SSO setup with oneLogin with Kazoo!

Requirements

In order to use oneLogin with Kazoo, the company will need to have an account with oneLogin and a Kazoo subdomain. Once you have both of these accounts, please follow the steps below.

Important Note: If users will be accessing mobile app, please ensure that configuration allows access to SSO connections outside of the company’s network.

Setup Steps

  • Login to oneLogin as admin

  • Go to Apps > Add Apps (or click Add Apps from the setup wizard) to open the Find Applications page, where you can browse or search for YouEarnedIt

  • When the Configuration tab appears, update the app display name or icons if you like, and click Save to add the app to your Company Apps.

  • When you click Save, the app is added to your account and all app configuration and information pages become available.

Configuration

  • Go to the Configuration tab and enter the Application Details that help OneLogin know where and how to send the SAML message. You should see a subdomain section where you enter your Kazoo subdomain provided by your Kazoo Customer Support manager or Account Manager.

  • Click Save.

  • You should now see 8 tabs: Info, Configuration, Parameters, Rules, SSO, Access, Users and Setup

  • Click on Parameters to set up the credentials Users will need to login

  • Go to the SSO tab to copy the SAML metadata that you must provide to the app provider to complete the integration. The following screenshot shows no information - this is an example only and these areas should have the information provided.

As a note:

  • SAML Signature Algorithm: SHA-256

  • SAML Issuer URL: the OneLogin URL that provides data about OneLogin as a SAML-providing IdP.

  • SAML 2.0 Endpoint (HTTP): the OneLogin URL that the app redirects to for SSO if a session isn’t already established.

  • X.509 Certificate: the Public certificate that establishes trust between OneLogin and the app provider.

To copy the X.509 certificate: Click View Details and click the Copy to Clipboard icon for the X.509 Certificate. If you want a different certificate, click Change on the SSO tab, select the new certificate, and follow the above instructions. You must include the entire certificate, including —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—— when you provide it to the app provider.

If there are issues copying this certificate, you can also provide the full Metadata file URL. You can get it by going to the More Actions menu and clicking SAML Metadata.

  • Next, choose the Access tab and fill out any requirements for users. If you have no Roles set up, you can move on to the next step.

This area will prompt you for any login policy as well as role based policy, if roles are set up. Roles are set through OneLogin and are not app specific. Click Save to save any changes made to this page.

Once these steps are completed, contact your Customer Success Manager or Account Manager to start the testing process. To ensure that testing goes as smoothly as possible please follow the steps below: Ensure that you have matching user accounts in the app and OneLogin (the OneLogin email address or username is identical to the app username).

  • You can create a test user, or you can use your own account.

  • Make sure you are logged out of the app.

  • Log in to OneLogin as an admin and give the test user access to the app in OneLogin. (See step 9 above)

  • Log in to OneLogin as the test user.

  • Click the app icon on the OneLogin dashboard.

If you are able to access the app, then everything works and other users should be able to access Kazoo! If you are unable to access the app, please send all pertinent information including screenshots of errors to your Customer Success Manager for troubleshooting.