Single Sign-On (SSO)

Single Sign-On (SSO)

Single Sign-On (SSO)

Core feature

Use your company identity provider to access CloudPBX with one secure login.
Benefits
  • One login across business tools
  • Faster onboarding and offboarding
  • Centralised access policies (MFA, session control)
Best fit
Teams already using Microsoft 365, Google Workspace, or Okta.
SSO lets employees sign in to your CloudPBX using the same company account they already use for other work tools. Instead of managing separate phone-system passwords, your team signs in through your identity provider, which simplifies access for users and improves control for IT.

How it works

Your CloudPBX connects to your company’s identity provider (Microsoft Entra ID, Google Workspace, Okta, etc.). When a user opens the phone system, authentication is handled by that provider instead of a separate PBX password.
3-step flow
  1. User opens the PBX app
  1. Identity provider authenticates the user
  1. User returns signed in (policies applied)
Once configured, access can be granted, restricted, or removed centrally.

SSO Types You Already Use Every Day

You have probably used SSO without realizing it. Here are the most common types:
Enterprise SSO (SAML-based)
Best for: most organisations
Uses SAML or OAuth with an identity provider like Microsoft Entra ID, Google Workspace, or Okta.
notion image
Federated SSO: Connects multiple organizations. For example, if your company works closely with a partner firm, federated SSO lets employees from both organizations access shared tools using their own company credentials—useful for cross-border collaboration in the LU/DE/FR/BE region.
Desktop SSO (Kerberos): Common in Windows environments. When you log into your Windows computer at work, you're already authenticated for other Microsoft services—no need to type your password again. Some Cloud PBX systems integrate with this for seamless desktop access.
  • Enterprise SSO: best fit for internal business use
  • Social login: occasionally useful for smaller teams
  • Federated access: useful in shared multi-organisation environments

Why It Matters for Your Business

  • Less friction for users: employees access the phone system with a familiar company login
  • Less admin overhead: IT can grant or remove access without managing separate PBX credentials
  • Stronger security: policies such as MFA, password rules, device checks, and sign-in monitoring stay centralised
At a glance
  • Protocols: SAML 2.0, OAuth/OIDC
  • Best for: teams with existing identity management
  • Typical setup time: 30–120 minutes
  • Key extra: automatic user provisioning (e.g., SCIM)

What to Look For

  • Supported identity providers: Check if the Cloud PBX supports your existing system (Microsoft Azure AD, Google Workspace, Okta, OneLogin, or others).
  • SAML 2.0 or OAuth support: These are the industry-standard protocols. Make sure the provider supports at least one.
  • Automatic user provisioning: The best systems can create or remove user accounts automatically based on your identity provider, not just handle login.
🔧 Technical Setup Requirements
Setting up SSO requires coordination between your IT team and the Cloud PBX provider. You will need administrator access to both your identity provider and the phone system. The provider will give you configuration values (entity ID, SSO URL, certificate) to add to your identity system.
Most setups take 30 minutes to 2 hours depending on complexity. Providers with clear documentation and support make this faster. Some offer guided setup sessions.
🔒 Security Benefits Beyond Convenience
SSO does more than save time. It creates a single audit trail showing who logged in when and from where. If someone tries to access the phone system from an unusual location, your identity provider can block them or require additional verification.
Centralized authentication also makes it easier to enforce policies like password rotation, session timeouts, and device restrictions. You set these rules once in your identity system and they apply everywhere.
📱 Mobile and Desktop App Access
SSO works with Cloud PBX mobile and desktop apps, not just the web interface. Employees open the app, click "Sign in with SSO," enter your company domain, and authenticate through your identity provider.
This keeps the mobile experience simple while maintaining security. No need to type long passwords on a phone keyboard.
💼 When SSO Makes Sense vs When It Doesn't
SSO makes sense for businesses with 10 or more employees, especially those already using Microsoft 365, Google Workspace, or another centralized identity system. The setup effort pays off quickly through reduced IT support and better security.
For very small teams (under 10 people) without an existing identity provider, the setup cost may outweigh the benefits. In these cases, strong individual passwords plus two-factor authentication may be simpler.

Frequently Asked Questions

❓ Can we mix SSO and standard login methods?
Most Cloud PBX systems let you mix SSO users with regular username/password users. This is useful during migration or for external contractors who should not have access to your company identity system. You can enable SSO for internal staff while keeping separate credentials for others.
❓ What happens if our identity provider is unavailable?
If your identity provider is unavailable, employees cannot log in using SSO. Better Cloud PBX providers offer emergency access methods like temporary administrator passwords or backup authentication. Check what failover options are available before committing.
❓ Can we require two-factor authentication (2FA) through SSO?
Yes. Two-factor authentication is controlled by your identity provider, not the Cloud PBX. If you require 2FA in Azure AD or Google Workspace, it will apply when employees log into the phone system via SSO. This is one of SSO's main security advantages.
❓ Does SSO work on mobile and desktop apps?
SSO typically works with web browsers and official mobile/desktop apps from the Cloud PBX provider. Physical desk phones and third-party softphones may still require SIP credentials (username and password specific to the phone system). Check with your provider about device support.
❓ Is SSO included in all Cloud PBX plans?
No. SSO is often a premium feature available on higher-tier plans or as a paid add-on. Providers targeting small businesses may not offer it at all. Always confirm SSO availability and pricing before signing up.

Related Features

📅 Ready to explore Cloud PBX for your business?
Start with the provider comparisons or feature guides. If you want expert help, book a short call with a consultant.
Book a Demo | Compare providers | Explore features