Configuring the Ooma / Duo SSO Integration

Modified on Mon, Oct 30, 2023 at 2:28 PM

DescriptionThe purpose of this article is to guide you through the process of configuring the Ooma / Duo SSO integration.


This user guide provided below assumes that you meet certain prerequisites: you should be familiar with the Ooma Enterprise interface and have a Duo account.


To simplify the integration process, which involves navigating between two applications and performing specific actions, the following steps will be provided. Each step will be performed within a specific app, allowing for a clearer and more manageable process.



Step 1

To initiate the configuration process for SSO integration, you need to access two specific pages. You can organize them as two neighboring tabs in your web browser.

Firstly, open the "IdP and SSO" tab on your company account page in the Phone System App of the Ooma Admin Portal.


Secondly, open the Applications page of your Duo account.


Step 2

In this stage, your task is to generate a new application that will implement SAML SSO. To get started, click on the "Protect an Application" button


This action will redirect you to a fresh page, where you can use the search bar to locate the "Generic SAML Service Provider" application.


Once you find it, simply click on the "Protect" button. Following that, you will be directed to a new page where you can configure an SSO connection with the Ooma Enterprise.


On this page, you will find several fields that you need to copy and a certificate to download in the subsequent steps of this guide.


Step 3

In this step, you will begin the configuration process in Ooma Enterprise. Go to the Ooma Admin Portal page in your web browser and press the "Set Up Identity Provider" button.


This dialog form will appear.


Now, go to the Duo portal and copy this "Single Sign-On URL" value.


Go to the Ooma Admin Portal and paste it into the "SSO URL" field.


Step 4

Go back to the Duo portal and download the X.509 Certificate by pressing the "Download certificate" button.

X509 certificate is a digital certificate that adheres to the X.509 standard, which specifies the format for public key certificates. It is widely used for securing communication and verifying the identities of entities in various systems and protocols. 


Go to the Ooma Admin Portal and upload this certificate by pressing the "Upload File" button.

Step 5

After finishing the actions given in the previous steps of this user guide, make sure to click the "Save" button to save the changes you have made.

After that, the interface of the "IdP and SSO" tab of the Ooma Admin Portal will be updated accordingly.


Step 6

On the updated "IdP and SSO" tab of the Ooma Admin Portal, you will require two URLs: Callback URL (ACS) and Issuer

Prepare to copy these URLs to the clipboard and paste them in the following steps of this guide.


Step 7

Go to the Duo portal in your web browser and scroll down the page to the Service Provider section.

There are two fields you need to provide information for: 

  • Entity ID: this is a unique identifier assigned to each participating entity (IdP or SP) within the SAML authentication process.

You should input here the Issuer URL, which can be found on the updated "IdP and SSO" tab of the Ooma Admin Portal. Please navigate back to that browser tab and copy and paste the URL into this field.

  • Assertion Consumer Service (ACS) URL: this is the specific endpoint (URL) on the SP's side where the IdP sends the SAML assertion after successful authentication.

You should input here the Callback URL (ACS), which can be found on the updated "IdP and SSO" tab of the Ooma Admin Portal. Please navigate back to that browser tab and copy and paste the URL into this field.


Step 8

Go back to the Duo portal, scroll down the page to the SAML Response section, and complete all the fields enlisted below.

  • NameID format: here you should select the format of the unique identifier for the user sent by the IdP to the SP. Upon clicking on this field, a drop-down menu with various options will appear. Choose the same values as shown in the picture below.

  • NameID attribute: this is a unique identifier for the user and is typically included in the SAML assertion sent by the IdP to the SP during the authentication process. In our case, that should be an Email Address.

  • Signature algorithm: here you should select the Secure Hash Algorithm (SHA) for your application. Upon clicking on this field, a drop-down menu with various options will appear. Choose the SHA256 option.

Secure Hash Algorithms (SHA) are cryptographic hash functions designed to take an input (message) and produce a fixed-size hash value, ensuring data integrity and providing a unique representation of the input data.

  • Signing options: in this section, you control the settings that allow you to digitally sign the SAML response and SAML assertion, respectively. When these options are enabled, the SAML response and assertion will be cryptographically signed to ensure their integrity and authenticity during the SAML SSO process between the IdP and the SP. In our case, select both checkboxes.

  • Map attributes: here you can set the mapping of attributes between the user accounts on the IdP side and the SP side.

  • IdP Attribute: upon clicking on this field, a drop-down menu will appear showing you a list of attributes or user data that are provided by the IdP as part of the SAML response. Choose the same values as shown in the picture above.
  • SAML Response Attribute: here you can set an attribute or user data that the SP extracts from the SAML response received from the IdP. Enter the values shown in the picture above manually.
Similar to other providers, all the settings you set in the SAML Response section are optional and contingent upon the client's preferences. In this particular example, all settings are configured, but they can be omitted if desired.


Do not forget to press the "Save" button to apply all the changes.


Step 9

On the updated "IdP and SSO" tab of the Ooma Admin Portal, toggle the "Enable" switch in order to activate the SSO integration between the Ooma (SP) and Duo (IdP).

From this point onwards, the SSO integration is considered complete and expected to function properly. 


It is important to note that this user guide does not cover troubleshooting steps. If you require further assistance with this matter, please contact our customer support team.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article