The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
In this article we will outline setting up Microsoft Azure AD as a SAML Identity Provider so that we can utilize Telnyx's Single Sign-On feature. The Microsoft Azure AD platform is Microsoft's enterprise cloud-based identity and access management (IAM) solution. It is one of the many SAML providers that Telnyx supports for our SSO feature.
Additional resources:
Instructions for configuring Azure Active Directory to work as a SAML Identity Provider for Telnyx
In this activity you will:
Pre-requisites:
Ensure that your Telnyx Mission Command Portal is configured properly
RECOMMENDED: Enable TLS to encrypt your traffic
Create an Organization in the Organization section of the Telnyx Mission Control Portal
Video Walkthrough
Setting up your Telnyx SIP portal account so you can make and receive calls:
Note: Video walkthrough for Active Directory/Telnyx configuration coming soon. Check back as we update our docs. |
1. Create and configure a SAML toolkit application on Microsoft Azure
In this section, you will create a SAML toolkit application within Azure
Log into your Microsoft Azure Admin Portal.
From the left-had navigation, click on Azure Active Directory.
You will be redirected to the Active Directory page. Click on Enterprise Applications in the left-hand navigation.
Click on the New Application option in the top left of the following page.
On the Browse AD Gallery menu search for Azure ad SAML toolkit.
Click on the result to create the app.
Fill in a name of your choice into the field within the pop-out.
Click the blue Create button at the bottom of the pop-out.
On the new application page, find the Getting Started section and click on the Set up single sign on card.
You will be presented with various options on the next page, select the SAML card to proceed to the configuration section.
From here, copy the App Federation Metadata URL and the Thumbprint from card 3.
2. Configure some additional settings on the Telnyx side
In this section, we will configure Telnyx to use the Active Directory app we created in section 1.
If you have not yet created an Organization as part of your pre-requisite activities, navigate to your Organization section of the Telnyx Mission Control Portal and create an Organization.
Once created, navigate to the Single Sign-On section of the portal and click the green Enable Single Sign-On button.
You will be presented with the following fields:
Authentication Provider Name and Short Name: Provide values that make sense to you. Note that the Short Name will be part of the SSO URLs.
IdP Metadata URL: Paste the App Federation Metadata URL we copied from the MS Azure Admin in step 11 of section 1.
Click on Import IdP Settings & Save.
Once saved, your authentication provider settings should automatically fill in with exception of the IdP Certificate Fingerprint.
Replace the "not found" within this field with the Thumbprint we copied from the Azure Admin portal in step 11 of section 1.
Click Save Changes.
After saving, scroll down to the bottom of the page and take note of the values for:
Assertion Consumer Service URL
Service Provider Entity ID
Name Identifier Format.
3. Complete the setup in Azure
Now that you've gotten what you need from the Telnyx side, head back to Azure to complete the setup.
Navigate back to the Azure AD portal, and click the Edit option in the top right corner of card 1 (Basic SAML Configuration).
Remove the default value for Identifier (Entity ID) (something like https://samltookit.azurewebsites.net) by clicking the trash icon.
Find the Identifier (Entity ID) field. Paste the value generated for Service Provider Entity ID that you obtained in step 6 of section 2 into this field.
Find the Reply URL (Assertion Consumer Service URL) field. Paste the value generated for Assertion Consumer Service URL that you obtained in step 6 of section 2 into this field.
Find the Sign on URL field. Paste https://api.telnyx.com/sso/saml/login/YOUR_SHORT_NAME that you obtained in step 3 of section 2 into this field.
Find the Relay State field, fill in the following URL: https://portal.telnyx.com/
Click Save to finalize your configuration settings.
4. Enable your SSO configuration on Telnyx
And now, for the drum roll! Let's enable your SSO configuration and get things up and running!
Navigate back to y Telnyx Mission Control Portal and check the Enable Single Sign-On box.
Click Save Changes.
Your chosen settings are now in effect! This will send all users in your organization an email informing them that SSO is now enabled. Your users will still be able to login using username/password for the next 72 hours. After that, they will be required to use SSO.
โ
Troubleshooting
Q. I'm experiencing difficulty with this configuration!
A. If you experience technical difficulties while attempting to set up your MS Azure AD SSO with Telnyx, its possible your provider is experiencing outages/maintenance. You can check the status of Auth0's features at https://status.azure.com/en-us/status.
โ
Additional Resources
Review our getting started with guide to make sure your Telnyx Mission Control Portal account is setup correctly!
Additionally, check out: