×

Want to Search?

Go here

Switch Language

English Nederlands

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

Help Center >  SSO met VMware Idenity Provider

SSO met VMware Idenity Provider

Introduction

How do you set up SSO as a Zivver administrator?

Zivver supports Single Sign-On (SSO) via VMware Identity Provider. Users can now log in to Zivver using their workplace credentials.

SSO operates based on Security Assertion Markup Language (SAML) v2.0; in this scenario, VMware Identity Provider serves as the Identity Provider (IdP), and Zivver acts as the Service Provider (SP).

To activate SSO in Zivver, you need the following (all required):

  • You are a Zivver administrator.
  • You have access to the Admin panel in VMware Identity Provider.

Setting Up SSO Integration in VMware Identity Provider

  1. Log in to the VMware Identity Provider Admin Portal.
    Depending on your installation, the standard structure of the URL is https:///admin.
  2. Go to Catalog.
  3. Click on NEW.
  4. Enter a name.
    For example, Zivver.
  5. Click on 2. Configuration.
  6. Enter the Zivver URL:
    https://app.zivver.com/api/sso/saml/meta
  7. Click on 3. Access Policy.
  8. Select the desired policy.
    The policy determines where users are allowed to log in.
  9. Click on 4. Summary.
  10. Review the summary.
  11. If everything is correct, click SAVE.
  12. Open the newly created application.
  13. Click on EDIT.
  14. Click on 2. Configuration.
  15. Adjust the Username Value to $(user.email).
  16. Expand Advanced Properties.
  17. Scroll down to Custom Attribute Mapping.
  18. Set the fields as shown in the table below.
  19. Click on 4. Summary.
  20. Review the summary.
  21. If everything is correct, click SAVE.
  22. Click on ASSIGN.
  23. Search for the users or groups to which you want to assign this application.
  24. Click on SAVE.
Field Value
Name https://zivver.com/SAML/Attributes/ZivverAccountKey
Format Basic
Namespace [xmlns:md=“urn:oasis:names:tc:SAML:2.0:metadata”]
Value $(user.ObjectGUID)

You have successfully set up SSO in VMware Identity Provider.

Setting Up SSO Integration in Zivver

Follow the steps below to configure the newly created SSO integration in Zivver:

  1. Log in to the WebApp.
  2. Click the room_preferences Organization Settings icon at the bottom left of your browser window.
  3. Go to people_outline User administration.
  4. Go to Single Sign-on.
  5. Select Automatically.
  6. Enter the SAML metadata URL of your VMware Identity Provider.
    The URL usually has the structure https:///SAAS/API/1.0/GET/metadata/idp.xml.
    Check the VMware admin interface or documentation for the correct URL.
  7. Click Save.
  8. On to of the page, click the key Enable Single sign-on button.

You have successfully set up the SSO integration in Zivver.

Users can only log in via SSO. Make sure the SSO integration works before enabling SSO in Zivver.
Immediately test whether users can log in to the WebApp and in Outlook.

Zivver 2FA Exemption (Optional)

A Zivver account is by default secured with an additional login method (2FA). 2FA is also required when logging in via SSO. However, it is possible to disable Zivver’s 2FA when users log in through SSO with VMware Identity Provider.

Zivver will never ask for 2FA if you exempt this authentication context from 2FA in the SSO settings. This poses a security risk if users log in to VMware Identity Provider without 2FA, combined with a 2FA exemption in Zivver. Therefore, it is crucial that users are required to log in with 2FA to VMware Identity Provider when you exempt the authentication context in Zivver.

Follow the steps below to set up the 2FA exemption for VMware Identity Provider in Zivver:

  1. Log in to the WebApp.
  2. Click the room_preferences Organization Settings icon at the bottom left of your browser window.
  3. Go to people_outline User administration.
  4. Go to Single Sign-on.
  5. Scroll down to the Zivver 2FA exemptions card.
  6. In the Authentication methods to be exempted field, enter these value:
    • urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport.
  7. Click Save.

You have now successfully set up a 2FA exemption for VMware Identity Provider. When users log in via SSO, Zivver will not ask for 2FA.

Logging into the WebApp with SSO

  1. Go to the WebApp.
  2. Enter your email address.
  3. What is your role in Zivver?
    • User: you will be redirected directly to your organization’s login screen.
    • Administrator: you can choose between your Zivver password and your workplace login credentials to log in.
  4. Log in with your organization’s workplace login credentials.
    Depending on a 2FA exemption, you may be prompted for an additional login method. If a 2FA exemption is in place, skip the last step.
  5. Enter your additional login method.
    You are now logged into our WebApp.

Logging into Outlook with SSO

To log in with SSO using the Zivver Office Plugin in Outlook, follow these steps:

  1. Click on the Zivver tab.
  2. Click on manage_accounts Manage Accounts.
  3. Click on the link add_circle Add an Account.
  4. Select the email address you want to log in with.
  5. Click on Yes, I want to log in now.
    You will be redirected to your organization’s login screen.
  6. Log in with your organization’s workplace login credentials.
    Depending on a 2FA exemption, you may be prompted for an additional login method. If a 2FA exemption is in place, skip the last step.
  7. Enter your additional login method.
    You are now logged into Outlook.

Updated on 2024-11-12