This article outlines the steps required to set up Single Sign-On [SSO] with Microsoft Cloud authentication. Users can then use Microsoft authentication to access the Spoke Phone mobile app, desktop app and account portal.
You will need to have an account with admin access to Microsoft Azure to complete this configuration.
Contents
Create and configure an Azure Enterprise Application
Assign users to the Azure Enterprise Application
Complete your Spoke Phone SSO configuration
Create and configure an Azure Enterprise Application
- Visit admin.microsoft.com and navigate to Azure Active Directory admin center
- Click Enterprise Applications
- Select + New application and then + Create your own application
- Give the new application a name such as Spoke Phone and choose Integrate any other application
- Ignore any matching gallery applications and select Create
- Select Get started in the Set up single sign on tile
- Click SAML
- Edit the Basic SAML Configuration with the following values:
Identifier (Entity ID)L =urn:amazon:cognito:sp:us-east-1_QElIJGlYT
Reply URL =https://sso.spokephone.com/saml2/idpresponse - Click Save and close the basic configuration, returning to the Set up Single Sign-On with SAML page
- In the SAML Signing Certificate section click Download and save the Federation Metadata XML file locally
Tip - This download should start straight away, but can take a few moments.
Assign users to the Azure Enterprise Application
You can now assign Azure Active Directory users to the new Spoke Phone app created in Azure Active Directory.
-
- Ensure the users in Azure that you wish to have access to Spoke Phone have been added to the new Spoke Phone Azure ap in Enterprise Applications > Spoke Phone > Users and Groups
- Ensure that each user you wish to have access has a valid user setup in your Spoke Phone account with the same email address used in Azure.
TIP: You can download a list of users to a csv file and manipulate that file to upload users directly into the Spoke Account portal.
- For downloading users from Azure, see https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/users-bulk-download
- For uploading users to Spoke Phone see How to bulk-add and invite users to Spoke Phone by email address
- Ensure the users in Azure that you wish to have access to Spoke Phone have been added to the new Spoke Phone Azure ap in Enterprise Applications > Spoke Phone > Users and Groups
Complete your Spoke Phone SSO configuration
-
- Go to your Spoke Phone account portal online and login
- Navigate to Other > Advanced and select the SINGLE SIGN-ON tab at the top of the Advanced page
- Enter in a Company Name and select Check availability
- Select Upload and choose the file (e.g.) Spoke Phone.xml you saved earlier
Tip: Any changes to the Azure Application (Spoke Phone) may trigger the creation of a new certificate, in which case the XML file will need to be re-downloaded.
- Complete the SAML Response Mapping in the Spoke Phone Account Portal as follows:
Email =http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Tip: If you use the UPN as the email in Azure, the Email mapping is: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
First Name =http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Last Name =http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- Complete the SAML Response Mapping in the Spoke Phone Account Portal as follows:
- Go to your Spoke Phone account portal online and login