×

Want to Search?

Go here

Switch Language

Nederlands English

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

SSO with Okta

Introduction

Zivver supports Single Sign-On (SSO) via Okta, so that users can login to Zivver with the login data of their workplace. This manual explains how, as an administrator, you set up SSO. SSO operates on the basis of Security Assertion Markup Language (SAML) v2.0. Okta is the Identity Provider (IdP) and Zivver is the Service Provider (SP). To activate SSO in Zivver, this is necessary:

  1. You are a Zivver administrator.
  2. You have access to Management functionality in Okta. example URL: https://[organization]-admin.okta.com/admin/dashboard

SSO setup in Okta

The first step is to get Zivver set up as a SAML SP application in Okta.

  1. Log in to Okta.
  2. Go to the Admin dashboard.
  3. Expand Applications.
  4. Click Applications.
  5. Click Add Application.
  6. Click Create App integration.
  7. Set Sign on method to SAML 2.0.
  8. Click Next.
  9. Enter Zivver as App name.
  10. If necessary, upload a logo, such as the Zivver logo.
  11. Click Next.
  12. Disable Use this for Recipient URL and Destination URL.
  13. Fill in this information:
SettingValue
Single sign on URLhttps://app.zivver.com/api/sso/saml/consumer/
Recipient URLhttps://app.zivver.com/SAML/Zivver
Destination URLhttps://app.zivver.com/api/sso/saml/consumer/
Audience URI (SP Entity ID)https://app.zivver.com/SAML/Zivver
Default RelayStateN/A, leave blank
Name ID formatEmail address
Application usernameEmail
  1. Click Show Advanced Settings.
  2. Fill in these details:
SettingValue
ResponseSigned
Assertion SignatureSigned
Signature AlgorithmRSA-SHA256
Digest AlgorithmSHA256
Assertion EncryptionUnencrypted
Authentication context classPasswordProtectedTransport
Honor Force AuthenticationYes
SAML Issuer IDhttp://www.okta.com/{org.externalKey} (Replace {org.externalKey} with your own organizational external key)
  1. Go to the Attribute Statements (optional) section.
  2. Enter this information:
NameValue
https://zivver.com/SAML/Attributes/ZivverAccountKeyuser.id
urn:oid:2.5.4.42user.displayName
urn:oid:2.5.4.20user.mobilePhone
urn:oid:2.5.4.3user.firstName
  1. Click Next.
  2. If necessary, complete the optional questions.
  3. Click Finish.
  4. Go to the Sign On tab of your newly created application.
  5. In the Sign on methods section, locate the Metadata URL.
  6. Click the Copy button.
    You will need the Metadata URL in the next section. Having trouble? Visit the Okta documentation.
  7. Go to the Assignments tab.
  8. Assign the Zivver application to persons/groups.
    Okta is now correctly set up for Zivver.

Setting SSO in Zivver

The second step is to set up SSO in Zivver. You do this in the Zivver admin panel.

  1. Log in to the Zivver WebApp.
  2. Click Organization Settings.
  3. Expand User administration.
  4. Click Single Sign-on.
  5. Select Automatically recommended.
  6. Paste the URL copied from the previous section.
  7. Click .
  8. At the top of the page, click .
    SSO is now configured in Zivver, and you are ready for the next section.
Warning
From the moment when you enable SSO, Zivver starts trying to log in users via SAML. It is therefore wise to keep SSO in Zivver switched off until you have set everything up correctly on the Okta side. Users who are already logged in will remain logged in after you enable SSO.

Zivver 2FA exemption (optional)

A Zivver account is protected by default with an additional login method (2FA). 2FA is also required when logging in via SSO. It is possible to disable Zivver’s built-in 2FA when users already log in to Okta with 2FA. This prevents users from having to complete 2FA twice.

With these authentication methods, Zivver does not ask for 2FA when logging in:

urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

This means that the SAML response does not contain any information that Zivver can derive from whether the user is logged in securely with 2FA. Therefore read the warning below carefully.

Warning
Zivver will never ask for a second authentication factor if you exempt this authentication context from 2FA in the SSO settings. This creates a security risk when users log in to Okta without 2FA while a 2FA exemption is configured in Zivver. Therefore, it is important that users are required to log in to Okta with 2FA if you release the above-mentioned authentication context in Zivver.

Follow these steps to set the 2FA exemption for Okta in Zivver:

  1. Log in to the Zivver WebApp.
  2. Click Organization Settings.
  3. Expand User administration.
  4. Click Single Sign-on.
  5. Scroll down to the Zivver 2FA exemptions card.
  6. In the Authentication methods to be exempted field, enter these values:
    • urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport.
  7. Click .
    You have now successfully set a 2FA exemption for Entra ID. When users log in via SSO, Zivver will not ask for 2FA.

Testing Single Sign-On

Log in to the WebApp with SSO

  1. Go to the Zivver WebApp.
  2. Enter your e-mail address.
  3. Depending on your role in Zivver:
    • As a user: you are immediately redirected to your organization’s login screen.
    • As an administrator: you choose between logging in with your Zivver password or your workplace credentials.
  4. Log in with your organization’s workplace credentials.
    Depending on whether a 2FA exemption applies, you may be prompted for an additional login method. If a 2FA exemption is in place, this step is skipped.
  5. Enter your additional login factor.
    You are now logged in to the Zivver WebApp.

Log in to Outlook with SSO

In the Zivver Office Plugin for Outlook, you can log in via SSO using these steps:

  1. Click the Zivver tab.
  2. Click Manage accounts.
  3. Click the link add_circle Add an account.
  4. Enter the e-mail address you want to use for login.
  5. Click .
    You will be redirected to your organization’s login screen.
  6. Log in with your organization’s workplace credentials.
    Depending on whether a 2FA exemption applies, you may be prompted for an additional login method. If a 2FA exemption is in place, this step is skipped.
  7. Enter your additional login method.
    You are now logged in to Outlook.

Updated on 2025-11-05