I am a Zivver admin
Configure and manage Zivver
SSO with Microsoft AD FS – internal network only
Configuring SSO using the method described in this manual causes SSO to stop working when your AD FS certificate expires. After expiration, you must manually update the AD FS metadata in Zivver.
Configuring SSO using this method also prevents users from logging in to Zivver outside your internal network. This may cause login issues when, for example, working from home.
Introduction
Zivver supports Single Sign-On (SSO) via Microsoft AD FS, allowing users to log in to Zivver with their workplace credentials. This manual shows how to set up SSO as a Zivver administrator.
SSO works based on Security Assertion Markup Language (SAML) v2.0; in this scenario, Microsoft AD FS acts as the Identity Provider (IdP), and Zivver acts as the Service Provider (SP).
To activate SSO in Zivver, you need the following:
- You are a Zivver administrator.
- You have access to the AD FS management console on the AD FS server.
Set up SSO in Zivver using the alternate method
- Log in to the Zivver WebApp.
- Click
Organization Settings.
- Expand
User administration.
- Click Single Sign-on.
- Select Manually.
The following steps help you retrieve the SAML metadata from AD FS so you can paste it in the Zivver WebApp. - Log in to your AD FS server.
- Open a browser.
- Enter the URL of AD FS, followed by
/FederationMetadata/2007-06/FederationMetadata.xml
.
Example:https://adfs.organisation_domain.tld/FederationMetadata/2007-06/FederationMetadata.xml
.
Modern browsers automatically save a file named FederationMetadata.xml. In IE11, you can save the page as an.xml
file usingCtrl + S
.
Get-AdfsEndpoint -AddressPath "/FederationMetadata/2007-06/FederationMetadata.xml"
to find your AD FS metadata URL.The URL will typically look like:
https://adfs.organisation_domain.tld/FederationMetadata/2007-06/FederationMetadata.xml
- Open the FederationMetadata.xml file in Notepad.
Opening it in Notepad is important because you need the metadata as plain text. - Select and copy the full content of the
.xml
file. - Go back to the Single Sign-on page in Zivver.
- Paste the full content into the text box under Identity Provider’s .XML.
- Click .
- At the top of the page, click .
- Click under Zivver metadata URL. You can use this URL in the next steps.
Zivver is now set up to work with Single Sign-On. The next and final step is to adjust the settings in the AD FS Management Console.
Continue with the steps in SSO with Microsoft AD FS.