PureCloud single sign-on and identity provider solution
PureCloud uses a client integration strategy for Security Assertion Markup Language (SAML) support and OpenID Connect Identity Providers (IdP’s). Instead of an open-ended approach that supports custom SAML integrations, PureCloud provides quick, client-side integrations to automate the authentication process with identity providers. This strategy limits the support burden on our developers and enables them to focus on new features for PureCloud customers.
PureCloud provides single sign-on integrations for these third-party SAML-based identity providers:
- Google G Suite
- Microsoft Active Directory Federation Services (ADFS)
- Microsoft Azure Active Directory (AD) Premium Edition
- Ping Identity
PureCloud’s single sign-on integration strategy:
- Uses the National Institute of Standards and Technology (NIST)’s recommended password hashing PBKDF2 standard. PBKDF2 encrypts user passwords for safe storage in PureCloud.
- Requires user passwords to contain eight letters plus numbers plus punctuation.
- Requires TLS 1.1 or later for communications with PureCloud.
- Uses the OAuth 2.0 framework to authorize users and applications to access PureCloud resources and applications.
- Delegates authentication through third-party SAML-based and OpenID Connect IdP’s.
The PureCloud single sign-on strategy provides customers with these authentication options:
- Service provider-initiated authentication: At the PureCloud authorization server, users select the SAML identity provider they want to authenticate with. PureCloud redirects them for authentication.
- Identity provider-initiated authentication: After authentication, the SAML identity provider presents users with a list of registered applications. When users select PureCloud, the system asserts their identities to the PureCloud authorization server.