I am a Zivver admin
Configure and manage Zivver
SSO with Microsoft AD FS internal network only
Configuring SSO with the method from this manual causes SSO to stop working when your AD FS certificate expires. This requires manually updating the AD FS metadata in Zivver after expiration of your AD FS certificate.
Configuring SSO with the method from this manual prohibits users from logging in to Zivver outside your internal network. This could cause login problems with for example working from home.
Introduction
Zivver supports Single Sign-On (SSO) via Microsoft AD FS, so that users can log in to Zivver with their workplace credentials. This manual shows how to set up SSO, as a Zivver administrator.
SSO operates on the basis of Security Assertion Markup Language (SAML) v2.0; in this scenario, Microsoft Entra ID is the Identity Provider (IdP) and Zivver is the Service Provider (SP).
To activate SSO in Zivver, you need the following:
- You are a Zivver administrator.
- You have access to AD FS management console on the AD FS server.
Set up SSO in Zivver using alternate method
- Open your favorite browser.
- Log in to the Zivver WebApp.
- Click Organization settings[ tune ] in the lower left corner .
- Go to the Single Sign-On [ vpn_key ] page.
- Select Manually paste your organization’s Identity Provider (IdP) SAML metadata XML file contents.
The following steps help you retrieve the SAML metadata of AD FS so that you can paste it in the Zivver WebApp. - Log in on your AD FS server.
- Open a browser.
Fill in the URL of the AD FS, followed by
/FederationMetadata/2007-06/FederationMetadata.xml
For example:https://adfs.organisation_domain.tld/FederationMetadata/2007-06/FederationMetadata.xml
. Modern browsers automatically save a file FederationMetadata.xml. In IE11 you can save the page as an.xml
file usingCtrl + s
. + [TIP] Use the PowerShell cmdletGet-AdfsEndpoint -AddressPath "/FederationMetadata/2007-06/FederationMetadata.xml"
to find your AD FS Metadata URL. The URL will most likely look something like this:https://adfs.organisation_domain.tld/FederationMetadata/2007-06/FederationMetadata.xml
Open the FederationMetadata.xml file in Notepad. + Opening in Notepad is important because you need the metadata in plain text.
Select and copy the full content of the
.xml
file.Go back to the Single Sign-On [ vpn_key ] page in Zivver.
Paste the full content in the text box under Identity Provider XML.
Place a checkmark adjacent to Use Single sign-on.
Click SAVE.
Zivver is now configured to work with Single Sing-On, however AD FS has not been configured yet to handle incoming authentication requests from Zivver. When SSO is enabled in the Zivver admin panel, Zivver will only authenticate users via the Identity Provider. This could cause log in problems for users who are created before SSO is fully configured. Users will remain logged in and won’t be logged out when you toggle SSO on or off. Zivver administrators can always log in to Zivver with a username and password, even if AD FS is not yet configured to work with Zivver.Click the copy icon pass:[ content_copy ] next to the Zivver metadata URL box. You will be able to use this URL in the following procedure. + Zivver is now set up to work with Single Sign-On. The next and final step is to adjust the settings in the AD FS Management Console.
Set up SSO in AD FS
Refer to SSO with Microsoft AD FS.
Set up Claim Rules
Refer to SSO with Microsoft AD FS.
Set up SSO in Zivver
Refer to SSO with Microsoft AD FS.
Zivver 2FA exemption (optional)
Refer to SSO with Microsoft AD FS.
Log in to the WebApp with SSO
Refer to SSO with Microsoft AD FS.
Log in to Outlook with SSO
Refer to SSO with Microsoft AD FS.
Change User Name field on AD FS login page (optional)
Refer to SSO with Microsoft AD FS.
Set up email address as login name
Refer to SSO with Microsoft AD FS.
Set a custom login name
Refer to SSO with Microsoft AD FS.
Leave login name empty by default
Refer to SSO with Microsoft AD FS.
Create shortcut to the WebApp (optional)
Refer to SSO with Microsoft AD FS.
Add trusted networks to AD FS (optional)
Refer to SSO with Microsoft AD FS.