×

Want to Search?

Go here

Switch Language

Nederlands English

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

SSO with Google Workspace

Introduction

How do you set up SSO as a Zivver administrator?

Zivver supports Single Sign-On (SSO) through Google Workspace, allowing users to log in to Zivver with their workplace credentials.

SSO operates on the basis of Security Assertion Markup Language (SAML) v2.0; in this scenario, Google Workspace is the Identity Provider (IdP) and Zivver is the Service Provider (SP).

To activate SSO in Zivver, you need the following:

  • You are a Zivver administrator.
  • You have access to the Admin panel in Workspace.
  • You have Super Admin rights in Workspace, which are required to set up a new SSO link.

Set up SSO connection in Workspace

  1. Log in to Google Workspace.
  2. In the menu on the left, click Apps > Web and mobile apps.
  3. Click Add app > Add custom SAML app.
    A new window opens.
  4. Enter a name in App name, for example Zivver.
  5. Optional: Enter a Description and an App icon.
  6. Click .
  7. Click .
  8. Click .
  9. Set ACS URL to https://app.zivver.com/api/sso/saml/consumer/.
  10. Set Entity ID to https://app.zivver.com/SAML/Zivver.
  11. Optional: Set Start URL to https://app.zivver.com/.
  12. Leave Signed Response unchecked.
  13. Set Name ID format to EMAIL.
  14. Set Name ID to Basic information > Primary email.
  15. Click .
  16. Click .
  17. In Google directory attributes, select Primary email.
  18. In App attributes, enter https://zivver.com/SAML/Attributes/ZivverAccountKey.
  19. Click .
    You are automatically redirected to the page of the SAML application of Zivver.
  20. Click User access.
  21. At Service status, select ON for everyone.
  22. Click .
    You have successfully set up SSO in Workspace.

Set up SSO connection in Zivver

Follow these steps to configure the newly created SSO connection in Zivver:

  1. Log in to the Zivver WebApp.
  2. Click the Organization Settings.
  3. Expand User administration.
  4. Click Single Sign-on.
  5. Select Manually.
  6. Open the IDP metadata file you downloaded from Google Workspace.
  7. Paste the contents of the IDP metadata file into the Identity Provider’s .XML field in Zivver.
  8. Click .
  9. On top of the page, click .
    You have successfully set up the SSO link in Zivver.
Warning
Users can now only log in via SSO. If SSO is not set up correctly, users will be unable to log in at all. Immediately test that users can log in to the WebApp and Outlook.

Zivver 2FA exemption (optional)

By default, a Zivver account is protected with an additional login method (2FA). 2FA is also required when logging in via SSO. You can disable Zivver’s 2FA when users log in via SSO with Google Workspace.

Google Workspace does not indicate in the SAML response whether the user has already specified an extra login method. Google Workspace always provides this SAML response:

  • urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified

This means the SAML response does not contain information from which Zivver can decide whether the user is logged in securely with 2FA.

Warning
Zivver never asks for a second authentication factor if you exempt this authentication context from 2FA in the SSO settings. This creates a security risk if users log in to Google Workspace without 2FA while a 2FA exemption is configured in Zivver. Therefore, users must be required to log in to Google Workspace with 2FA if you release the authentication context in Zivver.

Follow these steps to configure 2FA exemption for Google Workspace in Zivver:

  1. Click Organization Settings.
  2. Expand User administration.
  3. Click Single Sign-on.
  4. Scroll down to the Zivver 2FA exemptions card.
  5. In the Authentication methods to be exempted field, enter the following value: urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified.
  6. Click .

You have now successfully set a 2FA exemption for Google Workspace. When users log in via SSO, Zivver will not ask for 2FA.

Logging into the WebApp with SSO

  1. Go to the WebApp.
  2. Enter your email address.
  3. Select your role in Zivver:
    • User: you will be redirected directly to your organization’s login screen.
    • Administrator: you can choose between your Zivver password and your workplace login credentials.
  4. Log in with your organization’s workplace login credentials.
    Depending on a 2FA exemption, you may be prompted for an additional login method.
  5. Enter your additional login method.
    You are now logged into the WebApp.

Logging into Outlook with SSO

To log in with SSO using the Zivver Office Plugin in Outlook, follow these steps:

  1. Click the Zivver tab.
  2. Click Manage accounts.
  3. Click add_circle Add an account.
  4. Select the email address you want to log in with.
  5. Click Yes, I want to login.
    You will be redirected to your organization’s login screen.
  6. Log in with your organization’s workplace login credentials.
    Depending on a 2FA exemption, you may be prompted for an additional login method.
  7. Enter your additional login method.
    You are now logged into Outlook.

Updated on 2025-10-14