×

Want to Search?

Go here

Switch Language

Nederlands English

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

SSO with VMware Identity Provider

Introduction

How do you set up SSO as a Zivver administrator?

Zivver supports Single Sign-On (SSO) via VMware Identity Provider. Users can log in to Zivver using their workplace credentials.

SSO operates based on Security Assertion Markup Language (SAML) v2.0. In this scenario, VMware Identity Provider serves as the Identity Provider (IdP), and Zivver acts as the Service Provider (SP).

To activate SSO in Zivver, you need the following (all required):

  • You are a Zivver administrator.
  • You have access to the Admin panel in VMware Identity Provider.

Setting Up SSO Integration in VMware Identity Provider

  1. Log in to the VMware Identity Provider Admin Portal.
    Depending on your installation, the standard structure of the URL is https://<your-domain>/admin.
  2. Go to Catalog.
  3. Click NEW.
  4. Enter a name.
    For example, Zivver.
  5. Click 2. Configuration.
  6. Enter the Zivver URL:
    https://app.zivver.com/api/sso/saml/meta
  7. Click 3. Access Policy.
  8. Select the desired policy.
    The policy determines where users are allowed to log in.
  9. Click 4. Summary.
  10. Review the summary.
  11. If everything is correct, click SAVE.
  12. Open the newly created application.
  13. Click EDIT.
  14. Click 2. Configuration.
  15. Adjust the Username Value to $(user.email).
  16. Expand Advanced Properties.
  17. Scroll down to Custom Attribute Mapping.
  18. Set the fields as shown in the table below.
  19. Click 4. Summary.
  20. Review the summary.
  21. If everything is correct, click SAVE.
  22. Click ASSIGN.
  23. Search for the users or groups to which you want to assign this application.
  24. Click SAVE.
FieldValue
Namehttps://zivver.com/SAML/Attributes/ZivverAccountKey
FormatBasic
Namespace[xmlns:md=“urn:oasis:names:tc:SAML:2.0:metadata”]
Value$(user.ObjectGUID)

You have successfully set up SSO in VMware Identity Provider.

Setting Up SSO Integration in Zivver

Follow the steps below to configure the newly created SSO integration in Zivver:

  1. Log in to the Zivver WebApp.
  2. Click Organization Settings.
  3. Expand User administration.
  4. Click Single Sign-on.
  5. Select Automatically recommended.
  6. Enter the SAML metadata URL of your VMware Identity Provider.
    The URL usually has the structure https://<your-domain>/SAAS/API/1.0/GET/metadata/idp.xml.
    Check the VMware admin interface or documentation for the correct URL.
  7. Click .
  8. At the top of the page, click .

You have successfully set up the SSO integration in Zivver.

Warning
Users can only log in via SSO. Make sure the SSO integration works before enabling SSO in Zivver. Immediately test whether users can log in to the WebApp and in Outlook.

Zivver 2FA Exemption (Optional)

A Zivver account is by default secured with an additional login method (2FA). 2FA is also required when logging in via SSO. However, it is possible to disable Zivver’s 2FA when users log in through SSO with VMware Identity Provider.

Warning
Zivver will never ask for 2FA if you exempt this authentication context from 2FA in the SSO settings. This poses a security risk if users log in to VMware Identity Provider without 2FA, combined with a 2FA exemption in Zivver. Therefore, it is crucial that users are required to log in with 2FA to VMware Identity Provider when you exempt the authentication context in Zivver.

Follow the steps below to set up the 2FA exemption for VMware Identity Provider in Zivver:

  1. Click Organization Settings.
  2. Expand User administration.
  3. Click Single Sign-on.
  4. Scroll down to the Zivver 2FA exemptions card.
  5. In the Authentication methods to be exempted field, enter the following value:
    • urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
  6. Click .

You have now successfully set up a 2FA exemption for VMware Identity Provider. When users log in via SSO, Zivver will not ask for 2FA.

Logging into the WebApp with SSO

  1. Go to the WebApp.
  2. Enter your email address.
  3. What is your role in Zivver?
    • User: you will be redirected directly to your organization’s login screen.
    • Administrator: you can choose between your Zivver password and your workplace login credentials to log in.
  4. Log in with your organization’s workplace login credentials.
    Depending on a 2FA exemption, you may be prompted for an additional login method. If a 2FA exemption is in place, skip the last step.
  5. Enter your additional login method.
    You are now logged into the WebApp.

Logging into Outlook with SSO

To log in with SSO using the Zivver Office Plugin in Outlook, follow these steps:

  1. Click the Zivver tab.
  2. Click Manage accounts.
  3. Click add_circle Add an account.
  4. Select the email address you want to log in with.
  5. Click Yes, I want to login.
    You will be redirected to your organization’s login screen.
  6. Log in with your organization’s workplace login credentials.
    Depending on a 2FA exemption, you may be prompted for an additional login method. If a 2FA exemption is in place, skip the last step.
  7. Enter your additional login method.
    You are now logged into Outlook.

Updated on 2025-10-14