What is single sign-on (SSO)?
Single sign-on (SSO) is a technology which combines several different application login screens into one.
With SSO, a user only has to enter their login credentials (username, password, etc.) one time on a single page to access all of their applications. SSO is often assigned and managed by your internal IT team and can also really help with remote working.
Instead of establishing your identity over and over, you can establish your identity once and can then access all your systems and tools in one go.
What are the advantages of SSO?
In addition to being much simpler and more convenient for users, SSO is widely considered to be more secure. There are many advantages:
Stronger passwords: SSO makes it easier for users to create, remember, and use one strong password. Your internal IT team can set the password policy that is satisfactory to your organisation. Please note: It's also possible to set up password policies in zkipster at Enterprise level without SSO.
No repeated passwords: When users have to remember passwords for several different apps and services, passwords are reused. This is a huge security risk because your tools are only as secure as the weakest tool you use and if compromised, attackers can use the password to hack all other services as well. SSO eliminates this.
No shared passwords: Allows your organisation to be reassured that its users won't increase the risk to data by sharing passwords. Each login accounts for an individual authenticated user, which is best practice when handling client data.
Better password policy enforcement: With one place for password entry, SSO provides a way for IT teams to easily enforce password security rules. For example, resetting passwords periodically.
Company managed Multi-factor authentication: Multi-factor authentication, or MFA, refers to the use of more than one identity factor to authenticate a user. For example, in addition to entering a username and password, a user needs to receive an SMS to their smartphone. MFA is much more secure than relying on a password alone. Please note: It's also possible to have managed MFA in zkipster at Enterprise level without SSO.
Internal credential management instead of in zkipster: With SSO, your organisation can store your password details internally at your organisation where the IT team has full control.
Less time wasted, more business productivity: In addition to the above security benefits, SSO also cuts down on wasted time for internal teams helping users with several passwords.
SSO in zkipster
SSO is exclusively available in the zkipster Enterprise Plan. It is not available for Essentials or Professional users.
If you would like to discuss SSO or Enterprise in zkipster, please reach out to sales@zkipster.com or start an online chat with our team in the bottom right of your screen.
zkipster currently offers SSO compatibility with any Identity Provider that supports SAML 2.0 (Security Assertion Markup Language) provider.
However, we can only confirm Azure, Google, Okta and OneLogin as fully supported and tested providers.
Please note: You must already have a SAML compatible Identity Provider that is fully setup and functional to connect to your zkipster account.
How to Set Up SSO with zkipster
SSO set up is done in the Account Settings of the zkipster account, which is only available to Account Owners and Administrators.
1. Set up the SAML service/app on the external provider by following their instructions:
Azure (Microsoft) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-single-sign-on-on-premises-apps
Google https://support.google.com/a/answer/6087519?hl=en
Okta https://developer.okta.com/docs/guides/build-sso-integration/saml2/create-your-app/
OneLogin https://onelogin.service-now.com/support/?id=kb_article&sys_id=b2c91143db109700d5505eea4b9619d5
Please note: if your provider is Azure and you opt to manually configure SSO, you will be asked to provide an Entity ID and the ACS URL. The ACS URL can be found in your Account Settings, under the Single Sign-on section on the left hand side menu. The Entity ID value to be inserted in both Azure and zkipster SSO configurations should be: https://account.zkipster.com. The ACS URL can be found at the top of the 'Single Sign-On (SSO)' page in your Account Settings.
2. Copy the 3 needed data points below OR download the metadata file:
SSO URL
Entity ID
Certificate
3. Go to 'Account Settings' and click on 'Users & Teams' then go to the 'Single Sign-on (SSO)' tab
Either manually set up with SSO URL, Entity ID and upload the certificate, then click "Save"
or;
open the previously downloaded Metadata file and copy/paste it’s contents into the ‘Paste Metadata File’ field - then click "Save"
4. Copy the zkipster ACS URL
5. Go back to the external SAML service/app and add the ACS URL (Note that depending on the provider, this may be required in the first step).
Once this is set up by the Account Owner or users with Admin Access, it will be applicable for all users in the same zkipster account.
Please note: The identify provider’s (idP) user name must match with zkipster’s username. Note that most providers use email as the username, in which case the username in zkipster must match the email address in the idP. This includes upper and lower case letters.
Accounts owners or users with Admin Access can ensure compliance with SAML provider usernames by modifying Team Member usernames or when creating new users in the account.
Logging in using SSO
Once SSO is set up in the zkipster account, user management is done on the SAML 2.0 provider by the administrator to determine which users have access to zkipster via SSO.
In the SSO section of your zkipster account settings, Administrators can enable the 'Force SSO' button, which mandates that all users log in exclusively through SSO. Account Owners will retain the choice to log in using their Username and Password.
Web Account
On the login page, click on "LOG IN WITH SAML"
On the next page:
1. Enter your zkipster username
2. Click "LOG IN WITH SAML"
You will then be brought to your SAML provider website to log in and enter your credentials.
Once you have entered your details, you will be redirected back to zkipster and brought to the main event dashboard.
On iOS
When opening the app, tap on "LOG IN WITH SAML" and enter your zkipster username on the next page to login. You will be redirected to your SAML provider website to enter your credentials. Once you have successfully logged in, you will be redirected back to the zkipster app.
On Android
When opening the app, tap on "LOG IN WITH SAML" to enter your username. You will be redirected to your SAML provide to log in
Note: You will then be asked to choose what to open the next page with. CHOOSE ZKIPSTER. If you choose any other option (Chrome, for instance), SSO login will always fail.
The solution here is to uninstall and reinstall the app and then correctly select the zkipster app when logging in.
You will be redirected back to the zkipster app.