Another password to manage and lose
A separate phone-system login means another credential outside your identity provider: one more thing to provision, reset, and revoke by hand, and one more way for an ex-employee to keep access.
Keep your phone system secure and in the EU
Voxbi is a cloud PBX hosted in the EU, so your call data and recordings stay under GDPR and the EU AI Act. Your team signs in through your own identity provider (Microsoft Entra ID, Google Workspace, Okta), each role sees only what it should, every change is logged with who and from where, and anti-fraud monitoring blocks unauthorised calls before they cost you.
- Hosted in the EU, not a US cloud
- GDPR & EU AI Act ready
- SSO with SAML 2.0 and OAuth/OIDC
Why securing a phone system is usually the hard part
Everyone gets the keys to everything
Most systems give every admin the full panel. Your accounting lead can change call routing, your support team can read billing, and there is no clean way to give each role only what it needs.
You can't prove who changed what, or where your data lives
When a number stops working or a recording leaks, you need a trail: who made the change, when, from which IP, and whether the data ever left the EU. Most cloud PBXs can't tell you any of that.
Run access and security from one place
Grant, scope, and revoke without a ticket
The same web panel your team uses every day: add a user, assign a role, connect your identity provider, and pull access the moment someone leaves. No console, no provider request, no waiting.
How it works
-
Your team signs in with your identity provider
Open the Voxbi app, click sign in, and authenticate through Microsoft Entra ID, Google Workspace, or Okta. No separate phone-system password to set or remember.
-
Your IdP applies your security policies
MFA, password rules, device checks, and sign-in monitoring stay where you already set them. Whatever you enforce for other tools applies to the phone system too.
-
Each role sees only its part
IT, accounting, and compliance each get a panel scoped to their job. People get the access they need to do their work and nothing beyond it.
-
Every action is logged, every call is watched
Each change is recorded with who, what, and which IP. Anti-fraud monitoring reads call patterns in real time and blocks unauthorised traffic before it runs up a bill.
What you get for security and access
Single sign-on (SSO)
Sign in through your identity provider with SAML 2.0 or OAuth/OIDC. Works with Microsoft Entra ID, Google Workspace, Okta, and similar, on web, desktop, and mobile apps.
Directory provisioning
Provision users and extensions straight from your directory, so accounts are created and removed in step with the rest of your tools instead of by hand.
Role-based access
Scope the admin panel by role: IT, accounting, and compliance each see only what their job needs. Give people the right access and nothing more.
Detailed change tracking
Every change in the panel is logged with who made it, what changed, and from which IP address. A full trail for audits and accountability.
Anti-fraud protection
Real-time monitoring of call patterns detects and blocks unauthorised calls, with financial coverage if fraudulent traffic ever gets through.
Encryption in transit
HTTPS for web traffic and SIP TLS for SIP devices and WebRTC, so calls and data stay protected across every channel.
Why EU hosting and access control matter
For a regulated business, where your call data lives and who can touch it is not a detail. It is the whole point.
-
Your data stays in the EU
Calls, recordings, and metadata are hosted in the EU under GDPR and the EU AI Act, not shipped to a US cloud. You can tell a client or an auditor exactly where their data sits.
-
Less friction, less admin
People sign in with the company account they already use, and IT grants or removes access centrally. No separate phone-system credentials to chase across joiners and leavers.
-
Stronger control without extra work
MFA, sign-in monitoring, and device rules you already run in your identity provider apply to the phone system automatically. One audit trail shows who signed in, when, and from where.
Why regulated teams pick Voxbi for security
Most cloud PBXs tick a security box. The difference is where your data lives and how much control you keep.
A typical cloud PBX Voxbi
Data residency Often a US cloud, or 'EU region' with no guarantee Hosted in the EU under GDPR and the EU AI Act
Sign-in A separate phone-system password to manage SSO through Microsoft Entra ID, Google Workspace, or Okta
Access control One admin login that can do everything Roles scoped per team, granted and revoked centrally
Audit & fraud Limited logs, fraud is your problem after the fact Full change log with IP, plus real-time anti-fraud blocking
What teams say after the switch.
Voxbi is very user-friendly for end users, while still letting us implement more advanced configurations centrally.
We have been able to expand across the entire European Union and even internationally without ever worrying about communication costs or technical constraints.
What to look for in a secure cloud PBX
Ask where the data is actually hosted
EU-hosted is not the same as an EU sales office. Confirm calls, recordings, and metadata stay in the EU under GDPR, so you can answer a client or auditor without guessing.
Insist on SSO with a real standard
Look for SAML 2.0 or OAuth/OIDC against your existing identity provider. Anything less means another password store to manage and another way to lose control of access.
Check that roles are genuinely separate
One all-powerful admin login is a risk. Each role (IT, finance, compliance) should see only its part of the system, granted and revoked centrally.
Require a real audit trail and anti-fraud
You should see who changed what, when, and from where, and the system should watch call patterns and block fraud on its own, not bill you for it after the fact.
Frequently asked questions
Where is my call data hosted?
In the EU. Voxbi is an EU-hosted cloud PBX, so your calls, recordings, and metadata stay under GDPR and the EU AI Act rather than being sent to a US cloud. You can tell a client or an auditor exactly where their data lives.
Which identity providers does SSO support?
Voxbi uses SAML 2.0 and OAuth/OIDC, so it works with Microsoft Entra ID, Google Workspace, Okta, and similar identity providers. Your team signs in with the company account they already use, on web, desktop, and mobile apps.
Can we require multi-factor authentication (MFA)?
Yes. MFA is controlled by your identity provider, so if you require it in Entra ID or Google Workspace it applies when people sign in to the phone system through SSO. There is nothing extra to configure on the Voxbi side.
Can different teams have different levels of access?
Yes. Role-based access scopes the admin panel per role, so IT, accounting, and compliance each see only the parts they need. You grant and revoke access centrally as people join, move, or leave.
Can we see who changed something in the system?
Yes. Detailed change tracking logs every change in the admin panel with who made it, what changed, and from which IP address, giving you a full trail for audits and accountability.
How does Voxbi protect against toll fraud?
Anti-fraud monitoring reads your call patterns in real time and blocks unauthorised calls before they run up a bill, with financial coverage if fraudulent traffic ever gets through.
Can we mix SSO and standard logins during a migration?
Yes. You can run SSO for internal staff while keeping separate credentials for external contractors or during a migration, then move everyone onto SSO when you are ready.
See Voxbi security on your real setup
Start a free trial, connect your identity provider, and set up roles in minutes. No credit card required.