Engage Voice | Configuring authenticated login via Okta

The RingCentral Single Sign-on (SSO) service lets your company authenticate your RingCentral users through your company-level network login credentials.
 
SSO allows employees in a company to access all company applications with one set of credentials. The company routes all logins through an IdP (Identity Provider), such as Okta, with which the company has a purchased license. The IdP usually hosts a login page for the employees to enter their company credentials before entering any application. 
 
For admins who wish to strengthen network security by allowing authentication based on access from a whitelist of company-owned IP addresses or a list of geolocations, Okta can be integrated with RingCentral Office. Once integrated, the admin must switch all users to login with RingCentral credentials and require all users to log in to the Engage Voice platform using Single Sign-On. We’ll discuss how to add RingCentral to Okta and integrate it into your RingCentral Office account in the next sections. To learn more about how you can restrict or whitelist IP addresses or geolocations via Okta, you may read the Network Security article. 
 
Each user’s contact email address must be unique to ensure there is no conflict with SSO for your account.

Adding RingCentral to Okta

The first step is to add the RingCentral application to Okta. This step will allow you to get the metadata values specific to your organization from the Okta Administrator dashboard. For instructions, go to Integrate RingCentral with Okta.  

Getting the Identity provider metadata URL from Okta

The metadata URL is shown on the setup page during the SAML 2.0 set up. After adding RingCentral to Okta’s applications, you may get the metadata by following these steps:
1. Log in to your Okta Administrator dashboard.
2. Navigate to Applications > Applications.
3. Select RingCentral from the list of applications.
4. Click the Sign On tab.
5. Navigate to Settings > Sign On Methods > SAML 2.0.
6. Click the View Setup Instructions button.
7. The How to Configure SAML 2.0 for RingCentral page will open. You can find your organization’s metadata URL in step 4 of the How to Configure SAML 2.0 for RingCentral page.

Integrating Okta with RingCentral Office

After adding RingCentral to your Okta applications, the next step is to configure SSO and integrate Okta with your RingCentral Office account.
1. Log in to RingCentral Office using an admin account. You’ll need Super Admin privileges to be able to make the necessary changes.
2. Navigate to More > Account Settings > Directory Integration.
3. Select SCIM under Select Directory Provider
4. Click the Enable SCIM service button under Getting Started
5. Click Confirm in the modal window.
6. Navigate to More > Security and Compliance > Single Sign-on
7. Under SSO Configuration, you may choose to either Set up SSO by yourself or Contact Customer. Support

Set up SSO by yourself

This option allows you to set up SSO yourself by uploading your Okta’s SAML metadata. Before you proceed with the steps below, you must first get your Okta account’s metadata URL. You can do this by signing in to your Okta Administrator dashboard.
1. Click the Set Up button under Upload identity provider metadata file and certificate.
2. In the Upload IDP metadata section, click the dropdown menu under Upload metadata by and select URL.
3. Enter your organization’s metadata URL in the box provided, then click Import.
4. Under Attribute Mapping, click the dropdown menu under Map Email Attribute to and select Custom.
5. Type ‘email’ in the box provided, then click Save.
6. In the Set up SSO by yourself section, click the Download button.
7. Open the sp-metadata file you just downloaded in a text editor and note the entityID and Location values. You will need to enter this information in Okta. We’ll provide the steps in the section below.
8. In the Enable SSO section, check the box next to Enable SSO Service.
9. Under Manage Your Login, click the dropdown menu and select Allow users to log in with SSO or RingCentral credential.
10. Under Manage RingCentral password, you can enable or disable the use of the RingCentral ID and password for logging in, then click Save at bottom right.
  • No: All existing users will no longer be able to change or reset their RingCentral password, but they can still use their current RingCentral password to log in. For any newly created users, they won't be able to create RingCentral password nor use a RingCentral password to log in
  • Yes: All users can log in with either RingCentral ID and password or Single Sign-on (SSO)
11. Log in to your Okta Administrator dashboard, then open RingCentral from the applications list.
12. Click the Sign On tab, click the Edit button in the Settings section, then set the following values:
  • Default Relay State: https://service.ringcentral.com/mobile/ssoLogin
  • ASC URL: Copy the Location value from the metadata file (Step 7) into this field
  • Audience Restriction: Copy the entityID value from the metadata file (Step 7) into this field
13. Click Save.

Contact Customer Support

Select this option to set up SSO with help from RingCentral Support. Follow these steps for assistance.
2. Contact RingCentral Support and request for Single Sign-ON setup assistance.
© 1999-2021 RingCentral, Inc. All rights reserved.
Close X
Thanks!
We've sent you a link, please check your phone!
Please allow a full minute between phone number submissions.
There was an issue with SMS sending. Please try again. If the issue persists, please contact support.