Single Sign-On Integration
Last updated
Last updated
2023 © Zmanda, A BETSOL Company
SSO will allow you to integrate your SSO solution with Zmanda more efficiently. This feature streamlines the login process and enhances security by allowing all the employees to access all of their authorized applications using a single set of credentials.
A new screen has been added to Zmanda Management Console (ZMC), enabling seamless integration with Single Sign-On (SSO) functionality. You can access this feature by navigating to the Settings section from the left navigation bar, and then selecting SSO Integration.
To begin integrating your preferred Identity
Provider (IdP), click the ADD IDENTITY PROVIDER button. This will open a new drawer, where you can select your IdP from a dropdown menu and enter all the required details. Once the details are entered, click Save to complete the integration process.
If you need to make changes to your SSO configuration, you can do so by accessing the Edit or Delete options on the same screen. Additionally, if you wish to disable SSO functionality temporarily, you can toggle it off while still saving your configurations for future use.
To add a new user for Single Sign-On (SSO) functionality, simply follow these steps:
Step 1: Access the Settings menu from your account dashboard.
Step 2: Select Users from the available options.
Step 3: Click the Add User button to create a new user account.
Step 4: Fill out the required information for the new user, such as their name, email address, and role.
Step 5: Once all required fields have been completed, enable the Activate SSO Login toggle button for the user.
Step 6: Click Save to create the new user account and activate SSO functionality for that user.
You can navigate to the ZMC login screen and enter your email address. If you have SSO enabled for your account, the Continue with SSO button will appear, allowing you to authenticate with your SSO credentials.
Alternatively, if you prefer to log in with the traditional form of login, you can select the Zmanda Credentials option. This will direct you to the login form, where you can enter your email address and password which were set for Zmanda.
Step 1: Select Create Application (Regular Web App) to create a new application.
Step 2: Configure the Allowed Callback URLs to ensure the application can properly redirect users back to your platform. This URL will typically be your platform's domain followed by "/callback".
Step 3: Copy the Client ID and Secret provided for your new application.
Step 4: If you experience errors involving signature, navigate to the application's Advanced settings and verify that the signing algorithm is set to "RS256".
Step 5: Enter your client ID and secret ID as normal when configuring SSO on your platform.
Step 6: The Discovery URL should be set to the Issuer URL that is present in the well-known-configs for your application.
Step 7: The OIDC claims should be set to sub.
Step 8: The OIDC scopes should include email and profile.
Before proceeding with the setup of OpenID Connect (OIDC) authentication, ensure that an Authorization Server has been created. The Issuer field present on the Setting page will be used as the OIDC Discovery URL.
To set up OIDC authentication for your web application, follow these steps:
Step 1: Navigate to the Applications section and select Add Application (Web).
Step 2: Configure the Login Redirect URIs to ensure that the OIDC authentication is redirected to the correct endpoint. Save the changes.
Step 3: Save the client ID and secret generated for your web application.
To complete the setup process, you'll need to provide additional details as follows:
Enter the client and secret IDs as normal.
The OIDC Discovery URL should be the Issuer URL that is present in the well-known-configs.
The OIDC claims should be set to sub.
The OIDC scopes should be set to email and profile.
To configure Azure Active Directory for use with Vault, please follow these steps:
Step 1: Choose your Azure tenant from the available options.
Step 2: Go to Azure Active Directory and register an application for Vault.
Step 3: Record the Application (client) ID for future use as the oidc_client_id.
Step 4: Under Endpoints, copy the OpenID Connect metadata document URL, omitting the "/well-known..." portion.
Step 5: The endpoint URL (oidc_discovery_url) should be set to:https://login.microsoftonline.com/tenant_id/v2.0
Step 6: Under Certificates & Secrets, add a client secret and record its value as the oidc_client_secret for Vault.
Step 7: Set the OIDC claims to the sub.
Step 8: Set the OIDC scopes to "https://graph.microsoft.com/.default".