Configuring Glance for Salesforce Single Sign-On (SSO)
To configure Single Sign-on (SSO), you will first need to work with Glance Customer Success on which field in your Salesforce User object you intend to use as the Glance Partner User ID (PUID). It may be convenient to use the Salesforce UserID itself. It is also common to use a value in the User FederationID field (also used for SAML). You will need to provision Glance users with Partner User IDs in addition to their Glance addresses. You will also need to generate your own API key for your group in your Glance account online.
Configuring SSO requires a Glance representative to access your Salesforce org.
Follow these steps to grant Glance log in access:
- From Salesforce, click on your Name, and then Settings.
- Under My Personal Information, click Grant Account Login Access.
- Give Glance Networks Support login access for a period of time.
- Go to Setup by clicking the Gear icon in the top right corner.
- In Quick Find, search for Company Information.
- Find your Salesforce.com Organization ID and send it to Glance Customer Success.
After you have been provisioned for SSO, Glance will usually do the following steps. They are listed here for your reference:
- Go back to Glance Company Settings and click Edit.
- Under Single Sign-on, check Enable SSO.
- Next to the Partner User ID Field, select the User field containing the PUID set earlier.
- Next to SSO Login Expiration, set the amount of seconds you would like SSO login to last. We recommend using the default 3600, which equals one hour.
- Click Save.
For more information see How SSO Works below.
There is another option in the SSO settings to enable Universal Join. Checking this transforms the Cobrowse button into a Join button. It behaves exactly the same way except it also grants the ability to join sessions started by customers from your company's mobile, desktop app or from a desktop sharing web page. Your company must have instrumented their applications with this feature. Agents must have permission to join these types of sessions, which can be configured by the admin in the Glance Portal.
If you are interested in this functionality, please contact Glance.
How SSO Works in Salesforce
A user can be authenticated to various Glance services, either on the web or via the clients using a Login Key.
Authentication requires a Glance PartnerId (Group ID), a PartnerUserId identifies the User within the Group and a LoginKey. All three are passed on a web page URL or a custom protocol URL invoking the client.
G4S generates a LoginKey using the API Key provisioned in the customer Org Custom Settings, the PartnerUserId (from the specified Salesforce User field) and the GroupId of the default admin user.
G4S then passes the LoginKey, PartnerId, PartnerUserId to Glance.
For web agents these are passed on the Cobrowse join URL (See "Single sign-on" under "Joining a Session Through CRM Integration" in the Cobrowse section).
For Glance Client agents, the LoginKey and other parameters are passed to the client on the glancepanorama://… protocol URL.
|Step||Agent Browser||SFDC/G4S||Glance Protocol Handler||Glance Client||Glance Web Services|
|1||Browser requests object (Lead, Contact, Case) from SFDC||SF serves page layout with embedded G4S VF page|
|4||Protocol handler exe launches Glance Client (formerly Panorama) if not running, then transmits protocol URL (via ServiceModel/named pipes)||Glance client receives and parse protocol URL|
|5||Glance Client calls Glance Web Services to authenticate, passing the PartnerId, PartnerUserId and LoginKey||Web Services uses PartnerId to retrieve secret APIKey, and validates LoginKey. Maps PartnerUserId to a Glance user and validates access and privileges. Returns validation, privileges and settings and for actions that start a session return a server and server key|