TABLE OF CONTENTS

Overview

You can configure VoiceOps to use your company’s Single Sign-On (SSO) for your users to login and access VoiceOps.

When VoiceOps has been configured with SSO for your company, users can log in and access VoiceOps using your company’s identity management portal.  Users need not create and maintain a separate password for VoiceOps.  

You can use VoiceOps Roster Management to add and manage your VoiceOps users.  

SSO Configuration Process

The process to configure SSO in VoiceOps is as follows:

  1. Confirm your VoiceOps user meets the requirements for permissions to configure SSO.

  2. Access SSO Settings in VoiceOps.

  3. Note the VoiceOps Entity ID and VoiceOps ACS URL  that are needed to configure SSO in your company SSO provider.

  4. Note the values required by VoiceOps to configure SSO.

  5. Configure VoiceOps as an application  in your company SSO provider.

  6. Generate the Identity Provider (IdP) Certificate Fingerprint.

  7. Return to VoiceOps SSO settings and enter the needed values.

  8. Test SSO by using your company’s IdP to access VoiceOps.

  9. Disable VoiceOps basic login.

  10. Notify users that they can access VoiceOps using your company’s IdP.

Configuring SSO in VoiceOps 

Confirm Requirements

To configure SSO in VoiceOps, you must have an active  VoiceOps user account with Admin permissions.  Contact support@voiceops.com to change your account permissions.

Access SSO Settings in VoiceOps 

  1. Log in to https://app.voiceops.com

  2. Open the settings.



  1. Select SSO Settings.


  1. You will be taken to the SSO Settings page https://app.voiceops.com/settings/sso

SSO Settings

VoiceOps Entity ID - Use this value to configure VoiceOps in your SSO provider.   https://app.voiceops.com/saml/metadata

VoiceOps ACS URL - Use this value to configure VoiceOps in your SSO provider.     https://app.voiceops.com/users/saml/auth

Name Identifier Format -  The format of the identifier of the user attempting to login. This setting can usually just be set to a default value of unspecified.  Example: 
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

Issuer /  Entity Id -   ID of your identity provider. Example:  the  ADFS entity id.

IdP SSO Service Url - Identity Provider (IdP) URL that VoiceOps  will send SSO requests to.

IdP Cert Fingerprint - The fingerprint of the public certificate that is the pair to the private certificate used to sign the SAML messages.

IdP Cert Fingerprint Algorithm - The URL to the definition of the algorithm that your certificate uses. This is usually SHA256. Example:
http://www.w3.org/2000/09/xmldsig#sha256

SSO Request Type - Your identity provider will send either a post or redirect request to VoiceOps with the SAML assertion. This is the option to tell the VoiceOps platform which of those request types it will be receiving.  For most configurations, select Post.

Allow Basic Login - When checked, all users can log in either using SSO or through the VoiceOps login page.  Unchecked, rep and manager users must use the company SSO portal.  Admins can continue to use either method.

Configure VoiceOps as an application  in your company SSO provider

The example below is for Microsoft Azure.  Should I provide this?

  1.  In Azure, navigate to Enterprise applications > Browse Azure AD Gallery

  1. Use the Create your own application option.  Use VoiceOps SSO as the name of your app, and select Integrate any other application you don’t find in the gallery (Non-gallery).

  1. For Select a single sign-on method, select SAML.


  1. For Basic SAML Configuration configure the Identifier using https://app.voiceops.com/saml/metadata and Reply URL  with  https://app.voiceops.com/users/saml/auth

  2. Download the Certificate (Raw) to generate the certificate fingerprint for VoiceOps.

  3. Note the Login URL and Azure AD Identifier to be configured in VoiceOps.

Generate the IdP Certificate Fingerprint

You can use OpenSSL to generate the IdP certificate fingerprint using the SHA256 algorithm:

openssl x509 -noout -fingerprint -sha256 -inform pem -in *path/to/your/cert/here.pem*

Note that for this command to work, the certificate must be in the pem format.

Return to VoiceOps SSO settings and enter the needed values

See the SSO settings above for more information about these settings.

Test SSO by using your company’s IdP to access VoiceOps

Sign out of VoiceOps, and then use your company’s identity management portal to verify SSO has been configured correctly for your company.

Disable VoiceOps basic login

You can disable logging in to VoiceOps directly by unchecking Allow Basic Login in the VoiceOps SSO Settings page.

Notify users that they can access VoiceOps using your company’s IdP

Once configured, most users must use your company IdP to access VoiceOps.  Notify them of the changes made to how they can access VoiceOps and remind them of the URL of your IdP.

SSO FAQ

Q. When my users try to log in to VoiceOps from https://app.voiceops.com, they see the message: “Your company uses Single Sign-On (SSO) to log in to VoiceOps. Please log in using your company's SSO provider.”
A.  With SSO configured, users must use their corporate identity portal to access VoiceOps.

Q.  Can users who attempt to access VoiceOps from https://app.voiceops.com be redirected automatically to our SSO provider?
A. Not at this time.

Q.  How do I add, edit or disable VoiceOps users?
A.  You can manage VoiceOps users using the Roster Management tool in VoiceOps.  

Q.  I have added a user to VoiceOps, but they are unable to log in.
A. Check that the user:

  • Has the same email address in VoiceOps as that used by your SSO provider to identify the user

  • Is set to Active

Q.  I have disabled VoiceOps basic login, but I can still log in at https://app.voiceops.com.  Is SSO not working?
A.  Users with Admin permissions can log in using both SSO or basic log in so that, if there is an issue with the SSO configuration, they can still access VoiceOps.