged in Salesforce user with the Service Cloud Voice permission set is automatically logged into the contact center’s associated Amazon Connect instance.
Use Cases
This section lists some possible SSO integrations for Service Cloud Voice with Amazon Connect and Service Cloud Voice with Partner Telephony from Amazon Connect.
- Use only Salesforce as the identity provider for Amazon Connect
-
Use Case Supported? Sign in to Salesforce and then use Service Cloud Voice with the Omni-Channel softphone. Yes. Sign in to Salesforce and then use the Amazon Connect CCP softphone. Yes with some additional configuration. Contact Salesforce Customer Support. Use the Omni-Channel or Amazon Connect CCP softphone without signing in to Salesforce first. No.
- Use Salesforce plus a third party as identity providers for Amazon Connect
-
The user directory is maintained through the third party identity provider.
Use Case Supported? Sign in to Salesforce and then use Service Cloud Voice with the Omni-Channel softphone. Yes. Sign in to Salesforce and then use the Amazon Connect CCP softphone. Yes. Sign in via the third-party IdP and then use the Amazon Connect CCP softphone. Yes with some additional configuration. Contact Salesforce Customer Support. Sign in via the third-party IdP and then use Service Cloud Voice with the Omni-Channel softphone. No.
- Use a third-party identity provider for Amazon Connect
-
Use Case Supported? Sign in to Salesforce and then use Service Cloud Voice with the Omni-Channel softphone. Yes with some additional configuration. Contact Salesforce Customer Support. Sign in to Salesforce and then use the Amazon Connect CCP softphone. Yes with some additional configuration. Contact Salesforce Customer Support. Sign in via the third-party IdP and then use the Amazon Connect CCP softphone. Yes with some additional configuration. Contact Salesforce Customer Support. Sign in via the third-party IdP and then use Service Cloud Voice with the Omni-Channel softphone. Yes with some additional configuration. Contact Salesforce Customer Support.
