Single Sign-on FAQ ================== What is Single Sign-on (SSO)? ----------------------------- **Single Sign-on** allows employees to access company applications with one set of credentials. The credentials can include email, phone number, username, and password. The company routes all logins through an IDP (Identity Provider) with which the company has a purchased license. The IDP usually hosts a sign-in page to enter their company credentials before entering an application. SSO provides greater security with the central authentication point, limiting the possibility of phishing. Each user contact email address must be unique when creating user extensions or call queue extensions to ensure no conflict with Single Sign-on for your account. Note: RingCentral does not support Single Log Out (SLO). Who is eligible for SSO? ------------------------ Customers with RingEX™ Premium and Ultimate accounts are eligible for SSO. What are the requirements for SSO? ---------------------------------- An **IDP** that supports **SAML 2.0** is required. Most IDPs in the industry support **SAML2.0**, but it should still be confirmed before the SSO implementation. What is the process if an SSO-enabled company adds new users? ------------------------------------------------------------- The new user will receive an activation email to set up their PIN and security questions. The email will include instructions for them to sign in with SSO. Where can RingCentral customers use SSO? ---------------------------------------- SSO works with your RingCentral online account and all RingCentral applications. SSO also works with all RingCentral integration solutions such as Salesforce, Google, Microsoft Azure, and Office 365. What notification will RingCentral send out after SSO is enabled? ----------------------------------------------------------------- SSO notifications will be sent in the following scenarios: * Enabling with **Enforce SSO login only** * Enabling with **Allow users (either or)...** and selecting **Yes** to maintain password * Disabling SSO Apart from the scenarios above, customers will need to send out a notification and let their employees know about the change after SSO is enabled. What should customers do if the SSO server fails or won't sign in? ------------------------------------------------------------------ You can reach out to [support](https://support.ringcentral.com/contact-support.html ""). Support can manually reset the password and send the temporary password to the account users. How can RingCentral customers set up their SSO settings? -------------------------------------------------------- Account admins can go to **More \> Security and Compliance \> Single Sign-on** . From there, admins can select **Set up SSO by yourself** or **Contact Customer Support**. If multiple accounts use a customer's IDP entity ID, does it mean they can't access SSO functionality? ------------------------------------------------------------------------------------------------------ No. Customers won't be able to set up SSO themselves, but they can still contact [support](https://support.ringcentral.com/contact-support.html "") to configure SSO. Can all users sign in using their email instead of their number/extension? -------------------------------------------------------------------------- Yes, admins can configure this setting for users. * Go to **Admin Portal** \> **More** \> **Security and Compliance** \> **Single Sign-on** \> **SSO Settings**. * Click **Off** to disable the **ability to log in with RingCentral credentials**. * Click **Save** to save your changes. How do I sign in to the RingCentral online account using SSO? ------------------------------------------------------------- You can go to the [Admin Portal](https://service.ringcentral.com ""), then click **Single Sign-on** to sign in.