Configuring the Ooma / Azure AD SSO Integration

Modified on Mon, 30 Oct 2023 at 02:27 PM

DescriptionThe purpose of this article is to guide you through the process of configuring the Ooma / Azure AD SSO integration.


This user guide provided below assumes that you meet certain prerequisites: you should be familiar with the Ooma Enterprise interface, have created a managed domain in Azure AD, and have already added the Ooma app to Azure AD as a non-gallery application.


To simplify the integration process, which involves navigating between two applications and performing specific actions, the following steps will be provided. Each step will be performed within a specific app, allowing for a clearer and more manageable process.


Step 1

To initiate the configuration process for SSO integration, you need to access two specific pages. You can organize them as two neighboring tabs in your web browser.


Firstly, open the "IdP and SSO" tab on your company account page in the Phone System App of the Ooma Admin Portal


Secondly, open the SAML parameters page within the SSO section of the managed domain in Azure AD that is designated for Ooma.


Step 2

In this step, you will begin the configuration process in Azure AD by setting up the SAML parameters within the SSO section of the managed domain intended for Ooma. Navigate to the parameter card №4.


In this parameter card, you will need the Login URL of the managed domain. Simply click on the "Copy" badge next to the link to copy it to your clipboard.


Step 3

Go to the Ooma Admin Portal page in your web browser and press the "Set Up Identity Provider" button.


This dialog form will appear.


Paste the URL from the clipboard into the SSO URL field on this form.


Step 4

There is a circular dependency issue when setting up an IdP in the Ooma Admin Portal and completing the configuration of the SP. An X.509 certificate is required, but Azure AD generates this certificate only after the SP configuration is finalized. 

However, there is a trick to overcome this issue: You can create a "placeholder" X.509 certificate, which will enable you to finalize the SP configuration and input the SP's data into Azure AD. This will generate a real X.509 certificate that can then be uploaded to the IdP configuration in the Ooma Admin Portal.


You have the flexibility to choose the method for creating the "placeholder" X.509 certificate. Here are a few examples of how to do it: 
1. Use the console to generate the certificate via OpenSSL (link). 
2. Use any suitable online tool (link)


Press the "Upload File" button and upload the "placeholder" X.509 certificate.


Step 5

Find the "Email Claim" field on this dialog form.


This value should be entered into this field:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress


After finishing the given actions, make sure to click the "Save" button to save the changes you have made.

After that, the interface of the "IdP and SSO" tab of the Ooma Admin Portal will be updated accordingly.



Step 6

On the updated "IdP and SSO" tab of the Ooma Admin Portal, you will require two URLs: Callback URL (ACS) and Issuer


Prepare to copy these URLs to the clipboard and paste them in the following steps of this guide.



Step 7

Go to the Azure AD page in your web browser, find the parameter card №1, and press the "Edit" button.


After clicking this button, a side menu will appear.


There are two mandatory fields you need to provide information for: 

  • Identifier (Entity ID): the default identifier will be the audience of the SAML response for identity provider-initiated single sign-on.

You should input here the Issuer URL, which can be found on the updated "IdP and SSO" tab of the Ooma Admin Portal. Please navigate back to that browser tab and copy and paste the URL into this field.

  • Reply URL (Assertion Consumer Service URL): the default reply URL will be the destination in the SAML response for identity provider-initiated single sign-on.

You should input here the Callback URL (ACS), which can be found on the updated "IdP and SSO" tab of the Ooma Admin Portal. Please navigate back to that browser tab and copy and paste the URL into this field.


Once you have entered the required information in both fields, click the "Save" button to save and apply the changes you made.


Step 8

Proceed to parameter card №3 and press the "Download" button to download the Certificate (Base64)

This certificate contains the X.509 certificate that contains a configuration with both the SP and IdP data.

Public Keys and Request Verification Certificates are typically employed in the *.PEM format, but it's important to note that Microsoft exclusively accepts files in the *.CERT format. Therefore, when downloading the certificate, make sure to save it with the *.CERT format.



Step 9

Go to the updated "IdP and SSO" tab of the Ooma Admin Portal and press the "Edit Identity Provider Information" button.


In the opened dialog form, delete the existing "placeholder" X.509 certificate by clicking on the Trash Bin badge next to it. Then, upload the correct certificate by clicking the "Upload File" button once it becomes active again.

As it has already been mentioned above, Microsoft exclusively accepts Public Keys and Request Verification Certificates in the *.CERT format. Therefore, when uploading the certificate, make sure it is in the *.CERT format.


After finishing the given actions, make sure to click the "Save" button to save the changes you have made.


Step 10

On the updated "IdP and SSO" tab of the Ooma Admin Portal, toggle the "Enable" switch in order to activate the SSO integration between the Ooma (SP) and Azure AD (IdP).


From this point onwards, the SSO integration is considered complete and expected to function properly. 


In scenarios where signature verification is necessary, it is advised to enable the "Sign Request" feature and consult the official Microsoft manual provided for guidance.


To further validate the integration, you can click the "Test" button located on parameter card №5 within the Azure AD SSO section of the managed domain designated for Ooma. It is important to note that this user guide does not cover troubleshooting steps. 

If you require further assistance with this matter, please contact our customer support team.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article