SSO Configuration

Back on Zetaly's SSO settings : fill in the form

🚩 You have 2 ways of filling the mandatory information in the Zetaly form : 

• Some IdPs offer you the option "Federation Metadata URL"(the red * shows it on the picture above) : 
  • This URL is automatically generated when you create a new application in your Identity Provider. It allows you to automatically complete some of the mandatory information. Thus, you will just have to copy paste the given URL from your IdP in the Zetaly form and then click on the « Load » button to charge the Remote LogIn url & the ACS url.
  • Then you have to attach the certificate X.509 and to complete the email claim to be done with the mandatory information.
• Otherwise you will have to copy the details given by your IdP concerning Zetaly to fill in the form
  • the Remote LogIn url
  • your Certificate X.509
  • the ACS url
  • the Email claim
    • This is the unique identifier for Zetaly that is why it is the only mandatory claim information

NB : All the "claim" information relates to the generated token at the connection attempt by the user so he can be identified.

🚩All the mandatory information is now filled out !

🏁You can now complete the form with the following optional information :

• Remote URL LogOut : ⚠️ If the field is filled it means that if your users disconnect from Zetaly they will then be disconnected from every single other application linked with the IdP
• First Name & Last Name claim : To read the token generated by the connection attempt you can provide more information than just the e-mail claim
• Group claim : Same thing as above. Plus you can manage your groups mapping in the dedicated space (see below at the end of this article : "Groups mapping details")
• Let's have now a closer look at the final optional setting : the automatic provisioning. This feature automates the creation, updating and deletion of user accounts :
  • When a new user is added to the central authentication system (e.g., LDAP directory, Active Directory), automatic provisioning ensures that corresponding accounts are automatically created in the different applications linked to the SSO
  • If a user's information changes in the central system (e.g., name change, department change), automatic provisioning updates this information in all applications connected to SSO. This ensures the consistency of user data across the environment.
  • When a user is deactivated or removed from the central authentication system, automatic provisioning ensures that access to all SSO-linked applications is also revoked. This enhances security by preventing unauthorized access.

⚠️ The toggle "Enable Single Sign On" is off by default. Do not forget to activate it. 

If not, you won't be able to activate the automatic provisioning.

🏁 Clic on "Save" to validate all your SSO settings and activate it !

Groups Mapping Details

You can manage your groups mapping thanks to the "Mapping group" option. You will find the button at the top of the SSO form.

Here you can associate the name of the group of your IdP (=SSO Group) to the name of the Zetaly Group.

For instance if you want to associate the group "admin user" of your IdP to the Zetaly group "Admin Z" : the condition is

• either "start with" then the SSO name is "ad%"
• or "equal" then the SSO name is "admin user"

Then associate with the right Zetaly group and click on the "Add" button to create the relation.

You can edit or delete every group relation.