What is SSO

Instead of the typical username and password combination, SSO (Single Sign On) uses a third-party identity provider to authenticate a user. This feature simplifies the management of user credentials and can be used strategically to strengthen the security of an enterprise.

SSO Setup for Admins on Dashboard

Settings for SSO must be adjusted by an admin through the Dashboard. From the left sidebar, click into Account -> Settings. By choosing the Single Sign-on header, you will be able to see available options for SSO in the form of toggle buttons.

Admins can toggle On/Off to enable or to enforce:

Logging in with an identity provider not listed may be possible—contact a support agent for assistance. Toggling on an option requires users to have an account with the third-party provider.

Enforcing an option will necessitate agents using CloudTalk Phone or other CloudTalk services to use SSO as their required sign-in option, whereas enabling SSO simply offers the choice to use that sign-in option.

Google SSO

Google is the only third party which does not require additional setup information.

Okta, OneLogin, Azure, Keycloak SSO

Admin will be asked to fill in the following:

  • Client ID

  • Client Secret

  • Discovery URL (sometimes called "Resource/Issuer URL")

  • Method (GET or POST)

All of above must be found in through the respective identity provider's interface. Click to view our setup guides for Azure, Okta, or OneLogin.

Discovery URL

The Discovery URL can be found in the documentation or user profiles of the identity provider. It is sometimes referred to by another name such as "Resource" or "Issuer" URL and should look like an https link, as in the example below.

  • For Microsoft Azure: https://login.microsoftonline.com/{tenant}/v2.0

  • Where {tenant} must be replaced with the real tenant ID

Redirect URI

For Okta, OneLogin, Azure, Keycloak, and other third-parties, customers will also need to set up a redirect URI within the configuration interface of the SSO provider. Setup varies per provider.

Provider interface redirect URI: 

https://cloudtalk-prod.auth.eu-central-1.amazoncognito.com/oauth2/idpresponse


Login Screen for All

The settings chosen through the Dashboard will affect what users see on all CloudTalk login screens. When enabled, a button labeled Log in with SSO should be viewable on login screens.

Selecting this option, users will be prompted to enter their CloudTalk email.

Choose which available SSO you would like to login with.

Depending on the third party provider, you may be redirected to another login screen, where you can enter your credentials for the third-party provider. If the login is successful, we will cross reference our user database against the third-party credentials, logging in the user when a correct match is found.

As an admin, make sure that if you choose to enforce SSO from the Dashboard settings, all employees have access to the required sign-in. Contact support for any questions or issues encountered.


Related Links

Set Up Microsoft Azure SSO

Set Up Okta SSO

Set Up OneLogin SSO

Did this answer your question?