Differences

This shows you the differences between two versions of the page.

--- en:sso_implementation [2018/03/13 12:17]
admin
+++ en:sso_implementation [2024/08/13 12:10] (current)
admin
@@ Line 3: / Line 3: @@
 ====== What is Single Sign-On ======
-Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system. ([[https://www.wikiwand.com/en/Single_sign-on|source: wikipedia]])
+Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this feature, a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system. ([[https://www.wikiwand.com/en/Single_sign-on|source: wikipedia]])
 ====== Benefits ======
@@ Line 10: / Line 10: @@
   * Mitigate risk for access to 3rd-party sites (user passwords not stored or managed externally)
-  * Reduce password fatigue from different user name and password combinations
+  * Reduce password fatigue from different username and password combinations
   * Reduce time spent re-entering passwords for the same identity
   * Reduce IT costs due to lower number of IT help desk calls about passwords
@@ Line 28: / Line 28: @@
   * SAMLv2
   * ADFS
+  * Microsoft 365 / Azure AD STS ([[en:sso_implementation_azuread|Please read this tutorial to know how to configure Azure AD for SSO with zebrix]])
 ===== How to enable SSO with zebrix =====
-==== 1. You need to contact zebrix support ====
+To enable the SSO authentication on your zebrix account, please follow these steps:
-==== 2. You have to integrate zebrix metadata in your authentication server ====
+==== 1. Add the zebrix app in your authentication portal ====
+Please create the "zebrix" application in your authentication portal.
+If you're using Microsoft 365, [[en:sso_implementation_azuread|you can follow this technical guide.]]
+Here is the zebrix's metadata you'll need to use :
 <code xml>
@@ Line 65: / Line 71: @@
 </code>
-==== 3. You have to send us your metadata file that we have to integrate in zebrix ====
+**Required claims are :**
-===== How will user can login to zebrix thanks to sso? =====
-Users have to connect to https://cmsv2.zebrix.net/cn/yourCompanyName. zebrix server will communicate with your company's authentification server that will check if they are authenticated users.
+  * UPN (mandatory)
+  * Name (Concatenation of first and last name) (recommended)
+  * e-mail address (recommended)
+==== 2. Contact our support team to request SSO activation at support@zebrix.net ====
+  * Please mention your zebrix account name (client name)
+  * Please attach your metadata XML or give the public URL to access it
+==== 3. Our technical team confirms SSO activation ====
+When the configuration has been implemented on our side, you'll receive a confirmation from our technical team, and you can log in to zebrix using SSO.
+===== How will user login to zebrix thanks to sso? =====
+Users have to connect to https://cmsv2.zebrix.net/cn/**yourCompanyName**. zebrix server will check if the user is already authenticated with your company authentification portal.
 At this step, there are three possibilities:
-  * If a user is already logged on your domain and authorized to use zebrix he will directly be logged into zebrix.
+  * If a user is already authenticated on your potal and authorized to use zebrix, he will directly be logged into zebrix and can use it.
-  * If a user is not authenticated on your domain yet , he will be redirected on the login page of your company and as soon as he get authenticated he will be automatically redirected to zebrix.
+  * If a user is not authenticated, he will be redirected to the login page of your company and as soon as he got authenticated he will be automatically redirected to zebrix.
-  * In both previous cases, if the user is still unknown by zebrix, he will get an "User Awaiting for activation" message. In this case, an admin user must uncheck the "lock" checkbox in the user properties.
+  * In both previous cases, if the user is still unknown by zebrix, he will get a "User Awaiting for activation" message. In this case, another zebrix user (with admin right) must uncheck the "lock" checkbox in the user properties.
 Please note that users can also be pre-activated by using the "Add SSO user" button.
 Existing zebrix regular user can also be converted into SSO user.
+===== How to enable SSO on an existing zebrix user =====
+Only user known as SSO user will be able to log in via SSO. Here is how you can enable SSO on existing zebrix user.
+Click on the convert button
+{{ :en:sso_convertexistinguser.jpg |}}
+Specify the UPN of the user as it will be received in claims
+{{ :en:sso_convertexistinguser_upn.jpg |}}
+===== How to create new SSO users =====
+Only user known as SSO user will be able to log in via SSO.
+Here is how you can declare SSO users in zebrix.
+{{ :en:sso_createnewssousers.jpg |}}
+Thanks to this pop-in window, you can create/declare one or many SSO users in one operation
+===== How to enable SSO on auto-added users =====
+If a SSO user (unknown by zebrix) tries to access zebrix, it will automaticaly declared in zebrix as know SSO user but will be locked.
+It is required that an admin level user enable the account
+{{ :en:sso_enableautoaddeduser.jpg |}}