06/05/18 19:10 PM  

Setting up RingCentral Single Sign-On (SSO)

« Go Back


SummaryAccount Administrators can select to set up Single Sign-on by themselves for their RingCentral account or contact support for an assisted setup. Administrators can go to Tools > Single Sign-on to access the Single Sign-on page. Follow the steps below to setup SSO.

Setting up RingCentral Single Sign-On (SSO) ​


tools - sso page

Set up SSO by yourself
Contact Customer Support

Set up SSO by yourself

To start the SSO self-serve flow, export the IDP metadata from your IDP server first, then follow the steps below.

1. Click Set Up.

tools - sso page - selfserve 1

2. Upload IDP metadata from either local file or URL from your IDP server.

tools - sso page - selfserve 2

NOTE: If the IDP (Identity provider) entity ID is used by multiple accounts, you will not be able to set up SSO by self-serve. If we find that this IDP has already been assigned to another account, you will need to contact RingCentral Customer Support for manual configuration.

3. The necessary information will be parsed from metadata and will be displayed automatically.

tools - sso page - selfserve 3

4. Select attribute in metadata which should be mapped to email at the RingCentral side. The drop-down list will list all attributes parsed from the IDP metadata.

NOTE: You may need to specify which email attributes you want to use within your metadata. If the email attribute is not recognized, you will need to type out the name of the attribute by clicking Custom in drop-down.

tools - sso page - selfserve 4

5. Manage certificates. You can add multiple certificates, but only the ones identified as Primary and Secondary certificates will be used. If metadata already contains certificate information, it will be displayed. Otherwise, you can add certificates manually in this step. Click Save on the window when done.

tools - sso page - selfserve 5

NOTE: If certificates are expired, the SSO login flow will fail. When IDP notifies you that your certificate is about to expire, you can upload new certificates yourself.

6. Download the Service Provider metadata and import it into your IDP server to complete the configuration on your IDP side.

tools - sso page - selfserve 6

7. Tick the Enable SSO Service checkbox and then click Save.

NOTE: If there is a duplicate email in the account, SSO cannot be enabled.

tools - sso page - selfserve 7

Contact Customer Support

For an assisted setup for Single Sign-on, click View Detail under Contact Customer Support on the Single Sign-on page.

sso - contact support

The Contact Support to Enable SSO window will pop up. Follow the steps to continue.

tools - sso page - contact support window


1. Prepare IDP SAML 2.0 medadata. 

This section will show you the sample SAML metadata and the SAML Reference for guidance. You can get the SAML 2.0 metadata details from an Identity Provider (IDP), like PingFederate, Okta, or a homegrown IDP. 
Call RingCentral Customer Support and request Single Sign-on set up assistance. A Support member will ask for your SAML 2.0 metadata file and answer your Single Sign-on questions.

3. Import SAML 2.0 Service Provider (SP) metadata

You will receive an email from RingCentral Customer Support containing SAML 2.0 SP metadata. You need to import this data into your Federation Server.

4. Enable SSO Integration.

See also:

Single Sign-on Overview
Was this information helpful?

Tell us why and what can we do to improve this information