When you use a CloudFormation template to set up Connect, much of the setup process is automated. During this step, you can also turn on single-sign-on (SSO) for Connect.

(Optional) To turn on single sign-on for Connect instances

1. Configure an application in your IdP with SAML authentication turned on.
2. Download the SAML metadata xml file.

   The value for Relay state in the application can be left blank and updated after your Connect instance is set up.

The template turns on SAML SSO on the Amazon Connect instance. If your SAML IdP app is already configured and you provide its metadata during deployment, the stack automatically provisions the IAM resources to integrate Connect with that IdP.

To deploy the Connect instance template

1. In the AWS console, navigate to the Cloudformation service.
2. Click Create stack, then enter the following Amazon Simple Storage Service (S3) URL:

   https://zendesk-contact-center-us-east-1.s3.amazonaws.com/connect/cfn.yaml

   

3. Enter a unique value for InstanceAlias and paste the entire contents of the metadata xml file in the SamlXmlDocument field if you configured it, or else leave the field blank.
   Note: If you encounter an error that the metadata file is too large, leave the SamlXmlDocument parameter blank to complete the CloudFormation stack deployment, then setup the SAML configurations manually afterwards.
4. Click Next and complete the stack deployment.

   

5. Finally, note the SamlRelayState from the stack outputs and update the relay state in the SAML application configured in your SSO for your Connect instance.

   

The following resources are provisioned by the template:

• Connect Instance
• S3 bucket for transcripts
• KMS key for S3 bucket
• Kinesis Stream
• Customer Profiles domain
• KMS Key for Customer Profiles domain
• SAML Identity Provider in IAM
• IAM Role for SAML

If you don't want to automatically create your Connect instance, you can configure it manually.

To manually create a Connect instance

1. Sign into the AWS console and open the Connect service.
2. On the Amazon Connect virtual contact center instances page, click Add an instance.

   

3. Choose your preferred identity management method (usually, SAML 2.0-based authentication for client environments).

   

4. On the Set identity page, enter your Access URL and instance name. This name will become part of the instance’s URL. For example, if you name it 'MyDemoConnect', the instance URL will look like MyDemoConnect.awsapps.com/connect/). Choose a name that identifies the client or purpose (for example, ClientName-ConnectEU).
5. Specify whether an admin user for Connect needs to be created. For simplicity, you can create an admin username and a password. This will be the login used to access the Connect dashboard initially. In real deployments, customers often integrate with their single sign-on using SAML, but for training and sandbox purposes a manual admin user can be created.
6. Under Telephony and data settings, configure how the contact center will handle communications and store data:
   • Telephony Options: You can turn on inbound or outbound calling or both. For most uses, turn on both inbound and outbound calling (so the instance can receive and make calls).
   • Data Storage: Connect creates an Amazon S3 bucket to store call recordings, chat transcripts, and other data. In the setup wizard, make sure that the option: Enable customer profiles” is turned on.

     We recommend that the profile creation policy is set to Associate only.

7. Turn off Enable email. It's not used in Contact Center.
8. Uncheck Custom data storage (Advanced).
9. Continue through the wizard, reviewing the settings on the final page. Once everything looks good, click Create instance. Connect will begin provisioning the instance. It usually takes a a few minutes for the instance to be ready. During this time, AWS is setting up the service and resources in the background.
   Note: Avoid closing the browser or navigating away until setup is complete, to prevent any interruption. The creation process is fairly fast and robust, but it’s a good practice to wait.

   When the creation finishes, the AWS console shows your new instance.

10. If you didn't configure SSO, click Access URL (the instance URL) to open the Connect sign in page. Use the admin username and password you created to sign in.

    This opens the Connect dashboard, a web-based interface where you can manage your contact center. When you first sign in, you might see some default sample contact flows and a basic dashboard screen.

    

    Note: If you set up SSO for login and authentication, you must complete the steps in Setting up Contact Center users and access before you can sign in to the Connect environment.
11. Make sure that nsure that Kinesis data streaming is turned on in the new Connect instance. In the AWS Console, navigate to the new Connect instance > Data Streaming > Enable data streaming and be sure to select Kinesis stream and create a new stream if needed.
    Tip: Make sure to turn on Kinesis data streaming, not Kinesis firehose.
12. Click Save.

You now have a working Amazon Connect instance.

There are three scenarios in which a CloudFormation stack must be installed:

• A new Contact Center instance that has never had a CloudFormation stack installed.
• An existing Contact Center instance that has had a CloudFormation stack installed via the legacy (non-admin app) method.
• An existing Contact Center instance that has had a CloudFormation stack installed via the current (admin app) method.

The deployment process is similar for each of the above scenarios, with the differences being how automated the process is and how much manual review or updates might be required.

To deploy the CloudFormation stack

1. In the account admin console, for the newly created account, click Create stack.

   

2. Provide the required details for the CloudFormation template.
   • Stack name: A name for the CloudFormation stack. You can choose something such as: <Account name> + “CF” + “07-30-2025”. We recommend including a date in the stack name to help you remember when the stack was installed.
   • Stack region: This is the region in which you will deploy your CloudFormation stack.
   • Amazon Connect instance ARN: Enter the ARN (Amazon Resource Name, a unique identifier for AWS resources) of the Connect instance you created. You can find this in the AWS console on the Amazon Connect service, on the instance details page. Look for the Instance ARN (it typically looks like arn:aws:connect:region:account-id:instance/xxxxxxxx-xxxx-....). Copy this value from AWS and paste it into this field in the admin console. For more information, see the AWS documentation.
   • For new installations, configure the following:
     • Click New setup.
     • For the domain prefix, enter the URL domain of your Connect account.
     • Access your Connect account by navigating to the Account overview section from the Access URL which will have the following form: https://YOUR_DOMAIN_PART.my.connect.aws.
     • Copy the <YOUR_DOMAIN_PART> section and use it to fill in the domain profile section.
3. For existing installations, configure the following:
   • Select Use an existing user pool and app client.
   • Enter the User pool ID and App Client ID that are being used in AWS.
4. Configure the following:
   • Dashboard and analytics: Select Enabled.

     This is turned on by default and will remain turned on unless you turn it off. This turns on data flowing into the Contact Center dashboards app, which is a separate free app available from the Zendesk Marketplace.

   • Resource tags: These are optional.
5. After filling in the necessary fields, click Launch stack.
   In the pop-up page, you have two options:

   • Automated launch: After creating the CloudFormation stack, you will be automatically redirected to the AWS CloudFormation console with the template ready to deploy. This is convenient if you or someone on your team has access to the customer’s AWS account with sufficient permissions.
   • Manual template copy: If you don't have direct access to the AWS account, click Copy instructions to clipboard to export the CloudFormation template (usually as a JSON or YAML file or a link). This link or export can then be used by the relevant team with AWS access to implement the CloudFormation stack.

   

6. A new browser tab opens on the AWS CloudFormation Quick create stack page with the template already loaded. The stack name and parameters are filled in with the values you provided.
7. Scroll down to the bottom of the page and, in the Capabilities and transforms section, check and mark all the acknowledgments.
8. Click Create stack.

   

   Once initiated, CloudFormation will start creating resources. In the AWS CloudFormation console, you can watch the progress. It will list events such as “CREATE_IN_PROGRESS” for various components. This process can take a few minutes. The stack is doing a lot in the background: setting up IAM roles and policies, Lambda functions, Kinesis data streams, Amazon Cognito user pool and groups, Connect settings, and more . Typically, this completes without intervention. The status will change to CREATE_COMPLETE when the process completes.

   While it runs, do not close the stack page.

   Tip: You can refresh your web browser to see updates, but we recommend waiting for the stack to complete. If the stack fails, it will roll back (you’ll see a status such as ROLLBACK_COMPLETE). If you have any problems, see Troubleshooting Contact Center.

   

9. When the CloudFormation stack shows CREATE_COMPLETE, the integration is complete. The CloudFormation template automated the previously manual steps. At this point, the following is in place:
   • An Amazon Cognito user pool (and associated identity pool, if applicable) specifically for this Contact Center instance’s users.
   • An LMAdmin user group in Cognito (created by the stack) that will be used to designate admin users in Contact Center.
   • AWS Lambda functions or other services for features such as transcription, bots, and others, connected between Connect and Contact Center (the exact resources depend on the template scope).
   • IAM Roles/Permissions that allow Zendesk’s platform to access the Connect instance (within the limits needed) and vice versa, without exposing unnecessary access.
   • Connect might need configuration adjustments using the API, for example, attaching Amazon Lex bots or setting up flow modules if the product requires, though these are optional, or configured later.

Now, the Connect account, the Contact Center account, and the CloudFormation resources are in place and connected.

Once the stack begins deployment, it will show in the Still deploying state. While in this state, you can click Check status to check the status of the stack deployment. When it's fully deployed, it will display Ready to activate.

Your SAML application must have the following settings:

The SAML application must have the following two SAML attributes:

Configure the identity provider in Cognito with the following attributes:

When the CloudFormation stack ran, it created an Amazon Cognito user pool for this Contact Center instance. The user pool is a directory of user accounts who can authenticate to Contact Center. It likely also created an app client in Cognito (which the Contact Center app uses to allow users to lsign in), and an LMAdmin group for admin permissions. Next, you'll create at least one user in this user pool, so you can test signing in to Contact Center.

To manually add a user

1. In the AWS console, open the Cognito service.
2. Click the use pool you want to manage.

   

3. On the Login pages tab of the app client setting, edit the Managed login pages configuration.
4. Change the Identity Provider to be the Congito user pool directory.
5. In the Cognito user pool console, find the section for Users” and click Create user (or Add user).
6. Enter the following details for the new user account:
   • Username: Choose a username (for example, the person’s email address or a simple name).
   • Temporary Password: Set an initial password for the user. (Cognito might require the user to reset the password on first sign in, but for internal testing you can set a simple password and, optionally, turn off the reset requirement).
   • Contact Info: Depending on settings, you might need to provide a valid email address and/or phone number for the user (these can be used for password recovery or multi-factor authentication).
   • Account Status: Make sure that Mark phone/email as verified is checked if you provided those and don’t want Cognito to expect a verification step. Also, check Temporary password so the user must change it on first sign in (for production users).
   • Create the user: The new user will now appear in the user list for the pool.

     

This user represents an agent (or admin) who can log into the Contact Center web app.

The following resources provide additional information about setting up SSO with various services:

• Amazon Web Services (AWS)
• Azure AD
• Okta
• Google Workspaces
• Cognito Userpools

The first part of setting up writeback is to configure speech analysis in your Contact Flow.

To configure speech analysis

1. In your Amazon Connect Contact Flow, ensure the Set recording and analytics behavior block is included in the flow.

   ‍

2. In the Set recording and analytics behavior block, enable Contact Lens speech analytics and set it to Real-time and post-call analytics.

   

3. Under Redaction, select Redact sensitive data and customize the redaction settings as needed.

   

Next, configure your Lambdas, the triggers that will let you write the call transcript to a Zendesk ticket.

To turn on writeback

1. In your Amazon Console, navigate to the Lambdas page.
2. In the Functions section, search for "post". This returns a function with a name containing "VoicePostCa".
3. Click this function, and on the Function overview page, select Configuration > Triggers from the navigation menus.
4. Select the ‍Contact Center Zendesk Voice Post Call Lambda function.
5. For Kinesis, select its checkbox, then click Edit.

   

6. On the Edit trigger page, select Activate trigger.
7. Click Save.

   

8. Click the blue hyperlink next to EventBridge.

   

9. On the EventBridge rule details page, click Enable.

   

After these steps have been completed, your call transcripts from Contact Center voice calls will be shown in your Zendesk tickets.

You install the Contact Center app from a link Zendesk generates for you.

To install the Contact Center app

1. Request your legacy Contact Center app’s installation link. Zendesk uses your Zendesk domain to generate a link for you.
2. Once you receive the link, access it to install the app. For more details, see Installing apps.
3. In Admin Center, click Apps and integrations in the sidebar, then select Apps > Zendesk Support apps.
4. Click the Contact Center app you just installed.

   

5. Update the following settings using your existing Contact Center instance URL:
   • Title: Typically, use the suggested name.
   • Contact Center workspace: Once you've set up your Contact Center environment, you can retrieve the workspace value from the URL of your standalone Contact Center environment.
   • Zendesk for Contact Center region: Once you have your Contact Center environment set up, you can retrieve the region value from the URL of your Contact Center environment. For example:

     AWS region	Engage region
     ap-southeast-2	apse2
     ca-central-1	cac1
     eu-central-1	euc1
     eu-west-2	euw2
     us-east-1	use1

   • Enable role restrictions: Restrict Contact Center access to specific roles.
   • Enable group restrictions: With this optional setting you can limit specific groups to have access to the Contact Center app.

   

6. Click Update.

The Contact Center app icon is now displayed in the top right corner of your Zendesk instance.

Now that you've installed the Contact Center app, you can configure its settings.

To configure the Contact Center app

1. In Admin Center, click Apps and integrations in the sidebar, then select APIs > API tokens.
2. Click Add API token.

   

3. On the Add API token page, enter a descriptive name for the token, for example, "Connect Contact Center to Zendesk".
4. Click Save.

   Copy the token string and keep it handy for the next steps.

   

5. In Contact Center, click the settings icon (), then click Admin settings.

   

6. Click the Zendesk settings icon (). You'll see helpful information about getting your Contact Center app connection to your Zendesk account.
7. Expand the Your Zendesk account panel, then click Edit.

   

8. In the API key field, paste the API key you copied previously.
9. In the Zendesk user email field, enter your Zendesk admin email address.
10. Click Connect account.

    

    You'll see a page that helps you set up your creation rules for Zendesk tickets, as well as how transcripts and recordings will be handled. If you're not sure what to enter, you can configure these items later.

11. Click Complete.

    The Contact Center app and your Zendesk account are now linked.

12. In your Zendesk environment, perform a hard refresh of your browser.
13. Click the phone icon () to open the Contact Center app.

    

14. Click Continue.
15. Sign in using the authentication process set up for your account.
16. Perform a test call by setting up a new number in the Connect dashboard, linking it to a new or preconfigured contact flow, and confirming whether the call reaches your agent in Zendesk through the app.