OIDC (OpenID Connect) - OIDC is an authentication layer on top of the OAuth 2.0 authorization framework.[82]. It allows computing clients to verify the identity of an end user based on the authentication performed by an authorization server, and also to obtain the basic profile information about the end user in an interoperable and REST-like manner. OpenID Connect specifies a RESTful HTTP API, using JSON as a data format. OpenID Connect allows a range of parties, including web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end users. The OpenID Connect specification is extensible, supporting optional features such as the encryption of identity data, the discovery of OpenID providers, and session management.
You can use Microsoft Azure as your Identity Provider (IdP) to configure OIDC for enabling the SSO capability on the LiveVox Portal.
- Log in to your Microsoft Azure account with the required credentials and select Azure Active Directory in the welcome screen.
- In the Azure Active Directory screen, select App Registrations, and click New Registration.
- Enter a name for the new registration and specify who can use the application from the options displayed. Click the Register button.
- On LVP, navigate to Client > Security. Click See Instructions and copy the URLs - User Single Sign On URL, and Agent Single Sign On URL to configure OIDC on Azure.
- On Azure, navigate to the Authentication section and select Add Platform. Under Web applications, choose Web.
- Under Redirect URIs, configure the redirect URIs, to add 2 URIs - one for the users, and the other for agents.
- Next, you must create an authorization secret on Azure. Click Add a certificate or secret in the Azure Overview screen.
- Click New Client Secret to create a new secret, add a description, and define an expiration time. You will see the secret just once, so copy that value and have it at hand, as you need to use it on the LiveVox portal.
- From the Azure Overview screen, obtain the attributes, Client ID, and Issuer URL (OpenID Connect metadata document) required for the SSO configuration on LVP.
Note: The issuer URL for OIDC should include the last "/" before “.well-known/openid configuration”.
- On LVP, navigate to the Client > Security tab and update the Authorization Secret (Client Secret from Azure), Authorization ID (Client ID from Azure), and Issuer URL (OpenID Connect metadata document from Azure).
Livevox SSO configuration requires a JSON Web Token (jwt) that includes email. To obtain the token, click Token Configuration on Azure.
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained method for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
- Click Add Optional Claim. Add emails for the ID token and Access token.
- To assign users on Azure, select Enterprise Applications.
On the Enterprise Applications Properties screen, select your app and click Assign users and groups to add users and groups.
Ensure that the users and agents on LVP have the same email IDs on Azure as well.