To use SAML-based SSO, you must have Workspaces enabled. Workspaces are available only on Voicea's Teams plan. 

Single sign-on (SSO) lets users sign in to all their enterprise cloud applications using their managed Google account credentials. To set up SAML-based SSO, you must create a custom application within Google G-Suite.

------------------------------------------------------------------------------------

Voicea SAML configuration settings to add to Google G-Suite:

  1. In your Google Admin console (at admin.google.com)...
  2. Go to SAML Apps.
  3. Click Add + at bottom right.
  4. Click Set up my own custom app. The Google IDP Information window opens and the SSO URL and Entity ID fields automatically populate.
  5. Get the setup information needed by the service provider using one of these methods: Copy the SSO URL and Entity ID and download the Certificate. Download the IDP metadata.
  6. (Optional) In a separate browser tab or window, sign in to your service provider and enter the information you copied in Step 5 into the appropriate SSO configuration page, then return to the Admin console.
  7. Click Next.
  8. In the Basic information window, add an application name and description.
  9. (Optional) Upload a PNG or GIF file to serve as an icon for your custom app. The icon image should be 256 pixels square.
  10. Click Next.
  11. In the Service Provider Details window, enter an ACS URL, Entity ID, and Start URL (if needed) for your custom app. These values are all provided by the service provider. 
  12. Click Next.
  13. (Optional) Click Add new mapping and enter a new name for the attribute you want to map.Note: You can define a maximum of 500 attributes over all apps. Because each app has one default attribute, the total amount includes the default attribute plus any custom attributes you add.
  14. In the drop-down list, select the Category and User attributes to map the attribute from the Google profile. Note: You cannot use Employee ID for attribute mapping.
  15. Click Finish.

ACS URL:

https://app.voicea.com/users/saml/auth

Entity ID: 

https://app.voicea.com/users/saml/metadata

Start URL:

https://app.voicea.com/users/saml/auth

Voicea requires certain information to be provided in order to authenticate a user Please map the appropriate attributes from G-Suite to the following Voicea attributes:

email
first_name
last_name
name

Turn on SSO to your new SAML app

  1. In your Google Admin console (at admin.google.com)...
  2. Go to SAML Apps.
  3. Select your new SAML app.
  4. At the top right of the gray box, click Edit Service .
  5. To apply settings to all organizations, click On for everyone or Off for everyone, and then click Save. 
  6. To apply settings to individual organizational units, do the following: At the left, select the organizational unit that contains the users whose settings you want to change. To change the setting, select On or Off. To keep the setting the same, even if the parent setting changes, click Override.If the organization's status is already Overridden, choose an option: Inherit—Reverts to the same setting as its parent. Save—Saves your new setting (even if the parent setting changes).
  7. Ensure that your user account email IDs match those in the domain for your Google service.

------------------------------------------------------------------------------------

Google G-Suite SAML configuration settings to add to Voicea:

1.) Log in to Voicea and go to your Workspace Settings.
2) Click EDIT SSO 

Fill in the Voicea SAML form with the following information:

Identity Provider Entity ID is the Identity Provider Issuer. For example, using Google this would look like:

https://accounts.google.com/o/saml2?idpid=xyz

 Identity Provider SSO Target URL is the Identity Provider Single Sign-On URL. For example, using Google G-Suite this would look like:

https://accounts.google.com/o/saml2?idpid=xyz

Identity Provider Cert Fingerprint: Please copy and paste your cert into this form. Include the full cert, making sure there are no spaces at the front or end of the cert you copy into the Voicea platform.

-----BEGIN CERTIFICATE-----
cert contents here
-----END CERTIFICATE-----

Identity Provider Cert
Generate a formatted fingerprint using a SHA1 hash, and copy the formatted fingerprint into the Voicea platform. You can learn more about how to generate a SHA1 formatted fingerprint at SAMLTool.com. If you have OpenSSL installed, you can create the formatted fingerprint with:

openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]

The formatted fingerprint will look like this:

C1:9F:07:A4:DB:1B:51:3D:12:9Q:32:3C:21:48:37:A9:22:6F:8B:32
Did this answer your question?