Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
en:sso_implementation [2024/08/13 11:56] admin [How to enable SSO with zebrix] |
en:sso_implementation [2024/08/13 12:10] (current) admin |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ====== What is Single Sign-On ====== | ====== What is Single Sign-On ====== | ||
| - | Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system. ([[https://www.wikiwand.com/en/Single_sign-on|source: wikipedia]]) | + | Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this feature, a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system. ([[https://www.wikiwand.com/en/Single_sign-on|source: wikipedia]]) |
| ====== Benefits ====== | ====== Benefits ====== | ||
| Line 10: | Line 10: | ||
| * Mitigate risk for access to 3rd-party sites (user passwords not stored or managed externally) | * Mitigate risk for access to 3rd-party sites (user passwords not stored or managed externally) | ||
| - | * Reduce password fatigue from different user name and password combinations | + | * Reduce password fatigue from different username and password combinations |
| * Reduce time spent re-entering passwords for the same identity | * Reduce time spent re-entering passwords for the same identity | ||
| * Reduce IT costs due to lower number of IT help desk calls about passwords | * Reduce IT costs due to lower number of IT help desk calls about passwords | ||
| Line 28: | Line 28: | ||
| * SAMLv2 | * SAMLv2 | ||
| * ADFS | * ADFS | ||
| - | * Office 365 / Azure AD STS ([[en:sso_implementation_azuread|Please read this tutorial to know how to configure Azure AD for SSO with zebrix]]) | + | * Microsoft 365 / Azure AD STS ([[en:sso_implementation_azuread|Please read this tutorial to know how to configure Azure AD for SSO with zebrix]]) |
| ===== How to enable SSO with zebrix ===== | ===== How to enable SSO with zebrix ===== | ||
| - | To enable the SSO authentication on your zebrix account, you'll have to ask to contact our support technical team. Please follow the these steps: | ||
| - | ==== 2. You have to integrate zebrix metadata in your authentication server ==== | + | To enable the SSO authentication on your zebrix account, please follow these steps: |
| + | |||
| + | ==== 1. Add the zebrix app in your authentication portal ==== | ||
| + | |||
| + | Please create the "zebrix" application in your authentication portal. | ||
| + | If you're using Microsoft 365, [[en:sso_implementation_azuread|you can follow this technical guide.]] | ||
| + | |||
| + | Here is the zebrix's metadata you'll need to use : | ||
| <code xml> | <code xml> | ||
| Line 65: | Line 71: | ||
| </code> | </code> | ||
| - | ==== 3. You have to send us your metadata file that we have to integrate in zebrix ==== | + | **Required claims are :** |
| - | + | ||
| - | ==== 4. Claims ==== | + | |
| - | + | ||
| - | Required claims are : | + | |
| * UPN (mandatory) | * UPN (mandatory) | ||
| * Name (Concatenation of first and last name) (recommended) | * Name (Concatenation of first and last name) (recommended) | ||
| * e-mail address (recommended) | * e-mail address (recommended) | ||
| + | |||
| + | ==== 2. Contact our support team to request SSO activation at support@zebrix.net ==== | ||
| + | |||
| + | * Please mention your zebrix account name (client name) | ||
| + | * Please attach your metadata XML or give the public URL to access it | ||
| + | |||
| + | ==== 3. Our technical team confirms SSO activation ==== | ||
| + | |||
| + | When the configuration has been implemented on our side, you'll receive a confirmation from our technical team, and you can log in to zebrix using SSO. | ||
| + | |||
| ===== How will user login to zebrix thanks to sso? ===== | ===== How will user login to zebrix thanks to sso? ===== | ||
| - | Users have to connect to https://cmsv2.zebrix.net/cn/yourCompanyName. zebrix server will communicate with your company's authentification server that will check if they are authenticated users. | + | Users have to connect to https://cmsv2.zebrix.net/cn/**yourCompanyName**. zebrix server will check if the user is already authenticated with your company authentification portal. |
| At this step, there are three possibilities: | At this step, there are three possibilities: | ||
| - | * If a user is already logged on your domain and authorized to use zebrix he will directly be logged into zebrix. | + | * If a user is already authenticated on your potal and authorized to use zebrix, he will directly be logged into zebrix and can use it. |
| - | * If a user is not authenticated on your domain yet , he will be redirected on the login page of your company and as soon as he get authenticated he will be automatically redirected to zebrix. | + | * If a user is not authenticated, he will be redirected to the login page of your company and as soon as he got authenticated he will be automatically redirected to zebrix. |
| - | * In both previous cases, if the user is still unknown by zebrix, he will get an "User Awaiting for activation" message. In this case, an admin user must uncheck the "lock" checkbox in the user properties. | + | * In both previous cases, if the user is still unknown by zebrix, he will get a "User Awaiting for activation" message. In this case, another zebrix user (with admin right) must uncheck the "lock" checkbox in the user properties. |
| Please note that users can also be pre-activated by using the "Add SSO user" button. | Please note that users can also be pre-activated by using the "Add SSO user" button. | ||
