Skip to main content
NiCE CXone Mpower Expert
Expert Success Center

Customer SSO with Userhub and Expert

  1. Last updated
  2. Save as PDF

Overview

Customers using Expert will have different use cases for accessing Expert, whether that be through Copilot or accessing Expert directly. To account for these different use cases, a specific SSO scheme must be set up which utilizes three different systems:

  • Customer's Identity Provider
  • Userhub/CXone
  • Expert

Step 0: Userhub with Agent/Copilot

To set the foundation, Userhub acts as a user management system for CXone, which houses several products and features, notably Copilot and Agent. This allows Users to log into CXone through Userhub in order to access these products.

Image 1- Image of Userhub with Agent and Copilot.png

Step 1: Authenticating into Userhub

Customers can connect their Identity Provider to Userhub using this documentation. This connection will allow Users to log into CXone through the Identity Provider, allowing for the use of features such as Agent and Copilot. This step is done by the customer once they gain access to Userhub, and can be done via SAML or OIDC. 

In this scheme, Userhub acts as a Service Provider to the Customer's Identity Provider and gets populated with Users from the Customer's IdP.

Image 2 - Image of Customer's IdP connecting to Userhub.png

Step 2: Userhub as a Federated IdP to Expert

Now that Userhub is being populated with Users, we can connect Userhub to Expert through an OIDC connection. This step is done through the NiCE Implementation teams; the customers do not see the set up for this step.

In this scheme, Userhub is now acting as the Identity Provider and Expert is the Service Provider. Userhub is taking the Federated Identity from the customer's IdP and "forwarding" that identity to Expert.

Image 3 - Image of Userhub connecting to Expert as an IdP.png

Expert content will get pulled into Agent and Copilot. In order for the Agent and Copilot to know who is accessing the content, they will need to reference the authenticated User.

Image 4 - Image of Expert connecting to Agent Copilot.png

Step 3: Authenticating Directly into Expert

The previous steps encapsulate the use case of Users access Expert through CXone in order to use Agent and Copilot. However, Users from the Customer's IdP may need to access Expert directly without needing to access CXone. A common use case for this is content managers who create and edit documentation directly on the site. In this case, we can set up a direct connection between the Customer's IdP and Expert, completely separate from Userhub. 

Image 5 - Image of Customer IdP connecting directly to Expert.png

It's important to note that Users should only have access to one or the other, but not both authentication flows. If a User has access to both, that will result in duplicate Users in Expert.

We have documentation on how to set up a direct SSO connection to Expert with the following Identity Providers:

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.