Administrators should log in to the BT Cloud Phone portal https://portal.btcloudphone.bt.com, and go to Admin portal > Tools > Single Sign-on.
IMPORTANT: Prepare Identity Provider Security Assertion Markup Language (IDP SAML) 2.0 metadata. For more information on SAML, open this document: SAML 2.0 reference. Once you have this information, you have the option to proceed with self set-up or contact support for assistance.
Set up SSO by yourself
1. Click Set-up under Set up SSO by yourself.
2. Upload IDP metadata from either local file or URL from your IDP server.
NOTE: If the IDP entity ID is used by multiple accounts, you will not be able to set up SSO by self-serve. If this IDP has already been assigned to another account, you will need to contact BT Cloud Phone Support for manual configuration.
3. The necessary information will be parsed from metadata and will be displayed automatically.
4. Select attribute in metadata which should be mapped to email at the BT Cloud Phone side. The drop-down list will list all attributes parsed from the IDP metadata.
NOTE: You may need to specify which email attributes you want to use within your metadata. If the email attribute is not recognized, you will need to type out the name of the attribute by clicking Custom in drop-down.
5. Manage certificates. You can add multiple certificates, but only the ones identified as Primary and Secondary certificates will be used. If metadata already contains certificate information, it will be displayed. Otherwise, you can add certificates manually in this step. Click Save on the window when done.
NOTE: If certificates are expired, the SSO login flow will fail. When IDP notifies you that your certificate is about to expire, you can upload new certificates yourself.
6. Download the Service Provider (SP) metadata and import it into your IDP server to complete the configuration on your IDP side.
7. Tick the Enable SSO Service checkbox and then click Save.
Contact Customer Support
1. Click View details under Contact Customer Support.
2. Follow the steps provided and contact BT Cloud Phone Support.
3. Tick the Enable SSO Service checkbox to enforce SSO on login and then click Save.
IMPORTANT: If there is a duplicate email in the account, SSO cannot be enabled. To ensure there is no conflict with Single Sign-on for your account, each User's contact email address must be unique when creating User extensions or call queue extensions. You may check this by clicking the Verify Email Uniqueness button on the User details.