To configure Microsoft Azure SAML 2.0 SSO for Virtual Office Configuration Manager.
- Configuration Manager
- Microsoft Azure SAML
Microsoft Azure administrators will need to configure their Azure AD account for 8x8 SSO before completing changes in Virtual Office (VO) Configuration Manager.
Adding 8x8 Virtual Office from the Gallery
To configure the integration of 8x8 Virtual Office into Azure AD, you need to add 8x8 Virtual Office from the gallery to your list of managed SaaS apps.
- In the Azure Portal, on the left navigation panel, click Azure Active Directory icon.
- Navigate to Enterprise applications. Then go to All applications.
- To add new application, click New Application button on the top of the dialog.
- In the search box, type 8x8 Virtual Office.
- In the results panel, select 8x8 Virtual Office, and then click Add button to add the application.
Configuring Azure AD for Single Sign-On
In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your 8x8 Virtual Office Configuration Manager.
- In the Azure portal, on the 8x8 Virtual Office application integration page, click Single sign-on.
- On the Single sign-on dialog, select Mode as SAML-based Sign-on to enable single sign-on.
- In the 8x8 Virtual Office Domain and URLs section, add https://sso.8x8.com/saml2 to the Identifier and Reply URL fields.
- On the SAML Signing Certificate section, click Certificate (Raw) and then save the certificate file on your computer.
- Click Save.
- On the 8x8 Virtual Office Configuration section, click Configure 8x8 Virtual Office to open Configure sign-on window. Copy the Sign-Out URL, SAML Entity ID and SAML Single Sign-on Service URL from the Quick Reference section.
- Sign-in to your 8x8 Virtual Office Portal as an Administrator.
- Select Virtual Office Configuration Manager on the Application Panel.
- Select Identity Management.
- In Identity Management select Add new SAML provider.
- Under Provider Name field type in provider name ie: MS Azure or Azure.
- Under Login options make selection Both 8x8 username and Single Sign On, Only Single Sign On or Only 8x8.
Note: Before uploading a certificate and saving it, be sure to convert raw certificates from DER/Binary to standard PEM format!To convert a certificate to PEM format, you can use the SSL Converter tool.
- Click Browse to upload your raw certificate
- Type of Current Certificate should be DER/Binary
- Type to Convert to must be Standard PEM
- Click Convert Certificate.
- Copy SAML SSO URL, Single Sign Out Service URL and Issuer URL from Azure AD to the IDP Login URL, IDP Logout URL and IDP Issuer URL/URN fields.
- Click Upload certificate link to upload certificate file that you downloaded from Azure AD as raw certificate. Once certificate is uploaded click Save.
Assigning the Azure AD Test User
In this section, you enable a user to use Azure Single Sign-On by granting access to 8x8 Virtual Office
To assign the user to 8x8 Virtual Office, perform the following steps:
- In the Azure portal, open the applications view, and then navigate to the directory view and go to Enterprise applications then click All applications.
- In the applications list, select 8x8 Virtual Office.
- In the menu on the left, click Users and groups.
- Click Add button, then select Users and groups on Add Assignment dialog.
- In the Users and groups dialog, select the user in the Users list.
- Click Select button on Users and groups dialog.
- Click Assign button on Add Assignment dialog.
Assigning the 8x8 User Federation ID field with the Azure AD userid
- Log into the 8x8 Configuration Manager portal with the administrator credentials.
- Click the Users icon under the General section of Configuration Manager.
- Click Edit (pencil icon).
- Navigate to Single Sign-On (SSO) section and under Federation ID add the Azure AD Userid.
- Note: to find the Userid, go to users and groups > click the user and look for Username.
- Click Save at bottom of page.
Also see Microsoft's Azure Tutorial page for additional reference. Even though the configuration steps focus on Account Manager configuration, the general process is the same for Configuration Manager accounts.