Configuring Okta SAML 2.0 SSO for Virtual Office Account Manager

Add the 8x8 SAML Application in Okta

Okta administrators will need to configure their Okta account for 8x8 SSO before completing changes in Virtual Office (VO) Configuration Manager.

1. Open the Okta Admin portal.
2. Click the Applications menu and select Applications.
3. Click Add Application.

4. Search for 8x8 Inc and click Add.
5. In the General Settings window, click Done.

Add Users to the 8x8 Inc Application

Okta users requiring access to 8x8 services must be added to the 8x8 application in Okta.

1. If needed, click the Applications menu to see your installed applications, then click 8x8 Inc to open that application.

2. Click the Assignments tab.
3. Click the Assign drop-down and select Assign to People.

4. Click Assign for each individual user you are providing access to 8x8 Virtual Office.
5. Click Done.

Obtain Your Okta SAML SSO Configuration Info

Follow these steps to gather information for required changes in Virtual Office Account Manager.

1. First click the Okta Applications menu to see your installed applications, then click 8x8 Inc to open that application.

2. Click the Sign On tab.

3. Scroll down to Sign On Methods > SAML 2.0 and click View Setup Instructions. This will pop open a new browser tab with Okta's document How to Configure SAML 2.0 for 8x8 Inc.

If the View Setup Instructions option does not appear in this view, switch your Okta from Developer Console to Classic UI mode at the top-left of the screen, and then follow these instructions again.

Okta's document explains in detail how to complete your SSO configuration in Account Manager.

For convenience, we've included these instructions in the next section, below. However, you'll still need to obtain the following information from Okta's document that is specific to your Okta environment.

4. Scroll down to step 7 of Okta's configuration document, and:

• Copy and paste the Sign In URL into any text editor (or just keep your browser tab open for later). You'll use this information in the next section.
• Copy and paste the Issuer URL as above.
• Click the Identity Provider Certificate URL and save your okta.cert certificate file to a known location.

8x8 accepts only PEM-formatted provider certificates for use with external SSO applications. In this case, Okta's certificate for Account Manager should already be generated in PEM format.

Configure Okta Access in VO Account Manager

Now that your Okta service is configured, follow these steps to configure your 8x8 Account Manager.

1. First, log in to Account Manager, and navigate to Accounts > Single Sign On.
2. Click the check box for Single Sign On. This should automatically select the SAML option.
3. Click on SAML to expand the SAML Single Sign On view.

For this next step, you'll need the information you previously obtained from your Okta configuration.

4. Copy and paste the Sign In URL into Sign In URL field.
5. Copy and paste the Issuer URL into the Issuer URL field.
6. Click the Browse button next to Identity Provider Certificate.

7. In the Upload Certificate window, click Add.
8. Navigate to and select the Okta certificate file you downloaded earlier, select it and click Open to return to the Upload Certificate window.
9. Click Upload to push your certificate to 8x8, and then click Done to finish adding your Okta certificate.

With your certificate upload completed, you should see issuer information as well as certificate validation dates.

10. Click Save.

By default the User Mapping Field is set to Automatically selected, and can be left on this setting.

11. Click Save again to complete your Okta parameter configuration.

8x8 User Profile Configuration

The final step in configuring 8x8 Account Manager for use with Okta SAML SSO is to create or edit your users' 8x8 user profiles.

1. From Accounts, click on User Profiles.
2. Now either click Edit on an existing user profile, or click Create New User Profile to generate a brand new 8x8 user profile,
3. Add the individual Okta Username to the 8x8 user profile Federation ID field. This action ties the user's Okta ID to their required 8x8 User Name.
4. Add any other 8x8 user profile information as required or desired.
5. Click Save to complete your changes.

Your Okta users should now be able to log in to 8x8 Virtual Office applications such as Virtual Office Desktop using only their assigned Okta user ID.

NOTE: Once all of the previous SAML configuration steps have been completed, the Federation ID field should appear in each 8x8 user profile page. If the Federation ID field does not appear when you click Edit or Create New User Profile, go back to Accounts > User Profiles and click on the Edit Viewable / Hidden Fields button, then check the Federation ID check box to enable it, and click Save.

Logging in to 8x8 Virtual Office Desktop Using Okta SSO

Login to Virtual Office Desktop with Okta SSO credentials is a simple process.

1. First, launch the Virtual Office Desktop application.
2. Click on Use Single Sign On.
3. Enter your Okta login ID and click Continue.
4. Click Log in using SSO. Note that subsequent logins will generally skip this step and pass through.

5. You will be re-directed to an Okta web browser login page the first time you log in. Enter your Okta user credentials to complete the login process.

NOTE: Subsequent logins will still pop a browser web page, but the login to VOD should proceed directly unless the Okta administrator has defined otherwise. This web browser page pop will no longer occur once long-term development of 8x8 Virtual Office Desktop has been completed.

Once login is completed, the web browser page will display a success message, and the user will be logged into VOD.

You can now close the web browser tab, and access your 8x8 Virtual Office phone extension.