Article Quicklinks (opens in new tab):
OneLogin SSO Benefits
The use of SSO improves enterprise security by reducing the amount of login surfaces employees must use. It is important to use a trusted IAM (Identity Access Management) provider in order to make sure SSO is deployed safely and properly. With the help of identity providers such as OneLogin, CloudTalk admin users can streamline administrative tasks, control user privileges, and provide an accessible and secure way for employees to launch CloudTalk applications.
Set Up OneLogin SSO on Dashboard
In order to ensure a proper setup process, please make sure you have the following:
Admin privileges for a CloudTalk account
Admin privileges for a company OneLogin domain
Steps for CloudTalk Dashboard
Settings for SSO must be adjusted by an admin through the Dashboard. From the left sidebar, click into Account -> Settings. By choosing the Single Sign-on header, you will be able to see available options for SSO in the form of toggle buttons.
Admins can toggle On/Off to enable or enforce:
Click the toggle button to
Enable OneLogin SSO.
Once OneLogin SSO has been enabled, admin will be asked to fill in the following values:
Discovery URL (sometimes called "Resource/Issuer URL")
For OneLogin, the Discovery URL format will be:
Where <subdomain> is to be replaced with the admin user's actual OneLogin subdomain.
Method (GET or POST)
It will be necessary to enter a "redirect URI" into an appropriate field on the interface of the respective identity provider—in this case, OneLogin. In the following steps, admin users will be required to log into their OneLogin account from a separate tab in order to obtain the above value references and to input the redirect URI, which is necessary for authorization to work properly.
For all identity providers, including OneLogin, the redirect URI will be the following:
Steps for OneLogin
From the black toolbar at the top of your OneLogin admin account, scroll over
Applications, selecting Applications.
Account users who already have an established application running on OpenId protocol may be able to skip to step 4 for configuring the redirect URI into the existing app and obtaining the necessary values. If no OpenId protocol application has yet been created, we will need to make a new one. This can be done by first searching
OpenId Connectin the Applications page search bar.
When OpenId Connect (OIDC) pulls up, select this option. Clicking the application from this page will bring you to the Portal for your OIDC app. You can adjust the Display Name and click
Saveto finish the initial configuration.
You will now be shown a list of tabs related to your OIDC application. To set our Redirect URI for CloudTalk, we can navigate to the Configuration tab and copy/paste the Redirect URI into the Redirect URI's section:
Client ID and Client Secret can be found within the SSO tab under the top section, Enable OpenID Connect.
Show client secret, then copy/paste.
Under these values, we can also copy/paste the Issuer URL listed here. This is synonymous with the Discovery URL we will need to input to CloudTalk's settings for SSO setup.
Below the Application Type header on this page, ensure that the Application Type is set to
Web. Beneath Token Endpoint, the Authentication Method should be set to
If not already done, you can add app admins by searching for and adding the desired user via the Privileges tab.
Having configured our app and obtained the necessary values, we will switch back to our CloudTalk Dashboard tab to copy and paste the Client ID, Client Secret, and Discovery URL (from Issuer URL) into their appropriate boxes.
POSTshould work for the Method, though
GETcan be tried.
Enabled OneLogin SSO on CloudTalk Phone
The settings chosen through the Dashboard will affect what users see on all CloudTalk login screens. When enabled, a button labeled
Sign in with SSO should be viewable on login screens.
Selecting this option, users will be prompted to enter their CloudTalk email.
Choose which available SSO you would like to login with.
Signing in with OneLogin for the first time, a popup login screen will appear, where you can enter your OneLogin username and password.
After a successful login, you should see the regular dialer appear along with the green dot next to the user, indicating the user is online and active.
Contact support for any questions or issues encountered. We're always happy to help!