IdP initiated SSO

How to use

When you log in to your SSO Identity Provider, you can view all the applications available for single-sign-on, once you enable single-sign-on for ZPE Cloud, the application is listed in your Identity Provider application and you can click it to log in to ZPE Cloud.

Configuration

Existing SSO entry

If your SSO entry consists of the following format:

https://api.zpecloud.com/v2/security/saml/2-0/<uuid>

No further actions are required, and you can use this feature.

Migrating old SSO versions

If your ACS URL consists of the following format:

https://api.zpecloud.com/saml/2-0/<your sso name>

You need to create a new SSO entry using the following steps:

1. Go to Settings :: SSO :: IDENTITY PROVIDERS.

2. Click ADD.

3. Add the following information manually based on the configurations in your Identity Provider, or load the Metadata XML file if it's available:

   • Name: Provide a name for the method

   • Description: Add a required description

   • Status: You can either select Active or Inactive.

   • Entity ID: Unique name for the Identity Provider

   • SSO URL: The endpoint URL received from the Identity Provider

   • Issuer: The issuer URI for the Identity Provider

   • Enable Single Logout: Once enabled allows the user to sign out from all the applications

4. Save and activate the SSO.

A new SSO entry is created in the following format:

https://api.zpecloud.com/v2/security/saml/2-0/<uuid>

It is necessary to configure this URL in your Identity Provider to log in to ZPE Cloud.