×

Want to Search?

Go here

Switch Language

Nederlands English

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

Help Center >  SSO with Google G-Suite

SSO with Google G-Suite

Introduction

How to set up SSO as a Zivver administrator?

Zivver supports Single Sign-On (SSO) through Google G-Suite. Now users can log in to Zivver with their workplace credentials.

SSO operates on the basis of Security Assertion Markup Language (SAML) v2.0; in this scenario, Google G-Suite is the Identity Provider (IdP) and Zivver is the Service Provider (SP).

To activate SSO in Zivver, you need all of the following:

  • You are a Zivver administrator.
  • You have access to the Admin panel in G-Suite.
  • You have Super Admin rights in G-Suite. You need this to set up a new SSO link.

Set up SSO connection in G-Suite

  1. Log in to Google G-Suite.
  2. In the menu on the left, click Apps > Web and mobile apps.
  3. Click Add app > Add custom SAML app.
    A new window opens.
  4. Enter a name in App name, for example Zivver.
  5. OPTIONAL Enter a Description and an App icon.
  6. Click CONTINUE.
  7. Click DOWNLOAD METADATA.
  8. Click CONTINUE
  9. Set ACS URL to https://app.zivver.com/api/sso/saml/consumer/.
  10. Set Entity ID to https://app.zivver.com/SAML/Zivver.
  11. Optional: set Start URL to https://app.zivver.com/
  12. Leave Signed Response clear.
  13. Set Name ID format to EMAIL
  14. Set Name ID to Basic Information > Primary email
  15. Click CONTINUE.
  16. Click ADD MAPPING.
  17. In Google directory attributes, select Primary email.
  18. In App attributes, enter https://zivver.com/SAML/Attributes/ZivverAccountKey
  19. Click FINISH You are automatically redirected to the page of the SAML application of Zivver.
  20. Click User access.
  21. At Service status, select ON for everyone
  22. Click SAVE.
    You have successfully set up SSO in G-Suite.

Set up SSO connection in Zivver

Do these steps to configure the newly created SSO connection in Zivver:

  1. Log in to the WebApp.
  2. Click Organization Settings pass:[ tune ] in the bottom left of the side panel.
  3. Click Single Sign-On (SSO) pass:[ vpn_key ] .
  4. Select Manually paste your organization’s Identity Provider (IdP) SAML metadata XML file contents.
  5. Open the IDP metadata file you downloaded from G-Suite.
  6. Paste the contents of the IDP metadata file into the Identity Provider XML field in Zivver.
  7. Click SAVE.
    You have successfully set up the SSO link in Zivver.
Users can now only log in via SSO (which implies that if SSO is not set up correctly, users will be unable to login at all).
Immediately test that users can log in to the WebApp and Outlook.

Zivver 2FA exemption (optional)

By default, a Zivver account is protected with an additional login method (2FA). 2FA is also required when logging in via SSO. You can disable Zivver’s 2FA when users log in via SSO with G-Suite.

But G-Suite does not indicate in the SAML response whether the user has already specified an extra login method. G-Suite always provides this SAML response:

  • urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified

This means that the SAML response does not contain information from which Zivver can decide whether the user is logged in securely with 2FA.

Zivver never asks for a second authentication factor if you exempt this authentication context from 2FA in the SSO settings. This creates a security risk when users log in to G-Suite without 2FA in combination while a 2FA exemption is configured in Zivver. Therefore, it is important that users are required to login to G-Suite with 2FA if you release the authentication context in Zivver.

Do these steps to configure 2FA exemption for G-Suite in Zivver:

  1. Log in to the WebApp.
  2. Click Organization settings pass:[ tune ] in the bottom left of the side panel
  3. Click Single Sign-On (SSO) pass:[ vpn_key ] .
  4. In the SAML 2.0 authentication contexts with Zivver 2FA exemptions field, enter the value urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified in.
  5. Click SAVE.
    You have now successfully set a 2FA exemption for G-Suite. When users now log in via SSO, Zivver will not ask for 2FA.

Log in to the WebApp with SSO

  1. Go to the WebApp.
  2. Enter your e-mail address.
  3. Depending on your role in Zivver:
    • As a user: you are immediately redirected to the login screen of your organization.
    • As an administrator: you choose between your Zivver password and your workplace login details to log in.
  4. Log in with the workplace login data of your organization. Depending on the existence of a 2FA exemption, an extra login method is required. With a 2FA exemption, the last step will be skipped.
  5. Enter your extra login factor.
    You are logged in to Zivver WebApp.

Log in to Outlook with SSO

In the Zivver Office Plugin in Outlook, you can do SSO login as follows:

  1. Click the Zivver tab.
  2. Click Manage accounts pass:[ account_circle ] .
  3. Click the link Add an account pass:[ add_circle ] .
  4. Select the e-mail address with which you want to log in.
  5. Click Yes, I want to log in now.
    You will be redirected to the login screen of your organization.
  6. Log in with the workplace login details of your organization.
    Depending on a 2FA exemption you will be asked for an extra login method. With a 2FA exemption you skip the last step.
  7. Enter your extra login method.
    You are logged in to Outlook.

Updated on 2023-10-25

Was this article helpful?

thumb_up thumb_down