Login – Set Up Single Sign-On | Frequently Asked Questions | AT&T Office@Hand
Article #8813

This article provides information on how Account Administrators can set up Single Sign-on by themselves for their Wireless Integrated for AT&T Office@Hand account or contact support for an assisted setup.

Administrators can go to Admin Portal > Security and Compliance > Single Sign-on to access the Single Sign-on page. Click on the links below to know how to set up Single Sign-on.

Set up SSO by yourself
Contact Customer Support

Set up SSO by yourself

To start the SSO self-serve flow, export the IDP metadata from your IDP server first, then follow the steps below.

1. Click Set up.
2. Upload IDP metadata from either local file or URL from your IDP server.
   Note: If the IDP (Identity provider) entity ID is used by multiple accounts, you will not be able to set up SSO by self-serve. If we find that this IDP has already been assigned to another account, you will need to contact Wireless Integrated for AT&T Office@Hand Customer Support for manual configuration.
3. The necessary information will be parsed from the metadata and will be displayed automatically.
4. Select attribute in your metadata which should be mapped to email at the Office@Hand side.
   Note: If the email attribute is not recognized, you will need to type out the name of the attribute by clicking Custom in drop-down.
5. Manage certificates. You can add multiple certificates, but only the ones identified as Primary and Secondary certificates will be used. If metadata already contains certificate information, it will be displayed. Otherwise, you can add certificates manually in this step. Click Save on the window when done.
   Note: If certificates are expired, the SSO login flow will fail. When IDP notifies you that your certificate is about to expire, you can upload new certificates yourself.
6. Export the SIP metadata and import it into your Federation server to complete the configuration on your Identity Provider (IDP) side. Please use the following information when it’s requested by your federation server:
   • Audience URL: https://sso.ringcentral.biz
   • SP Entity ID: saml2:ringcentral:prodatt
7. Click the “Enable SSO Service” checkbox and then click Save.
   Note: If there is a duplicate email in the account, SSO cannot be enabled.

Contact Customer Support

For an assisted setup for Single Sign-on, click View Detail under Contact Customer Support on the Single Sign-on page.

The Contact Support to Enable SSO window will pop up. Follow the steps to continue.

1. Prepare IDP SAML 3.2 medadata.
   This section will show you the sample SAML metadata and the SAML Reference for guidance. You can get the SAML 2.0 metadata details from an Identity Provider (IDP), like PingFederate, Okta, or a homegrown IDP.
2. Call Wireless Integrated for AT&T Office@Hand Customer Support.
   Call Office@Hand Customer Support and request Single Sign-on setup assistance. A Support member will ask for your SAML 2.0 metadata file and answer your Single Sign-on questions.
3. Import SAML 2.0 Service Provider (SP) metadata.
   You will receive an email from Office@Hand Customer Support containing SAML 2.0 SP metadata. You need to import this data into your Federation Server.
4. Enable SSO Integration.

This article contains the frequently asked questions regarding AT&T Office@Hand Single Sign-On. Single Sign-On allows employees in a company to access all the company application with one set of credentials.

TABLE OF CONTENTS

1. What is Single Sign-On (SSO)?
2. Who is eligible for SSO?
3. What are the requirements for SSO?
4. What is the process if an SSO-enabled company adds new users?
5. Where can AT&T Office@Hand customers use SSO?
6. What notification will AT&T Office@Hand send out after SSO is enabled?
7. In case the SSO server fails or the customers are unable to sign in with SSO, what should they do?
8. How can AT&T Office@Hand customers set-up their SSO settings?
9. Is there any guideline I need to follow in order to successfully set up for SSO?
10. How long does it take to set up my account for SSO?
11. Can I maintain my Office@Hand credentials after set up with SSO?
12. How long can i remain logged in with SSO?

1. What is Single Sign-On (SSO)?
   
   Single Sign-On allows employees in a company to access all the company application with one set of credentials. Depending on the company, the credentials can include email, phone number or username along with the password. The company routes all logins through an IDP (Identity Provider) with which the company has a purchased license. The IDP usually hosts a login page for the employees to enter their company credentials before entering any application. Single Sign-On provides better security with the central authentication point, limiting the possibility of phishing.
2. Who is eligible for SSO?
   
   Any AT&T Office@Hand Office Premium and Enterprise accounts are eligible for SSO. The Account Administrators will see SSO under Tools on the top navigation menu.
3. What are the requirements for SSO?
   
   An IDP (Identity provider) which supports SAML 2.0 is required. Most IDPs in the industry support SAML2.0, but it should still be confirmed before the SSO implementation.
4. What is the process if an SSO-enabled company adds new users?
   
   The new user will receive an activation email for the accounts to setup their PIN number & security questions. The email will include instructions for them to sign in with SSO.
5. Where can AT&T Office@Hand customers use SSO?
   
   Single Sign-On can be used on the Online Account, Office@Hand Mobile App, and Office@Hand Desktop App only. Customers still need to use their AT&T Office@Hand credentials if they want to use Office@Hand Meetings.  
6. What notification will AT&T Office@Hand send out after SSO is enabled?
   
   AT&T Office@Hand will not send any notifications. A customer will need to send out the notification and let their employees know about the change after SSO is enabled.
7. In case the SSO server fails or the customers are unable to sign in with SSO, what should they do?
   
   You can reach out to Office@Hand Customer Support. The Office@Hand Support team can manually reset the password and send the temporary password to your account.
8. How can AT&T Office@Hand customers set-up their SSO settings?
   
   Account Administrators can go to Admin Portal > Tools > Single Sign-on. Account Administrators can select Set up SSO by yourself or Contact Customer Support. See Office@Hand: Setting up Single Sign-on for the detailed steps.
9. Is there any guideline I need to follow in order to successfully set up for SSO?

   In order to finish the SSO process, there cannot be any duplicate email within the account or across multiple account for account validation purpose.

10. How long does it take to set up my account for SSO?

    After the initial call with Office@Hand support, the whole process should be done within two (2) weeks.

11. Can i maintain my Office@Hand credentials after set up with SSO?

    Account Administrators can set whether users can maintain Office@Hand credentials or not on the SSO setup page. When disabled, users can only login through SSO.

12. How long can i remain logged in with SSO?

    This depends on the how long Idp is set for session time-out.  As long as the Idp is granting active session, users will remain logged in.