Configuring the Ooma / Okta SSO Integration

Modified on Mon, 30 Oct 2023 at 02:27 PM

DescriptionThe purpose of this article is to guide you through the process of configuring the Ooma / Okta SSO integration.


This user guide provided below assumes that you meet certain prerequisites: you should be familiar with the Ooma Enterprise interface, have an Okta Workforce Identity Cloud account connected to a business email address (or the Okta Verify app if your Okta account is not configured to send SMS messages for 2FA).


To simplify the integration process, which involves navigating between two applications and performing specific actions, the following steps will be provided. Each step will be performed within a specific app, allowing for a clearer and more manageable process.


Step 1

To initiate the configuration process for SSO integration, you need to access two specific pages. You can organize them as two neighboring tabs in your web browser.


Firstly, open the "IdP and SSO" tab on your company account page in the Phone System App of the Ooma Admin Portal


Secondly, open the Home page of your Okta account


Step 2

In this step, you will begin the configuration process in Ooma Enterprise. Go to the Ooma Admin Portal page in your web browser and press the "Set Up Identity Provider" button.


This dialog form will appear.

Enter the random URL address into the SSO URL field on this form.


There are two circular dependency issues when setting up an IdP in the Ooma Admin Portal and completing the configuration of the SP
1. An X.509 certificate is required, but Okta generates this certificate only after the SP configuration is finalized. 
2. An SSO URL is required, but Okta generates this URL address only after the SP configuration is finalized.

However, there is a trick to overcome these issues: You can enter a random SSO URL address and create a "placeholder" X.509 certificate, which will enable you to finalize the SP configuration and input the SP's data into Okta. This will generate a real SSO URL and X.509 certificate that can then be uploaded to the IdP configuration in the Ooma Admin Portal
.


You have the flexibility to choose the method for creating the "placeholder" X.509 certificate. Here are a few examples of how to do it: 
1. Use the console to generate the certificate via OpenSSL (link). 
2. Use any suitable online tool (link)



Then, press the "Upload File" button and upload the "placeholder" X.509 certificate.

Next, enable the "Use NameID For Email" toggle switch.


After finishing the given actions, make sure to click the "Save" button to save the changes you have made.

After that, the interface of the "IdP and SSO" tab of the Ooma Admin Portal will be updated accordingly.


Step 3

On the updated "IdP and SSO" tab of the Ooma Admin Portal, you will require two URLs: Callback URL (ACS) and Issuer 


Prepare to copy these URLs to the clipboard and paste them in the following steps of this guide.


Step 4

Go to the Okta page in your web browser, log in to Okta, and navigate to the Admin panel by pressing the "Admin" button located in the top menu of the Home page.


Step 5

After that, a new window will open. Click on the "Create App Integration" button to initiate the creation of a new app that you wish to integrate with Okta.


Following that, a pop-up window will be displayed, presenting you with a selection of sign-in methods for the new app. From this list, choose the SAML 2.0 option.



Step 6

In the opened window containing the parameters of the newly created app, set the name for the app and proceed by clicking the "Next" button to proceed to subsequent pages where additional parameters can be configured.


Step 7

This parameter page has the following interface.




There are two fields you need to provide information for: 

  • Single sign-on URL: the default reply URL will be the destination in the SAML response for identity provider-initiated single sign-on. You should input here the Callback URL (ACS), which can be found on the updated "IdP and SSO" tab of the Ooma Admin Portal. Please navigate back to that browser tab and copy and paste the URL into this field.


  • Audience URL (SP Entity ID): the default identifier will be the audience of the SAML response for identity provider-initiated single sign-on. You should input here the Issuer URL, which can be found on the updated "IdP and SSO" tab of the Ooma Admin Portal. Please navigate back to that browser tab and copy and paste the URL into this field.


Step 8

Scroll down to the Attribute Statements section and set the values for user.id and user.email. Feel free to choose any names for these attributes as there are no specific requirements for them.

Click the "Next" button, choose one of the radio buttons on the Feedback tab, and finally, click the "Finish" button to complete the process.



Step 9

Scroll down to the bottom of the newly opened page and click the "View SAML setup instructions" button. 


Take note of the information provided on this page, as you will need to copy these URLs to the clipboard and paste them in the subsequent steps of this guide. Regarding the X.509 certificate, save it separately on your computer by copying the text provided on this page and creating a new file.


Step 10

Go to the updated "IdP and SSO" tab of the Ooma Admin Portal and press the "Edit Identity Provider Information" button.


In the opened dialog form, replace the SSO URL address in the top field with the correct one you can find on the Okta page:


Then, input this value into the "Username Claim" field:


And lastly, delete the existing "placeholder" X.509 certificate by clicking on the Trash Bin badge next to it. Then, upload the correct certificate by clicking the "Upload File" button once it becomes active again.


After finishing the given actions, make sure to click the "Save" button to save the changes you have made.


Step 11

On the updated "IdP and SSO" tab of the Ooma Admin Portal, toggle the "Enable" switch in order to activate the SSO integration between the Ooma (SP) and Azure AD (IdP).


From this point onwards, the SSO integration is considered complete and expected to function properly. 


It is important to note that this user guide does not cover troubleshooting steps. If you require further assistance with this matter, please contact our customer support team.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article