SSO integration guide


Adam Covati


Bandwidth supports the integration of many common Single Sign On (SSO) identity providers as an additional layer of security and management on top of our existing user management system.

Note: Our SSO integration is currently in Limited Availability. While this feature is fully functional, access remains limited at this time. 

How do I enable the SSO integration?

Please follow these steps to enable the SSO integration:

  1. Open a support ticket and request the SSO integration to be turned on.
  2. A Bandwidth Support Team member will reach out and request the EntityId, SingleSignOnUrl, and SigningCertificate. These are generally found in your identity provider's metadata XML file, but you can just send the metadata file if that's easier.
  3. A Bandwidth Support Team member will provide the EntityId and AssertionConsumerServiceUrl fields that your IT admin will need to finalize the connection between your SSO and our identity services.
  4. In your Bandwidth Dashboard account, have your account admin create users with the same username as the "subject name identifier" provided by your SSO provider. We suggest using email as the "subject name identifier" to make things easier.
  5. Once that's done, we'll activate the SSO integration, and your identity provider will handle authentication from then on.

What SSO providers does Bandwidth support?

We support SAML 2.0-compliant providers. Here are a few examples:

  • Okta
  • Google
  • Azure AD
  • ADFS
  • Shibboleth

There are more SAML 2.0 providers in the market, of course. Not sure if yours is supported? Just ask your IT admin if your provider is SAML 2.0-compliant!

Are API users affected? 

API user accounts are not affected and will continue to use the password established in the portal.

Can I turn SSO off?

Yes. If an approved account admin contacts the Bandwidth Support Team, we'll turn the SSO integration off. At that point, all users will need to go through the "forgot password" process to re-establish a password for their account. For security reasons, this must be done by an approved account admin via a support ticket.

Article is closed for comments.