Client Certificates for Single-Sign-On of SAP Contact Center CDT

Client Certificates for Single-Sign-On of SAP Contact Center CDT

Single-Sign-On (SSO) can be enabled for SAP Contact Center users. This KB article assumes the backend has been already setup to allow SSO with the Front-End Virtual Unit. For Cloud Edition customers, this is enabled for you automatically.

How it Works

Each user is required to have their own unique certificate with a unique certificate Common Name (CN). This certificate needs to be a "Client" certificate. Read the following link if you're not sure what that is: https://blogs.msdn.microsoft.com/kaushal/2012/02/17/client-certificates-vs-server-certificates/ 

When a user launches their CDT, Contact Center attempts to make a match between certificates installed in the local PC and certificates assigned in Contact Center to individual users. This match is based on the certificate CN and Issuer.

When a match is found, the user is logged in automatically and no username/password is required.

Important Note About Issuer

  • Certificates that are "self-signed" (for instance, created by your organization's certificate authority) must have the Certificate Authority (CA) trusted by the SAP Contact Center servers (e.g. the CA must be recognized and trusted in each server that will process Agent Front-End logins). This means installing the root CA as a Trusted Root or Intermediate Authority. 
  • Cloud Edition customers will need to provide SAP with the root CA to install 
  • If you generate the client certificates from a commonly trusted CA (e.g. commercial certificate from Verisign or Thawte etc.) then you do not have to install the root CA on the server.

How to Configure a User for SSO
  • Launch your System Configurator
  • You need the rights to add or modify users
  • Navigate to "User and Role Management" > "Users"
  • Open the User you wish to configure
  • Expand the section called "Certificates"
  • Fill out the Certificate "Subject" (the CN) and the Issuer (the CA)
  • Save the user

For More Information


    • Related Articles

    • How to Enable QoS for SAP Contact Center Servers and Communication Desktop (CDT)

      How to Enable QoS for SAP Contact Center Communication Desktop (CDT) QoS or Quality of Service describes the way in which packets are tagged to ensure that network devices apply the correct prioritization, allowing the best possible experience when ...

    • Recording Format for SAP Contact Center (BCM) Prompts

      The prompt files must be saved in PCM format in order for SAP CCtr to play them. Specifically, save as .WAV file: Required audio recording format: Bit Rate: 128kbps Audio sample size: 16 bit Channels: 1 (mono) Audio sample rate: 8kHz Audio format: ...

    • How to raise the CDT log level

      There are a couple ways to bump up the logs at the CDT level. The first is by adding this CDT startup parameter when launching your CDT: http://CDT address/cdt?arg=loglevel=5 Or you can temporarily bump up the logs while in CDT via the phone settings ...

    • ShortCut Keys for CDT

      The list of available short cut keys can be found at this link:   http://help.sap.com/saphelp_bcm70/helpdata/en/a2/b581591249407aabac67dc15328c36/content.htm?frameset=/en/2c/ce69b004ef40438f34a49d579d2508/frameset.htm   It is also avaiable under your ...

    • BCM 7.0 How to change server and client loglevels

      CLIENT LOGS Increase first the loglevel for CDT. Then repeat the problem and collect the client logs. Client logfiles are: - CDT_YYYYMMDD.log - BCMUI_<workstationname>_logs_<date>.<nbr>.txt - BCM_ How to increase the loglevel for one CDT: - Close all ...