Single Sign-on (SSO)

  • Updated
  • Zingtree supports Single Sign-on (SSO) as a means of restricting access to trees.  Many customers have sensitive corporate processes or procedures encapsulated in their trees, and ensuring these trees are accessible only to certain employees can be invaluable.

    Single Sign-on can be enabled with separate login systems for:

    • Employees/agents/end-users.
    • Tree Authors.

    Single Sign-on is a service provided by many vendors, including Okta, Microsoft (ADFS / Active Directory / Azure), Google (G-Suite), Salesforce and more.  These services are known as Identity Providers.  A single log-in through an Identity Provider gives a user secure, authenticated access to applications provided by Service Providers like Zingtree.

    Once you log in through your Identity Provider, you don’t need to re-enter your login credentials. SSO is a very convenient way to secure access to your applications, while not burdening end-users with extra hurdles.

    Zingtree supports any service that is SAML 2.0 compliant, which is a common standard.

    Set Up Overview

    Configuring SSO requires your Identity Provider and Zingtree to share information with each other:

    1. Your Identity Provider needs information about Zingtree.
    2. Zingtree needs information about your Identity Provider.


    Configuring Zingtree for SSO

    You can use one of the following articles to help configure SSO:

    Salesforce SSO Setup Guide
    Microsoft Azure Single Sign-on Setup Guide
    OKTA Single Sign-on Setup Guide


    Testing Your SSO Setup

    Once you’ve set up your Identity Provider and Zingtree for SSO, you can test from Zingtree as follows:

    1. In Zingtree, go to Account, Single Sign-on. This SSO configuration screen appears:
    2. Click the green Test Author Login or Test Agent Login button at the lower right of the page.

      OKTASSO20.png

    From here. you can test logging into your Identity Provider from Zingtree.  If you’re already logged in, the test will just return your email or another identifier from your Identity Provider.  If you’re not yet logged in, the Identity Provider’s login screen will appear, and then you will be returned to the Zingtree SSO test page after logging in.

    Enabling SSO for Agents/Authors

    Once SSO is working properly from your test, you can restrict access to any tree as follows.

    1. From Account, Single Sign-on, make sure you are on the Agents/Authors page.
    2. Tick enable Agents/Authors.

      SFSSO17.png

    IMPORTANT: You still need to specify individual trees to restrict access to. Here’s how:

    1. Go to My Trees, and select the tree that you want to require SSO login.
    2. Click the Settings > Security and you’ll see something like this:

      2022-05-05_10-21-53.png

    3. Check Require Login via Single Sign-on (SSO).
    4. Click Update Settings.

    Dedicated Agent Login

    Rather than having Agents go through the Zingtree login page, you can send them directly to your SSO login page. Here’s how:

    1. Go to Account, My Agents.
    2. Give your agents the link from this button:

     

    One More Step: You also need to add authors to your organization via Account, My Authors. They will not be required to use a Zingtree login to gain access, but this also validates them as a person who has access to an organization’s trees.

    The rest of the setup for sharing information with your identity provider is identical to Agent Setup.

     

  • Zingtree supports Single Sign-on (SSO) as a means of restricting access to trees.  Many customers have sensitive corporate processes or procedures encapsulated in their trees, and ensuring these trees are accessible only to certain employees can be invaluable.

    Single Sign-on can be enabled with separate login systems for:

    • Employees/agents/end-users.
    • Tree Authors.

    Single Sign-on is a service provided by many vendors, including Okta, Microsoft (ADFS / Active Directory / Azure), Google (G-Suite), Salesforce and more.  These services are known as Identity Providers.  A single log-in through an Identity Provider gives a user secure, authenticated access to applications provided by Service Providers like Zingtree.

    Once you log in through your Identity Provider, you don’t need to re-enter your login credentials. SSO is a very convenient way to secure access to your applications, while not burdening end-users with extra hurdles.

    Zingtree supports any service that is SAML 2.0 compliant, which is a common standard.

    Set Up Overview

    Configuring SSO requires your Identity Provider and Zingtree to share information with each other:

    1. Your Identity Provider needs information about Zingtree.
    2. Zingtree needs information about your Identity Provider.

    Configuring Zingtree for SSO

    To start, in the Zingtree top menu, go to Account Settings, Single-Sign-on. You can specify SSO for either Agents (employees or end-users) or Authors.

    You’ll see the parameters (specific to your organization) to share with your Identity Provider. Here’s how agent view appears:

    If you’re setting up SSO for Authors, click this button:

    You can switch back to Agent setup by clicking this:

    Configure your Identity Provider with these parameters.

    Next, click the blue button to Enter Identity Provider Data into Zingtree. The following screen appears:2022-04-21_12-06-31.png

     

    Copy the rest of these settings from your Identity Provider.

    Click Save Identity Provider Settings when finished.

    SSO just needs to be set up once for your organization.

    Testing Your SSO Setup

    Once you’ve set up your Identity Provider and Zingtree for SSO, you can test from Zingtree as follows:

    1. In Zingtree, go to Account, Single Sign-on. This SSO configuration screen appears:
    2. Click the green Test Author Login or Test Agent Login button at the lower right of the page.

      OKTASSO20.png

    From here. you can test logging into your Identity Provider from Zingtree.  If you’re already logged in, the test will just return your email or another identifier from your Identity Provider.  If you’re not yet logged in, the Identity Provider’s login screen will appear, and then you will be returned to the Zingtree SSO test page after logging in.

    Enabling SSO for Agents/Authors

    Once SSO is working properly from your test, you can restrict access to any tree as follows.

    1. From Account Settings, Single Sign-on, make sure you are on the Agents/Authors Page.
    2. Tick enable Agents/Authors.

      SFSSO17.png

    IMPORTANT: You still need to specify individual trees to restrict access to. Here’s how:

    1. Go to My Trees, and select the tree that you want to require SSO login.
    2. Click the Settings > Security, and you’ll see something like this:

      2022-05-05_10-21-53.png

    3. Check Require Login via Single Sign-on (SSO).
    4. Click Update Settings.

    Dedicated Agent Login

    Rather than having Agents go through the Zingtree login page, you can send them directly to your SSO login page. Here’s how:

    1. Go to Account Settings, My Agents.
    2. Give your agents the link from this button:

     

    One More Step: You also need to add authors to your organization via Account Settings, My Authors. They will not be required to use a Zingtree login to gain access, but this also validates them as a person who has access to an organization’s trees.

    The rest of the setup for sharing information with your identity provider is identical to Agent Setup.


  • Throughout 2022 Zingtree will be upgrading customers to our new faster and more modern user experience! Here's how to tell which experience your Zingtree Authors are currently using.

    Log in to your Zingtree Author account and navigate to My Trees. How does your current My Trees page look?

    Zingtree Classic

    2022-02-25_12-24-51.png

    New User Experience

    mceclip0.png

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request