Administrator
Administrator
0 0 18
2 weeks ago

Summary

A how-to guide for preparation, communication, and implementation of Zinc’s Single Sign On (SSO) integration.

Product Line

Zinc

Version Validated In

N/A

Overview

A how-to guide for preparation, communication, and implementation of Zinc’s Single Sign On (SSO) integration.

Step-by-Step

Overview of Single Sign On

Zinc offers Single Sign On (SSO) integration, including partnerships with preferred providers, to make access to Zinc seamless and secure for all of your users. 


SSO Server

Zinc’s Single Sign On (SSO) server connects your existing SAML-based SSO server to automatically log in and provision your users based on your authentication mechanisms. In order to set this up, you will need to coordinate with Zinc’s Customer Success team as configurations must be made to both your SSO server and Zinc’s SSO server.


Configuration

When fully configured, the user login experience will change significantly. When users from your domain(s) attempt to log in, they will be redirected to your SSO server, where they will enter their corporate username and password. After a successful login, they will be logged in to Zinc’s mobile, desktop or web applications.

Note: Since this will greatly change the user login experience, we strongly recommend reviewing, customizing, and distributing the communications templates included in the accompanying Zinc SSO Rollout Communications Guide to your users before going live with SSO for your Zinc account.


Single Sign On Implementation Guide

This section is designed for anyone who needs to configure a Zinc Account for user authentication through an existing SAML-based SSO server. Since end users will need to know how and when their access will change, we have provided suggested SSO Rollout Communications along with this guide.


Prerequisites:

1. An SSO server that can send SAML 2.0 certificates.

2. An endpoint URI that can be accessed from outside your corporate network.

3. An engineer who is familiar with configuring your SSO server


Project Plan:

While planning and implementing Zinc SSO only takes less than 1 week, we recommend a 3 week lead time in communicating this change to your users.
  1. Use Zinc’s SSO connection information (below) to create a new service provider connection (a.k.a. relying party trust) in your SSO server. (1 hour)
  2. Ensure that your endpoint URI is accessible from outside your network.
  3. If possible, export the metadata file from your SSO server and provide it to yourZinc Customer Success Manager. Note: If you do not have the ability to provide an exported metadata  file, then you can instead provide: • Entity ID• Endpoint URI• Public certificate
  4. Set up a meeting with your Zinc Customer Success Manager to test the configurations.(2 hours)
  5. After a successful test, work with your Zinc Customer Success Manager to design a communication plan for your company’s Zinc users. (1 week)
  6. Give Zinc approval to enable the tested SSO connection settings for your users.


Zinc’s SSO Connection Information

Use this connection information to set up a service provider (a.k.a. relying party trust) in your SSO server.

Entity ID: https://www.zinc.it
Base URI: https://api.zincit.io
IdP-initiated SSO: true
SP-initiated SSO: true
Endpoint URI: https://api.zincit.io/saml/consume
Allowable Bindings: POST

Your SAML IdP must be configured to pass the authenticating user’s email address as the subject’s Name ID.


Example SAML Assertion:


FAQs:

Should we get this working in a dev environment before setting it up in production?
No. Because no software is being installed, there is no need to create a separate dev configuration. After successfully testing the connection, SSO will be disabled for your domain(s) until you are ready to move to production.

Why does our endpoint URL need to be accessible from outside our network?
Because Zinc is a cloud-based solution. Although it is technically possible to set up a SAML-based SSO connection between a cloud-based solution and an internal SSO server, it is not advisable. This type of set up will prevent users from being able to accessZinc when they are outside your offices or not connected to the VPN.

How can new users sign up for Zinc after SSO has been enabled?
New users sign up using the same  ow they would use to log in. They will authenticate with your SSO server, then they will be redirected into Zinc. Zinc will automatically create an account for them and prompt them to complete their profile information.

What exactly is the user experience after SSO is enabled?
Please refer to the Zinc SSO Rollout Guide for an explanation and screenshots. The Zinc Customer Success team can help you tailor your communication plan to meet the needs of your organization.

Terms of Use

ServiceMax terms of use are as follows: Images and content used on this site are owned or licensed by ServiceMax Inc. or its affiliates for use on this site only. Unauthorized use is prohibited.

©2015 ServiceMax. All Rights Reserved.

Note: ServiceMax makes every effort to ensure the accuracy of the information contained within this article, but assumes no responsibility or liability for any errors or inaccuracies that may appear. All references to versions, system requirements or supported features should be referenced within online help documentation for most up to date information. If you do find any errors or inaccuracies, please send your feedback to knowledge@servicemax.com.