Single Sign-on (SSO)

Zingtree supports Single Sign-on (SSO) as a means of restricting access to trees.  Many customers have sensitive corporate processes or procedures encapsulated in their workflows, and ensuring these workflows are accessible only to certain employees can be invaluable.

Single Sign-on can be enabled with separate login systems for:

  • Employees/agents/end-users.
  • workflow Authors.

Single Sign-on is a service provided by many vendors, including Okta, Microsoft (ADFS / Active Directory / Azure), Google (G-Suite), Salesforce and more.  These services are known as Identity Providers.  A single log-in through an Identity Provider gives a user secure, authenticated access to applications provided by Service Providers like Zingtree.

Once you log in through your Identity Provider, you don’t need to re-enter your login credentials. SSO is a very convenient way to secure access to your applications, while not burdening end-users with extra hurdles.

Zingtree supports any service that is SAML 2.0 compliant, which is a common standard.

Set Up Overview

Configuring SSO requires your Identity Provider and Zingtree to share information with each other:

  1. Your Identity Provider needs information about Zingtree.
  2. Zingtree needs information about your Identity Provider.

Configuring Zingtree for SSO

To start, in the Zingtree top menu, go to Team then Single Sign-On. Here you can configure SSO for Authors, and/or Agents.

You’ll see the parameters (specific to your organization) to share with your Identity Provider. Here’s how the Agent view appears:

Toggle the SSO switch to the On position and Configure your Identity Provider with the required parameters from your Identity Provider.

Click Save SSO Configuration when finished.

SSO just needs to be set up once for your organization.

 

Once SSO is working properly, you can restrict access to any workflow as follows.

  1. From your workflow's Settings > Security tab, enable Require Login via SSO. This option will become available when your SSO setup is completed.

Dedicated Agent Login

Rather than having Agents go through the Zingtree login page, you can send them directly to your SSO login page. Here’s how:

  1. Go to Team > Agents.

  2. Give your agents the link from this button located at the bottom of the page:

    mceclip6.png

 

One More Step: You also need to add authors to your organization via Team > Authors. They will not be required to use a Zingtree login to gain access, but this also validates them as a person who has access to an organization’s trees.

The rest of the setup for sharing information with your identity provider is identical to Agent Setup.

 

Was this article helpful?

0 out of 2 found this helpful

Have more questions? Submit a request

Didn't find what you need?

Our friendly customer support team is here to help

Submit a Request

Looking for help or advice?

Reach out to our knowledgeable community of users.

Zingtree Community