8x8 offers both IdP-initiated SAML SSO (for SSO access through the Idaptive User Portal) and SP-initiated SAML SSO (for SSO access directly through the 8x8 web application). The following is an overview of the steps required to configure the 8x8 Web application for single sign-on (SSO) via SAML.

  1. Prepare for 8x8 single sign-on (see 8x8 requirements for SSO).
  2. In the Idaptive Admin Portal, add the application and configure application settings.

    Once the application settings are configured, complete the user account mapping and assign the application to one or more roles.

  3. Configure the 8x8 application for single sign-on.

    To configure 8x8 for SSO, you will need to copy some settings from the Application Settings in Idaptive Admin Portal and paste them into fields on the 8x8 website. For details, see 8x8.

    After you are done configuring the application settings in the Admin Portal and the 8x8 application, users are ready to launch the application from the Idaptive User Portal.

8x8 requirements for SSO

Before you configure the 8x8 web application for SSO, you need the following:

  • An active 8x8 account with administrator rights for your organization.
  • A signed certificate.

    You can either download one from Admin Portal or use your organization’s trusted certificate.

Setting up the certificates for SSO

To establish a trusted connection between the web application and the Idaptive Identity Service, you need to have the same signing certificate in both the application and the application settings in Admin Portal.

If you use your own certificate, you upload the signing certificate and its private key in a .pfx or .p12 file to the application settings in Admin Portal. You also upload the public key certificate in a .cer or .pem file to the web application.

What you need to know about 8x8

Each SAML application is different. The following table lists features and functionality specific to 8x8.



Support details

Web browser client



Mobile client



SAML 2.0



SP-initiated SSO


Users may go directly to the 8x8 website and then use the Idaptive Identity Service SSO to authenticate.

IdP-initiated SSO


Users may use SSO to log in to 8x8 through the Idaptive User Portal.

Force user login via SSO only


If the 8x8 Username and Password check box is selected in the Accounts > Single Sign On page, all users can also log in to 8x8 using their user name and password. If it is not selected, users without privileges are forced to use SSO to log in to 8x8.

Users with privileges and the Primary Administrator can always log in using their user name and password regardless of the 8x8 Username and Password setting.

Separate administrator login
after SSO is enabled


User or Administrator account lockout risk


Since users with privileges and the primary administrator can log in using their 8x8 user name and password, there is no lockout risk.

Automatic user provisioning


User accounts are created in 8x8 directly.

Multiple User types


  • Primary Administrator
  • User accounts with Account Manager access privileges
  • User accounts without Account Manager access privileges

Self-service password



Access restriction using a corporate IP range


You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.

Configuring 8x8 in Admin Portal

It is helpful to open the 8x8 web application and the Idaptive Admin Portal Application Settings window simultaneously to copy and paste settings between the two browser windows. For information on how to access the 8x8 web application, see Configuring 8x8 on its web site.

Configuring 8x8 on its web site

8x8 provisioning

SCIM (System for Cross-domain Identity Management) is an open standard for automating the exchange of user identity information between identity domains, or IT systems. It can be used to automatically provision and deprovision accounts for users in external systems such as your custom SAML app. For more information about SCIM, see www.simplecloud.info.

If your 8x8 application supports SCIM, you can set it up to enable provisioning by entering the Access Token and SCIM URL.

For more information about provisioning your app, see Provisioning with SCIM.

For more information about configuring 8x8 for SSO, contact 8x8 Support.