Set up IAM authentication
Use the IAM Authentication page to enable an external identity provider (IdP) to authenticate Calabrio ONE sessions or enable direct login using Calabrio ONE's IAM service. If you are using an external identity provider, see Configure SAML authentication to learn how to configure your organization’s IdP prior to using this page to enable your IdP connection to Calabrio ONE.
The IAM Authentication page is only available for Cloud deployments of Calabrio ONE.
Your external IdP must be configured for Calabrio ONE. Follow the procedures detailed in Configure SAML authentication to set up your IdP.
Follow the "Configure identity providers" and "Export SAML Metadata" procedures in Configure SAML authentication if your IdP is not on the list below. If you are not able to successfully configure your IdP, please contact Calabrio Support.
Identity Provider AD FS Azure AD Ping Federate OKTA Cisco Duo OneLogin
Application Management > Global > System Administration > IAM Authentication
Configure IAM settings
- Under Enable Authentication, select the Enable IAM External Authentication Entity (Company Login) box to allow authentication using an external identity provider, or select Enable IAM Authentication (Direct Login) to authenticate using Calabrio ONE's IAM service. A form with additional fields expands.
- Enter the required information in the available fields. See Field descriptions for more information.
- Click Save.
At least one of the two check boxes must be selected.
Enable IAM Authentication (Direct Login) — Enables authentication through the Calabrio ONE IAM Service.
The entity ID information from the customer’s configured IdP.
|IDP X.509 Certificate||
Import, export, or view an SP X.509 certificate. Acceptable file formats are CER, CRT, and CERT.
IMPORTANT The certificate must be Base64 encoded.
|Authorization Requests Signed||Select if SAML requests need to be signed.|
|Name ID Format||
The default is as follows.
|Single Sign-On Service Endpoint (HTTP-POST/HTTP-Redirect)||
The value provided for a Single Sign On Service Endpoint (HTTP-Redirect). Include http or https in the url.
Select if SAML bonding is required to post or redirect.
NOTE Check if your identity provider requires post or redirect. Azure AD, AD FS, and Ping Federate IdPS require post.
Configure SAML authentication — Learn how to configure your organization’s external IdP for Calabrio ONE before using the IAM Authentication page to connect your organization’s IdP and Calabrio ONE‘s IAM service.