Description: Here, you can configure Single Sign-On access for your account with a third-party provider.
SSO (Single Sign-On) is an authentication mechanism that enables users to log in to multiple systems or applications using a single set of login credentials. With SSO, once a user has successfully logged in to one application or system, they are automatically authenticated to other applications or systems within the same SSO environment. This simplifies the login process for users, eliminates the need for multiple sets of credentials, and enhances security.SP (Service Provider) is a web resource the user tries to get access to, which is responsible for providing a requisite service to the end user.IdP (Identity Provider) is a third-side centralized system that stores and manages the user credentials and other identifying information. For more information about the available SSO options for Ooma Enterprise with different IdP providers, please refer to this article.When you access this subtab, if no IdP has been configured for your account, you will only see the "Set Up Identity Provider" button.
If you click this button, a pop-up window will open displaying a list of fields required to set up an IdP for your account.
These fields are:
- SSO URL: this is a web address used in the Single Sign-On authentication process, provided by your active directory service provider.
- NameID Format: this is the specific format in which a user's identifier (NameID) is represented during transmission between IdPs and SPs. If it is incorrect, please reach out to the Support team.
- X509 Certificate: by pressing this button, you can attach the certificate if you have one.
X509 certificate is a digital certificate that adheres to the X.509 standard, which specifies the format for public key certificates. It is widely used for securing communication and verifying the identities of entities in various systems and protocols.
- Unique ID Claim: here, you need to input the name of the claim that is returned in the SAML response that contains the unique ID of the user.
SAML (Security Assertion Markup Language) is an XML-based open standard for transferring identity data between IdP and SP.
- Use NameID For Email: by turning on this toggle switch, the system will use the Subject/NameID XML elements from the SAML response to determine the user's email address.
- Email Claim: here, you need to input the name of the claim that is returned in the SAML response that contains the user's email address.
- Username Claim: here, you need to input the name of the claim that is returned in the SAML response that contains the username of the user.
- Use POST Method: when this toggle switch is enabled, the authentication request will use the HTTP POST binding with the IdP instead of the default Redirect binding which uses the HTTP GET method.
- Sign Request: enable this toggle switch to sign the authentication request sent to the IdP.
Once you have filled out all the fields, do not forget to click on the "SAVE" button to apply the changes.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article