Configuring OneLogin SAML 2.0 SSO for Admin Console
Objective
Configure OneLogin and 8x8 Admin Console for SAML 2.0
SSO user login.
|
|
At this time, OneLogin active user sync (SCIM) to 8x8 is not supported. |
Applies To
- OneLogin identity management
- 8x8 Admin Console
- SAML 2.0 SSO
Procedure
You'll need to perform the following as an admin of both
OneLogin and 8x8 Admin Console.
- From Applications in OneLogin, select Add App.
- Find and select the 8x8 app (SAML 2.0, form-based auth).
- In App Listing > Configuration, you can change the Display Name for the app, if needed.
- Scroll down to the bottom of the same App Listing page and confirm that Connectors is set to SAML 2.0.
- Scroll back to the top and select Save.
- More options will be displayed for the 8x8 app after saving. Select SSO.
- Copy the URLs from the following fields (or return to this window later). You’ll need them later, during configuration of your 8x8 Admin Console account.
- Issuer URL
- SAML 2.0 Endpoint (HTTP)
- SLO Endpoint (HTTP)
- Select View Details for your certificate, or right-click on the link and select Open link in a new tab. If you already have your OneLogin certificate in PEM format, you can skip this part. Either way, you'll need your certificate file later.
- If needed, scroll down the Certificates page, select the appropriate PEM-formatted certificate, and select Download.
- Save your certificate for later upload to 8x8 Admin Console.
|
|
Next, you'll add the new 8x8 app to users, to allow them access to 8x8 applications that require authentication. If this procedure is performed using some other method in OneLogin – such as bulk edit or Roles – you can ignore these next steps, and perform that operation instead. |
- Select Users. For single users, select a user and select the plus sign icon.
- Select the 8x8 application you just added and select Continue.
- Make a note of the NameID and select Save. The user's NameID will need to be applied to the specific 8x8 user profile in 8x8 Admin Console, which is covered later in this article.
- You should now see the 8x8 application assigned to the user you’ve modified. Select Save User.
- Continue with the next steps below to make the required changes to your 8x8 Admin Console account.
- Log in to 8x8 Admin Console.
- Select Identity and Security.
- Toggle Single Sign-On (SSO) on to enable it. Note that 8x8 supports only one ID management app per account.
- Toggle off the 8x8 Authentication option only if you want to prevent users from authenticating with 8x8 Work credentials.
- Doing this will allow only the SAML SSO identity provider credentials to be used.
- Keep the 8x8 Authentivation on if users should be allowed to use both authentication methods.
- Under Select Your Identity Provider, select Other SAML SSO Provider. The screen will expand with more configuration options.
- In SAML SSO Provider Information > SAML SSO Provider Name, enter a label you want for this SSO provider.
- Match the 8x8 fields with the OneLogin URL information you collected earlier, and add the OneLogin URLs into the appropriate fields in SAML Settings.
8x8
OneLogin
IDP Login URL
> SAML 2.0 Endpoint (HTTP)
IDP Issuer URL/URN > Issuer URL
IDP Logout URL
> SLO Endpoint (HTTP)
- In Certificate in use, select Click to attach a certificate file and choose the OneLogin certificate you downloaded earlier. The file name of the certificate will appear in the field. Note that this field requires a file extension other than .pem. If needed, simply rename the pem file extension to .cert before you upload the file.
- Finally, select Save at the bottom of the page. You should see a green confirmation banner for a few seconds at the top of the screen.
- Continue with the next steps below to make the necessary changes to your 8x8 users in Admin Console.
|
|
Important! If after saving you find that you’ve made a mistake with the certificate, just toggle the Single Sign-On (SSO) option off and select Save to clear out the SSO information. Then follow the above process again with the correct information. The URLs can be edited without clearing the entire SSO configuration. |
- In 8x8 Admin Console, select Home > Users.
- Search for the user you’re configuring, and select the pencil icon to edit the user.
- Scroll down to Single Sign-On (SSO) and add the user’s OneLogin NameID to the Federation ID field. Note: This field only appears after an identity provider is configured in Identity Management.
- Select Save.
- You should then see a green confirmation banner at the top of the screen for a few seconds.
|
|
This completes the 8x8 Admin Console configuration of OneLogin. Your configured users should now be able to log into 8x8 applications such as Work for Desktop. A brief example of the login process is shown, below. |
This login process may vary, depending on the OneLogin
administrator’s configuration of that service.
- First, launch 8x8 Work for Desktop on your PC.
- Enter the OneLogin NameID of the assigned user into the 8x8 Username or Email field and select Continue.
- Select Log in using SSO.
- In the OneLogin Username field, enter the NameID of the assigned user.
- Enter the user’s OneLogin Password and select Continue.
- This will complete the login to 8x8 Work for Desktop.
|
|
Other login options and login persistence may be available depending on the OneLogin administrator’s configuration of that service. |
Login Issues
Invalid SAML Profile
If users receive the error Invalid SAML profile
error: No valid certificate found when attempting to log in to an 8x8
app, the OneLogin certificate applied to the SSO setup in 8x8 Admin
Console probably included a non-PEM certificate, or a certificate was simply
not added.
Or if the certificate was never added, simply add it to the
8x8 SSO configuration, and save the configuration again.
The OneLogin X.509 PEM certificate seems to
work best with this service.
We Could Not Verify Your SSO Account
If users see this error when attempting to log in, the
configuration in either OneLogin or 8x8 Admin Console could be incorrect,
and should be reviewed and corrected as needed.
If the applications are correctly configured, then
the 8x8 user profile in Admin Console is not configured
correctly.
To correct the user configuration issue, verify that the
Admin Console user profile in Home > Users has
the correct OneLogin NameID applied to the Single
Sign-On > Federation ID field.
Related Articles
Configuring SAML 2.0 or Google Auth SSO for 8x8 Services
Objective Configuring Google Single Sign On (SSO). Applies To 8x8 Admin Console Google SSO SAML 2.0 Procedure Log in to Admin Console as an administrator. Navigate to Home > Identity and Security. To allow users to log in with either SSO or their 8x8 ...Configuring PingOne SAML 2.0 SSO for Admin Console
Objective Configuration of PingOne (also known as Ping Identity) and 8x8 Admin Console for SAML 2.0 SSO user login. At this time, PingOne active user sync (SCIM) to 8x8 is not supported. Applies To PingOne identity management 8x8 Admin Console SAML ...Configuring Okta SAML 2.0 SSO for 8x8 Admin Console
Objective Configure Okta SAML 2.0 SSO for Admin Console. Applies To Admin Console Okta SSO Procedure This is a basic configuration walkthrough for Okta and Admin Console, to provide Okta SAML SSO login for 8x8 Work users. Add the 8x8 SAML Application ...Azure (Entra) AD: 8x8 Single Sign-On (SSO) and User Provisioning (SCIM) Configuration
Objective Configure Microsoft Azure (Entra) SAML 2.0 SSO for Admin Console. Instructions and information covered in this article include: Configuring your Azure AD service and 8x8 Admin Console for Microsoft user SSO login to your 8x8 applications ...Enabling and Configuring Multi-Factor Authentication (MFA) in 8x8 X Series
Objective Configuring and using multi-factor authentication (MFA) in 8x8 X Series. Applies To 8x8 X Series Login Security Objective Configuring and using multi-factor authentication (MFA) in 8x8 X Series. Applies To 8x8 X Series Login Security ...