OneLogin SSO Setup

How to retrieve values and input redirect URI needed for OneLogin SSO setup

S
Written by Shelby Glynn
Updated over a week ago

Why should you use OneLogin SSO?

The use of SSO improves enterprise security by reducing the amount of login surfaces employees must use. It is important to use a trusted IAM (Identity Access Management) provider in order to make sure SSO is deployed safely and properly. With the help of identity providers such as OneLogin, CloudTalk admin users can streamline administrative tasks, control user privileges, and provide an accessible and secure way for employees to launch CloudTalk applications.



How to set up OneLogin SSO on your Dashboard

In order to ensure a proper setup process, please make sure you have the following:

  • Admin privileges for a CloudTalk account

  • Admin privileges for a company OneLogin domain

Steps for CloudTalk Dashboard

  1. Settings for SSO must be adjusted by an admin through the Dashboard. From the left sidebar, click into Account -> Settings. By choosing the Single Sign-on header, you will be able to see available options for SSO in the form of toggle buttons.

  2. Admins can toggle On/Off to enable or enforce:

    Click the toggle button to Enable OneLogin SSO.

  3. Once OneLogin SSO has been enabled, admin will be asked to fill in the following values:

    • Client ID

    • Client Secret

    • Discovery URL (sometimes called "Resource/Issuer URL")

      For OneLogin, the Discovery URL format will be: 

      https://<subdomain>.onelogin.com/oidc/2

      Where <subdomain> is to be replaced with the admin user's actual OneLogin subdomain.

    • Method (GET or POST)

  4. It will be necessary to enter a "redirect URI" into an appropriate field on the interface of the respective identity provider—in this case, OneLogin. In the following steps, admin users will be required to log into their OneLogin account from a separate tab in order to obtain the above value references and to input the redirect URI, which is necessary for authorization to work properly.

    For all identity providers, including OneLogin, the redirect URIs will be the following:

    https://authsso.cloudtalk.io/oauth2/idpresponse

    https://cloudtalk-prod.auth.eu-central-1.amazoncognito.com/oauth2/idpresponse

Steps for OneLogin

  1. From the black toolbar at the top of your OneLogin admin account, scroll over Applications, selecting Applications.

  2. Account users who already have an established application running on OpenId protocol may be able to skip to step 4 for configuring the redirect URI into the existing app and obtaining the necessary values. If no OpenId protocol application has yet been created, we will need to make a new one. This can be done by first searching OpenId Connect in the Applications page search bar.

  3. When OpenId Connect (OIDC) pulls up, select this option. Clicking the application from this page will bring you to the Portal for your OIDC app. You can adjust the Display Name and click Save to finish the initial configuration.

  4. You will now be shown a list of tabs related to your OIDC application. To set our Redirect URI for CloudTalk, we can navigate to the Configuration tab and copy/paste the Redirect URI into the Redirect URI's section:

    https://authsso.cloudtalk.io/oauth2/idpresponse

    https://cloudtalk-prod.auth.eu-central-1.amazoncognito.com/oauth2/idpresponse

  5. Client ID and Client Secret can be found within the SSO tab under the top section, Enable OpenID Connect.

  6. Click to Show client secret, then copy/paste.

  7. Under these values, we can also copy/paste the Issuer URL listed here. This is synonymous with the Discovery URL we will need to input to CloudTalk's settings for SSO setup.

  8. Below the Application Type header on this page, ensure that the Application Type is set to Web. Beneath Token Endpoint, the Authentication Method should be set to POST.

  9. If not already done, you can add app admins by searching for and adding the desired user via the Privileges tab.

  10. Having configured our app and obtained the necessary values, we will switch back to our CloudTalk Dashboard tab to copy and paste the Client ID, Client Secret, and Discovery URL (from Issuer URL) into their appropriate boxes.

  11. POST should work for the Method, though GET can be tried.


Enabling OneLogin SSO on CloudTalk Phone

The settings chosen through the Dashboard will affect what users see on all CloudTalk login screens. When enabled, a button labeled Sign in with SSO should be viewable on login screens.

Selecting this option, users will be prompted to enter their CloudTalk email.

Choose which available SSO you would like to login with.

Signing in with OneLogin for the first time, a popup login screen will appear, where you can enter your OneLogin username and password.

After a successful login, you should see the regular dialer appear along with the green dot next to the user, indicating the user is online and active.


If you need further assistance or have any questions, you can contact our Support team. We are always here to help you!


Did this answer your question?