SAML SSO Configuration

This process configures VoiceConsole to use SAML-based single sign on.

SAML (Security Assertion Markup Language) is an open source format for authentication and authorization between an Identity Provider and a Service Provider which is used to offer a single sign on service.

  • Service Provider - In this instance, it is VoiceConsole.
  • Identity Provider - The identity provider creates, maintains, and manages the identity information for users and provides user authentication to service providers.

Enable SAML SSO During Installation

This option must be selected during VoiceConsole installation.

This option is only available during new installations of VoiceConsole. SAML cannot be configured during an upgrade installation.

Configure SAML

The following process builds the trust between the Identity Provider (IDP) server and VoiceConsole.

  1. Copy the SAML metadata file from the IDP server to the VoiceConsole installation directory as follows:
    1. Create a directory named idp-meta at <VoiceConsole installation directory>\Vocollect\VoiceConsole\tomcat\webapps\VoiceConsole.
    2. Copy the SAML metadata file of the IDP server to the directory created above.
    3. Rename file to idp-meta.xml.
    4. Restart the VoiceConsole service.
  1. Generate the VoiceConsole SAML metadate file.
    1. Download by going to the following URL: <protocol>://<VoiceConsole DNS>/VoiceConsole/saml/metadata/meta.action
  2. Configure the VoiceConsole SAML metadata file in the IDP server.

    Ensure that UserID is configured to send as an attribute in assertion.

In a cluster environment, a license import requires you to restart the services on all nodes in order to load the license across the cluster.

  • For a first-time installation: Talkman Startup Tool and REST API authentication is available using only the default users (admin and vocollect) with the default passwords.
  • For an upgrade installation (where SAML/SSO was enabled in a prior installation): Talkman Startup Tool and REST API authentication is available using only users that existed before the upgrade. Users created after the upgrade will not work.