I am a Zivver admin
Configure and manage Zivver
SSO with Google Workspace
Introduction
How to set up SSO as a Zivver administrator?
Zivver supports Single Sign-On (SSO) through Google Workspace. Now users can log in to Zivver with their workplace credentials.
SSO operates on the basis of Security Assertion Markup Language (SAML) v2.0; in this scenario, Google Workspace is the Identity Provider (IdP) and Zivver is the Service Provider (SP).
To activate SSO in Zivver, you need all of the following:
- You are a Zivver administrator.
- You have access to the Admin panel in Workspace.
- You have Super Admin rights in Workspace. You need this to set up a new SSO link.
Set up SSO connection in Workspace
- Log in to Google Workspace.
- In the menu on the left, click Apps > Web and mobile apps.
- Click Add app > Add custom SAML app.
A new window opens. - Enter a name in App name, for example Zivver.
- OPTIONAL Enter a Description and an App icon.
- Click CONTINUE.
- Click DOWNLOAD METADATA.
- Click CONTINUE
- Set ACS URL to
https://app.zivver.com/api/sso/saml/consumer/
. - Set Entity ID to
https://app.zivver.com/SAML/Zivver
. - Optional: set Start URL to
https://app.zivver.com/
- Leave Signed Response clear.
- Set Name ID format to EMAIL
- Set Name ID to Basic Information > Primary email
- Click CONTINUE.
- Click ADD MAPPING.
- In Google directory attributes, select Primary email.
- In App attributes, enter
https://zivver.com/SAML/Attributes/ZivverAccountKey
- Click FINISH You are automatically redirected to the page of the SAML application of Zivver.
- Click User access.
- At Service status, select ON for everyone
- Click SAVE.
You have successfully set up SSO in Workspace.
Set up SSO connection in Zivver
Do these steps to configure the newly created SSO connection in Zivver:
- Log in to the WebApp.
- Click the Organization Settings icon at the bottom left of your browser window.
- Go to User administration.
- Go to Single Sign-on.
- Select Manually
- Open the IDP metadata file you downloaded from Google Workspace.
- Paste the contents of the IDP metadata file into the Identity Provider’s .XML field in Zivver.
- Click Save.
- On top of the page, click the Enable Single sign-on button.
You have successfully set up the SSO link in Zivver.
Immediately test that users can log in to the WebApp and Outlook.
Zivver 2FA exemption (optional)
By default, a Zivver account is protected with an additional login method (2FA). 2FA is also required when logging in via SSO. You can disable Zivver’s 2FA when users log in via SSO with Google Workspace.
But Google Workspace does not indicate in the SAML response whether the user has already specified an extra login method. Google Workspace always provides this SAML response:
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
This means that the SAML response does not contain information from which Zivver can decide whether the user is logged in securely with 2FA.
Do these steps to configure 2FA exemption for Google Workspace in Zivver:
- Log in to the WebApp.
- Click the Organization Settings icon at the bottom left of your browser window.
- Go to User administration.
- Go to Single Sign-on.
- Scroll down to the Zivver 2FA exemptions card.
- In the Authentication methods to be exempted field, enter these value:
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
in.
- Click Save.
You have now successfully set a 2FA exemption for Google Workspace. When users now log in via SSO, Zivver will not ask for 2FA.
Log in to the WebApp with SSO
- Go to the WebApp.
- Enter your e-mail address.
- Depending on your role in Zivver:
- As a user: you are immediately redirected to the login screen of your organization.
- As an administrator: you choose between your Zivver password and your workplace login details to log in.
- Log in with the workplace login data of your organization. Depending on the existence of a 2FA exemption, an extra login method is required. With a 2FA exemption, the last step will be skipped.
- Enter your extra login factor.
You are logged in to Zivver WebApp.
Log in to Outlook with SSO
In the Zivver Office Plugin in Outlook, you can do SSO login as follows:
- Click the Zivver tab.
- Click Manage accounts account_circle .
- Click the link Add an account add_circle .
- Select the e-mail address with which you want to log in.
- Click Yes, I want to log in now.
You will be redirected to the login screen of your organization. - Log in with the workplace login details of your organization.
Depending on a 2FA exemption you will be asked for an extra login method. With a 2FA exemption you skip the last step. - Enter your extra login method.
You are logged in to Outlook.