To use SAML-based SSO, you must have Workspaces enabled. Workspaces are available only on Voicea's Teams plan. 

Single sign-on (SSO) lets users sign in to all their enterprise cloud applications using their managed Azure account credentials. To set up SAML-based SSO, you must create a custom application within Microsoft Azure.

------------------------------------------------------------------------------------

Voicea SAML configuration settings to add to Microsoft Azure:

To register applications using the SAMLprotocol, use the Enterprise Applications blade to connect them with the Microsoft identity platform.

To connect an unlisted application using an app integration template, do these steps:

  1. Sign in to the Azure Active Directory portal using your Microsoft identity platform administrator account.
  2. Select Enterprise Applications > New application.
  3. (Optional but recommended) In the Add from the gallery search box, enter the display name of the application. If the application appears in the search results, select it and skip the rest of this procedure.
  4. Select Non-gallery application. The Add your own application page appears.

5. Enter the display name for your new application.
6. Select Add.
7. Next step is to  select Single sign-on from the application’s sidebar. The next page (Select a single sign-on method) presents the options for configuring SSO:

  • SAML
  • Password-based
  • Linked

8. Select SAML from the boxes below to configure SAML-based authentication for the application.
 [Screenshot 1]

The Set up Single Sign-On with SAML page appears.
[Screenshot 2]

9. Enter basic SAML configuration

To set up Azure AD, go to the Basic SAML Configuration heading (1st heading in the screenshot above) and select its Edit icon (a pencil). You can manually enter the values or upload a metadata file to extract the value of the fields.

To manually enter the values, please input the following values in the respective fields:

Identifier (Entity ID)

https://app.voicea.com/users/saml/metadata

Reply URL (Assertion Consumer Service URL)

https://app.voicea.com/users/saml/auth

Sign on URL

https://app.voicea.com/users/saml/auth

Relay State

https://app.voicea.com/users/saml/auth

10. Next step is to download Voicea certificate: 

 a) Go to  SAML Signing Certificate heading and select the Edit icon. The   SAML Signing Certificate appears. [Step 8 screenshot 2 above]
 b) Download the base64 certificate and open it in a text editor (you will need this in a following step)

------------------------------------------------------------------------------------

Microsoft Azure SAML configuration settings to add to Voicea:

1.) Log in to Voicea and go to your Workspace Settings.
2) Click EDIT SSO 

3) Fill in the Voicea SAML form with the following information:

Identity Provider Entity ID is the Identity Provider Issuer. For example, using Azure this would look like:

https://sts.windows.net/5bdab0a4-69d5-46bc-93a6-7c5789405df5/

 Identity Provider SSO Target URL is the Identity Provider Single Sign-On URL. For example, using Azure this would look like:

https://login.microsoftonline.com/5bdab0a4-69d5-46bc-93a6-7c5789405df5/saml2

Identity Provider Cert Fingerprint: 

Generate a formatted fingerprint using a SHA1 hash, and copy the formatted fingerprint into the Voicea platform.
You can learn more about how to generate a SHA1 formatted fingerprint at SAMLTool.com. You will need the cert from step 10 (b) above).
If you have OpenSSL installed, you can create the formatted fingerprint with:

openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]

The formatted fingerprint will look like this:

C1:9F:07:A4:DB:1B:51:3D:12:9Q:32:3C:21:48:37:A9:22:6F:8B:32

Identity Provider Cert

Please copy and paste your cert into this form (from step 10 b above). Include the full cert, making sure there are no spaces at the front or end of the cert you copy into the Voicea platform.

-----BEGIN CERTIFICATE-----
cert contents here
-----END CERTIFICATE-----
Did this answer your question?