Article updated: October 04, 2022
Enable Sparkcentral single sign-on with third-party partners
Single sign-on (SSO) is a session and user authentication service that provides users with of a single set of login credentials for multiple applications. SSO helps enterprises, smaller organizations, and individuals manage a variety of user names and passwords. SSO is considered as a Federated Identity Management (FIM) arrangement, and the use of such a system is called Identity Federation.
Open Authorization (OAuth) is the framework that allows a user’s account details to be used by third parties, such as Facebook, without forwarding the login data to the third-party service provider. OAuth functions as an intercessor on behalf of the user by providing a token that grants the third-party access specific details that can be shared. When the user requests access to the platform from the provider, the service provider notifies the identity provider for authentication. The service provider then confirms the authentication and enables the access for the user.
- Every agent will be automatically switched to use SSO. We recommend having at least one admin with username/password login and multifactor authentication. If something is adjusted in your SSO configuration, this admin user will still be able to log in and fix any configuration issues.
- For information on enabling SSO with Hootsuite, see Enable single sign-on (SSO) with Hootsuite and Sparkcentral.
We've included step-by-step instructions for four common SSO integrations. Steps may vary slightly as providers update their websites.
- Log in to Onelogin as an administrator, and on the Applications tab, select Add App.
- Search for "SAML Test", select SAML Test Connector (Advanced), and select Save.
- In Sparkcentral, go to Admin settings, expand Privacy and security, and then select Single sign-on (SSO).
- Copy the Entity ID, ACS URL, Logout URL, and Signon URL under Sparkcentral details for identity providers and paste them into the corresponding fields on the Onelogin application details page (Application tab, Configuration page). Select Service Provider as the SAML initiator and AES-256-CBC as the SAML encryption method.
- On the Parameters page in Onelogin:
- Select the + icon to add a custom parameter.
- Copy the Email Address Claim Name in Sparkcentral and past it into the Field name box in the Onelogin New Field dialog box.
- Under Value, select Email, and select the Include in SAML assertion check box. Select Save.
- On the Onelogin More Actions menu, choose SAML Metadata to download the XML file for step 8.
- On the Users tab, select the Applications page, and then select the + icon to assign the application to the users. Select Sparkcentral, select Continue, and then select Save.
- In Sparkcentral:
- On the Single sign-on page, select Upload metadata, and upload the file you downloaded in step 6.
- Select the check boxes under Single sign-on and Single logout. Select Save.
- Expand Agents and teams, select Agents, and select Add agent (or edit an existing agent). In the Email address field, enter the user's Onelogin email address, toggle the Single sign-on option to ON, and select Save.
- In Microsoft Azure, go to Azure Directory, select Enterprise applications, and then select New Application.
- Choose the Non-gallery application option, select Single sign-on, and then select SAML.
- In Sparkcentral, go to Admin settings, expand Privacy and security, and then select Single sign-on (SSO). Under Download service provider metadata XML, select Download.
- On the Azure SAML-based sign-on page, select Upload metadata file and upload the XML file you just downloaded.
- Copy the Logout URL and Signon URL under Sparkcentral details for identity providers and paste them into the corresponding fields on the Azure configuration page. The Entity ID and Reply URL are entered for you.
- Select Save. If Microsoft Azure asks you to test, select No.
- On the Azure SAML-based sign-on page, select the Federation Metadata XML file link to download it, and then in Sparkcentral, upload it by selecting Upload metadata.
- In Microsoft Azure, select User Attributes & Claims. Make sure the claim name in Sparkcentral matches the claim that contains the email of the user. The email address will be used to match users in your enterprise with the users in Sparkcentral.
- In Sparkcentral, select the check box under Single sign-on and, optionally, Single logout.
- In your admin Google console (https://admin.google.com/), select Apps, select SAML apps, select Add a service/App to your domain, and then select SETUP MY OWN CUSTOM APP.
- Download the IDP metadata and store it for later; select Next. Enter your application name and select Next.
- In Sparkcentral, go to Admin settings, expand Privacy and security, and then select Single sign-on (SSO).
- Copy the Entity ID, ACS URL, and Signon URL under Sparkcentral details for identity providers and paste them into the corresponding fields in the Google Service Provider Details dialog box.
- Select the Signed Response check box, select EMAIL for the Name ID Format, and then select Next.
- In Sparkcentral, copy the Email address claim name, and then paste it into the Google Attribute mapping dialog box. Select Basic information and Primary Email as the values. Select Finish.
- On the Google SAML apps page (see step 1), select the 3 dots next to your app and select ON for everyone.
- In Sparkcentral:
- On the Single sign-on page, select Upload metadata, and uploaded the file you downloaded in step 2.
- Select the check boxes under Single sign-on and Single logout. Select Save.
- Expand Agents and teams, select Agents, and select Add agent (or edit an existing agent). In the Email address field, enter the user's Gmail address, toggle the Single sign-on option to ON, and select Save.
- Log in as an administrator, select the Applications tab, and then select Add Application.
- Select Create New App, select Web as the platform, and SAML 2.0 as the sign-on method, and then select Create.
- Enter your app name, select Do not display applications to users, and then select Next.
- In Sparkcentral, go to Admin settings, expand Privacy and security, and then selects single sign-on (SSO).
- Copy the Email address claim name, Entity ID, and ACS URLon the Sparkcentral Single sign-on page and paste them into the corresponding fields on the Okta Edit SAML Integration page. (Select Show Advanced Settings to reveal all fields.)
- Open the Sparkcentral Single Sign-On settings and copy the values as indicated (click on “Show Advanced Settings”). Select Email as the application username and user.email as the property value. Select Next.
- Select I'm an Okta customer adding an internal app and This is an internal app that we have created, and then select Finish.
- Right-click Identity Provider metadata, select Save Link As, and choose xml-file.
- To assign users, select Assign Applications, select Assign, confirm the Okta email address, and then select Save and Go Back.
- In Sparkcentral:
- On the Single sign-on page, select Upload metadata, and uploaded the file you downloaded in step 8.
- Select the check box under Single sign-on and select Save.
- Expand Agents and teams, select Agents, and select Add agent (or edit an existing agent). In the Email address field, enter the user's Okta address, toggle the Single sign-on option to ON, and select Save.
- To allow users to click a button in Okta to open Sparkcentral, create an application in Okta:
- Select Add application, look for "Bookmark App," and select Add.
- Enter the application name, copy the sign-on URL from Sparkcentral, and then select Save.
- Assign the same users (or use a group for both applications to ease management), and update the logo.
Can't find what you're looking for? We're here to help