Desktop & web
Single Sign-On (SSO) FAQ
Last updated on December 13, 2021
- What is Single Sign-On (SSO)?
- Who is eligible for SSO?
- What are the requirements for SSO?
- What is the process if an SSO-enabled company adds new Users?
- Where can RingCentral customers use SSO?
- What notification will RingCentral send out after SSO is enabled?
- What should customers do if the SSO server fails or cannot sign in with SSO?
- How can RingCentral customers set up their SSO settings?
- If multiple accounts are using a customer’s IDP entity ID, does it mean they cannot access SSO functionality at all?
- Is it possible to make all Users sign in using their email instead of their number/extension?
What is Single Sign-on (SSO)?
Single Sign-on allows employees to access all the company applications with one set of credentials. The credentials can include email, phone number, username, and password, depending on the company. The company routes all logins through an Identity provider (IDP) with which the company has a purchased license. The IDP usually hosts a login page to enter their company credentials before entering any application. Single Sign-on provides better security at the central authentication point, limiting the possibility of phishing.
Each user contact email address must be unique when creating user extensions or call queue extensions to ensure no conflict with Single Sign-on for your account.
Note: RingCentral does not currently support Single Log Out (SLO).
Who is eligible for SSO?
Customers with RingCentral MVP Premium and Ultimate accounts are eligible for SSO.
What are the requirements for SSO?
An identity provider (IDP) that supports SAML 2.0 is required. Most IDPs in the industry support SAML2.0, but it should still be confirmed before the SSO implementation.
What is the process if an SSO-enabled company adds new Users?
The new user will receive an activation email to set up their PIN & security questions. The email includes instructions for them to sign in with SSO.
Where can RingCentral customers use SSO?
SSO works with your RingCentral online account and all RingCentral applications. SSO also works with all RingCentral integration solutions such as Salesforce, Google, Microsoft Azure and Office 365.
What notification will RingCentral send out after SSO is enabled?
SSO notifications are sent in the following scenarios:
- Enabling with "Enforce SSO login only"
- Enabling with "Allow users (either or)..." and selecting Yes to maintain password
- Disabling SSO
Apart from the scenarios above, customers will need to send out the notification and let their employees know about the change after SSO is enabled.
What should customers do if the SSO server fails or cannot sign in with SSO?
Customers can reach out to RingCentral support. RingCentral support can manually reset the password and send the temporary password to the account users.
How can RingCentral customers set up their SSO settings?
Account administrators can go to More > Security and Compliance > Single Sign-on. From there, admins can select Set up SSO by yourself or Contact Customer Support. See Setting up Single Sign-On (SSO) in RingCentral Admin Portal for the detailed steps.
Multiple accounts are using a customer’s IDP entity IDnts. Does it mean they cannot access SSO functionality at all?
No. Customers will not be able to set up SSO by self-serve, but they can still call RingCentral Support for manual configuration of SSO.
Is it possible to make all Users sign in using their email instead of their number/extension?
Yes, admins can configure this setting. Follow the steps below:
- Go to Admin Portal > More > Security and Compliance > Single Sign-on > SSO Settings.
- Click Off to disable the ability to login with RingCentral credentials.
- Click Save to save your changes.
See also:
© 1999 - 2022 RingCentral, Inc. All rights reserved.