What is single sign-on (SSO)?

Single sign-on (SSO) is a technology which combines several different application login screens into one.

With SSO, a user only has to enter their login credentials (username, password, etc.) one time on a single page to access all of their applications. SSO is often assigned and managed by your internal IT team and can also really help with remote working.

Instead of establishing your identity over and over, you can establish your identity once and can then access all your systems and tools in one go.

What are the advantages of SSO?

In addition to being much simpler and more convenient for users, SSO is widely considered to be more secure. There are many advantages:

  1. Stronger passwords: SSO makes it easier for users to create, remember, and use one strong password. Your internal IT team can set the password policy that is satisfactory to your organisation. Please note: It's also possible to set up password policies in zkipster at Enterprise level without SSO.
  2. No repeated passwords: When users have to remember passwords for several different apps and services, passwords are reused. This is a huge security risk because your tools are only as secure as the weakest tool you use and if compromised, attackers can use the password to hack all other services as well. SSO eliminates this.
  3. No shared passwords: Allows your organisation to be reassured that its users won't increase the risk to data by sharing passwords. Each login accounts for an individual authenticated user, which is best practice when handling client data.
  4. Better password policy enforcement: With one place for password entry, SSO provides a way for IT teams to easily enforce password security rules. For example, resetting passwords periodically.
  5. Company managed Multi-factor authentication: Multi-factor authentication, or MFA, refers to the use of more than one identity factor to authenticate a user. For example, in addition to entering a username and password, a user needs to receive an SMS to their smartphone. MFA is much more secure than relying on a password alone. Please note: It's also possible to have managed MFA in zkipster at Enterprise level without SSO.
  6. Internal credential management instead of in zkipster: With SSO, your organisation can store your password details internally at your organisation where the IT team has full control.
  7. Less time wasted, more business productivity: In addition to the above security benefits, SSO also cuts down on wasted time for internal teams helping users with several passwords.

SSO in zkipster

SSO is exclusively available in the zkipster Enterprise Plan. It is not available for Essentials or Professional users.

If you would like to discuss SSO or Enterprise in zkipster, please reach out to sales@zkipster.com or start an online chat with our team in the bottom right of your screen.

zkipster currently offers SSO compatibility with any Identity Provider that supports SAML 2.0 (Security Assertion Markup Language) provider.

However, we can only confirm Azure, Google, Okta and OneLogin as fully supported and tested providers.

Please note: You must already have a SAML compatible Identity Provider that is fully setup and functional to connect to your zkipster account.

How to Set Up SSO with zkipster

SSO set up is done in the Account Settings of the zkipster account, which is only available to Account Owners and Administrators.

  1. Set up the SAML service/app on the external provider by following their instructions:
    Azure (Microsoft) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-single-sign-on-on-premises-apps
    Google https://support.google.com/a/answer/6087519?hl=en
    Okta https://developer.okta.com/docs/guides/build-sso-integration/saml2/create-your-app/
    OneLogin https://onelogin.service-now.com/support/?id=kb_article&sys_id=b2c91143db109700d5505eea4b9619d5
  2. Copy the 3 needed data points below OR download the metadata file:
    SSO URL
    Entity ID
    Certificate
  3. Go to Account Settings and click on 'Single Sign-on (SSO)'
    Either manually set up with SSO URL, Entity ID and upload the certificate, then click "Save"
    or;
    open the previously downloaded Metadata file and copy/paste it’s contents into the ‘Paste Metadata File’ field - then click "Save"
  4. Copy the zkipster ACS URL
  5. Go back to the external SAML service/app and add the ACS URL (Note that depending on the provider, this may be required in the first step).

Once this is set up by the Account Owner or Administrator, it will be applicable for all users in the same zkipster account.

Please note: The identify provider’s (idP) user name must match with zkipster’s username. Note that most providers use email as the username, in which case the username in zkipster must match the email address in the idP. This includes upper and lower case letters.

Accounts owners and Administrators can ensure compliance with SAML provider usernames by modifying Team Member usernames or when creating new team members in the account.


Logging in using SSO

Once SSO is set up in the zkipster account, user management is done on the SAML 2.0 provider by the administrator to determine which users have access to zkipster via SSO.

Please note: Though SSO may be set up for users on the account, it remains possible to login with their username and password.

Web Account

On the login page click on "LOG IN WITH SAML"

On the next page:
1. enter your zkipster username
2. then click "LOG IN WITH SAML"

You will then be brought to your SAML provider website to login and enter your credentials.

Once you have entered your details, you will be redirected back to zkipster and brought to the main event dashboard.

On iOS

When opening the app, tap on "LOG IN WITH SAML"

On the next page:
1. enter your zkipster username
2. then tap on "LOG IN WITH SAML"

You will then be brought to your SAML provider website to login and enter your credentials.

Once you have entered your details, you will be redirected back to the zkipster app.

On Android

When opening the app, tap on "LOG IN WITH SAML"

On the next page:
1. enter your zkipster username
2. then tap on "LOG IN WITH SAML"

You will then be brought to your SAML provider website to login and enter your credentials.

Please note: You will then be asked to choose what to open the next page with. CHOOSE ZKIPSTER.

If you choose any other option (Chrome for instance), SSO login will always fail.

The solution here is to uninstall and reinstall the app and then correctly select the zkipster app when logging in.

You will be redirected back to the zkipster app.

Did this answer your question?