Zingtree supports SAML 2.0 based Single Sign-on (SSO). This lets you require anyone accessing a tree to log in via your Identity Provider and authenticate themselves first. This article will walk you through how to set it up using Salesforce.
Setup
-
From the Salesforce lightning experience homepage, select the gear icon in the top right corner. Click on Setup.
-
Search for Identity Provider and click it.
-
From the drop down menu select Create a New Certificate.
-
Enter Zingtree Authors or Zingtree Agents as the label. Click Save.
-
Click Download Metadata. You’ll need to extract the Entity Id, ACS Url and Service Provider certificate.
-
In Zingtree choose My Team then choose SSO for Authors or SSO for Agents depending on your preference for SSO. You can do both if you'd like.
-
Go back into Salesforce and open the Connected App section. Make sure to enable the SAML check box so you can access the Entity ID and ACS URL fields.
-
Return to Zingtree and click Next: Enter Identity Provider Data for Agents.
-
Open the XML metadata file you downloaded in step 5 and extract the Entity ID, Certificate, and Login/ACS URL.
-
In Zingtree Input the Entity ID, Login URL, and Certificate. Be sure to check the Enable MFA as option button.
-
When you’re finished click Save Identity Provider Settings for Agent/Author Access.
Testing
To test the connection do the following:
-
In Salesforce make sure to set a group permission or user profile.
-
In Zingtree click the Test Author/Agent Login Button.
Enabling SSO for Agents/Authors
Once SSO is working properly from your test, you can restrict access to any tree as follows.
- From My Team, Single Sign-on, make sure you are on the Agents/Authors page.
- Tick enable Agents/Authors.
IMPORTANT: You still need to specify individual trees to restrict access to. Here’s how:
- Go to My Trees, and select the tree that you want to require SSO login.
- Click Settings > Security, and you’ll see something like this:
- Check Require Login via Single Sign-on (SSO).
- Click Update Settings.
Dedicated Agent Login
Rather than having Agents go through the Zingtree login page, you can send them directly to your SSO login page. Here’s how:
- Go to My Team, My Agents.
- Give your agents the link from this button: