Introduction
Spoke Phone supports Single Sign-On [SSO] to enable your users to easily log in to Spoke Phone apps with their existing enterprise credentials. SSO is supported for Spoke Phone mobile apps, desktop apps, and the Spoke Phone Account Portal for company administrators.
Spoke Phone's SSO supports SAML 2.0, widely implemented by many enterprise applications including Microsoft, Google, Salesforce and also supported by many identity provider platforms [IdPs] such as Okta or Onelogin.
Getting Started
You can easily set up SSO with any Identity Provider [IdP] that supports SAML 2.0. We have created step by step guides for the following common providers:
- Microsoft Azure Active Directory (MS Cloud)
- Salesforce
- Okta
- Onelogin
Other providers that support SAML 2.0 will have very similar steps and SSO with Spoke Phone should be easy to configure following a similar process.
Supported Features
User authentication
When a user authenticates through the IdP, the user's email is matched against the Spoke Phone users. The user is granted access to the Spoke Phone App if the matched Spoke Phone user has the appropriate Spoke Phone role for that App.
User Provisioning
Automatic user provisioning from the IdP is not yet supported.
Bulk user provisioning can be done easily with a CSV import into Spoke Phone.
We are working on SCIM user provisioning for a future update.
FAQs
If a user is logged out of the IdP (E.g. Google, Microsoft, Okta. etc) will they be logged out of Spoke Phone apps?
No. Currently, SSO logout is not supported. The user will need to log out of the Spoke Phone App manually.
If a user signs out of Spoke Phone, will the user be signed out of other apps too?
No, Spoke Phone does not currently support sending Single Log Out requests to the IdP.
If I delete a user from my IdP, will the user still be able to log in?
No, however, the user is not deleted from your Spoke Phone Account automatically so any active sessions will remain logged in. The user will not be able to log in on another device, or after they choose to log out.
You must delete the user in the Spoke Phone Account portal to ensure any active sessions are invalidated. When you delete or deactivate a user from the Spoke Phone Account Portal, they are immediately logged out.
Does a user's session expire?
A user session lasts 21 days. If the user continues using the app, the session is automatically refreshed. If the user does not use the app within 21 days, the session will expire and they will need to authenticate again.