When you use a CloudFormation template to set up Connect, much of the setup process is automated. During this step, you can also turn on single-sign-on (SSO) for Connect.

(Optional) To turn on single sign-on for Connect instances

1. Configure an application in your IdP with SAML authentication turned on.
2. Download the SAML metadata xml file.

   The value for Relay state in the application can be left blank and updated after your Connect instance is set up.

The template turns on SAML SSO on the Amazon Connect instance. If your SAML IdP app is already configured and you provide its metadata during deployment, the stack automatically provisions the IAM resources to integrate Connect with that IdP.

To deploy the Connect instance template

1. In the AWS console, navigate to the Cloudformation service.
2. Click Create stack, then enter the following Amazon Simple Storage Service (S3) URL:

   https://zendesk-contact-center-us-east-1.s3.amazonaws.com/connect/cfn.yaml

   

3. Enter a unique value for InstanceAlias and paste the entire contents of the metadata xml file in the SamlXmlDocument field if you configured it, or else leave the field blank.
   Note: If you encounter an error that the metadata file is too large, leave the SamlXmlDocument parameter blank to complete the CloudFormation stack deployment, then setup the SAML configurations manually afterwards.
4. Click Next and complete the stack deployment.

   

5. Finally, note the SamlRelayState from the stack outputs and update the relay state in the SAML application configured in your SSO for your Connect instance.

   

The following resources are provisioned by the template:

• Connect Instance
• S3 bucket for transcripts
• KMS key for S3 bucket
• Kinesis Stream
• Customer Profiles domain
• KMS Key for Customer Profiles domain
• SAML Identity Provider in IAM
• IAM Role for SAML

If you don't want to automatically create your Connect instance, you can configure it manually.

To manually create a Connect instance

1. Sign into the AWS console and open the Connect service.
2. On the Amazon Connect virtual contact center instances page, click Add an instance.

   

3. Choose your preferred identity management method (usually, SAML 2.0-based authentication for client environments).

   

4. On the Set identity page, enter your Access URL and instance name. This name will become part of the instance’s URL. For example, if you name it 'MyDemoConnect', the instance URL will look like MyDemoConnect.awsapps.com/connect/). Choose a name that identifies the client or purpose (for example, ClientName-ConnectEU).
5. Specify whether an admin user for Connect needs to be created. For simplicity, you can create an admin username and a password. This will be the login used to access the Connect dashboard initially. In real deployments, customers often integrate with their single sign-on using SAML, but for training and sandbox purposes a manual admin user can be created.
6. Under Telephony and data settings, configure how the contact center will handle communications and store data:
   • Telephony Options: You can turn on inbound or outbound calling or both. For most uses, turn on both inbound and outbound calling (so the instance can receive and make calls).
   • Data Storage: Connect creates an Amazon S3 bucket to store call recordings, chat transcripts, and other data. In the setup wizard, make sure that the option: Enable customer profiles” is turned on.

     We recommend that the profile creation policy is set to Associate only.

7. Turn off Enable email. It's not used in Contact Center.
8. Uncheck Custom data storage (Advanced).
9. Continue through the wizard, reviewing the settings on the final page. Once everything looks good, click Create instance. Connect will begin provisioning the instance. It usually takes a a few minutes for the instance to be ready. During this time, AWS is setting up the service and resources in the background.
   Note: Avoid closing the browser or navigating away until setup is complete, to prevent any interruption. The creation process is fairly fast and robust, but it’s a good practice to wait.

   When the creation finishes, the AWS console shows your new instance.

10. If you didn't configure SSO, click Access URL (the instance URL) to open the Connect sign in page. Use the admin username and password you created to sign in.

    This opens the Connect dashboard, a web-based interface where you can manage your contact center. When you first sign in, you might see some default sample contact flows and a basic dashboard screen.

    

    Note: If you set up SSO for login and authentication, you must complete the steps in Setting up Contact Center users and access before you can sign in to the Connect environment.
11. Make sure that nsure that Kinesis data streaming is turned on in the new Connect instance. In the AWS Console, navigate to the new Connect instance > Data Streaming > Enable data streaming and be sure to select Kinesis stream and create a new stream if needed.
    Tip: Make sure to turn on Kinesis data streaming, not Kinesis firehose.
12. Click Save.

You now have a working Amazon Connect instance.