The purpose of this article is to provide an overview of Single Sign-On (SSO) and introduce the key terms and concepts related to implementing SSO for logging into the Ooma Enterprise system.
SSO — Single Sign-On, an authentication mechanism that enables users to log in to multiple systems or applications using a single set of login credentials. With SSO, once a user has successfully logged in to one application or system, they are automatically authenticated to other applications or systems within the same SSO environment. This simplifies the login process for users, eliminates the need for multiple sets of credentials, and enhances security.
SP — Service Provider, a web resource the user tries to get access to, which is responsible for providing a requisite service to the end user.
IdP — Identity Provider, a third-side centralized system that stores and manages the user credentials and other identifying information.
SAML — Security Assertion Markup Language, an XML-based open standard for transferring identity data between IdP and SP.
Ooma Admin Portal — a web-based interface provided by Ooma Enterprise, a cloud-based business phone system provider. It is designed specifically for managing and configuring their Ooma Enterprise phone system settings and features including SSO.
Azure portal — a centralized web-based interface offered by Microsoft for managing and configuring Azure Active Directory (Azure AD) services. It provides administrators with a comprehensive platform to perform a range of tasks related to identity and access management. These tasks include managing user accounts, setting security policies, configuring SSO, integrating applications, and monitoring directory activity.
Azure managed domain — a cloud-based service offered by Microsoft Azure that provides managed domain services for Azure virtual machines and Azure AD integrated applications.
Azure AD tenant — a specific instance of Azure AD that is a single service endpoint devoted to a single organization or tenant. It serves as a unique identity and access management service provided by Microsoft.
Okta portal — a web-based interface offered by Okta, functioning as a centralized hub for administrators to effectively manage and configure different elements of their organization's identity and access management infrastructure. It encompasses essential functions such as user account management, access policy definition, SSO configuration for applications, security settings management, and user activity monitoring.
Auth0 portal — a web-based interface provided by Auth0, an identity management platform. It serves as a centralized hub for administrators to manage and configure various aspects of their organization's identity and access management system.
Google admin console — a web-based interface offered by Google for administrators to manage and configure various Google Workspace services and settings within an organization. It serves as a centralized hub for administering and controlling user accounts, devices, applications, security settings, and other administrative aspects of Google Workspace.
Microsoft 365 admin center — a web-based interface provided by Microsoft for administrators to manage and configure various aspects of their organization's Microsoft 365 subscription. It serves as a central hub for managing user accounts, licenses, security settings, and other administrative tasks related to Microsoft 365 services.
X509 certificate — a digital certificate that adheres to the X.509 standard, which specifies the format for public key certificates. It is widely used for securing communication and verifying the identities of entities in various systems and protocols.
Request Verification Certificate — a request signing certificate provided by an SP to verify and validate the authenticity and integrity of SSO requests sent from the SP to the IdP. The certificate is usually in *.PEM (Privacy Enhanced Mail) format, which is a widely adopted format for storing and transmitting cryptographic keys and certificates. In contrast, Microsoft uses certificates in the *.CERT format.
Public Key — a cryptographic key provided by an SP to verify and validate the authenticity and integrity of SSO requests sent from the SP to the IdP. It serves a similar purpose as the Request Verification Certificate (which includes the Public Key) but is employed when a provider necessitates the provision of public keys rather than Request Verification Certificates.
SAML Response/Assertion Verification Certificate — a cryptographic key issued by an IdP to authenticate and validate the SAML response and/or assertion received from the IdP. The SAML Response/Assertion Verification Certificate is unique to each IdP and is shared securely with the SP to establish trust and enable secure communication between the two entities. The certificate is usually in *.PEM format.
Secure Hash Algorithms (SHA) — cryptographic hash functions designed to take an input (message) and produce a fixed-size hash value, ensuring data integrity and providing a unique representation of the input data.
Was this article helpful?
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
We appreciate your effort and will try to fix the article