Configuring Single Sign-On for Authentication

What is Single-Sign-On

Single Sign-On (SSO) allows users to authenticate once and gain access to different systems. Use the SSO tab to configure SSO for user authentication. To set up SSO for a device, you need to configure two key components: identity providers and SAML certificates.

SAML is an open standard that enables SSO, allowing users to log in once and gain access to the ZPE Cloud application, remotely access Nodegrid devices, and manage device applications without needing to re-authenticate.

To configure SAML SSO, you need to set up identity providers such as Okta or Azure AD. For detailed instructions, refer to the sections Configure SSO with OKTA and Configure SSO with Azure AD.

To log in to devices via SSO, both Nodegrid devices and managed devices must first be enrolled in ZPE Cloud. Once enrolled, SSO allows you to access both the Web UI and console sessions of these devices without needing to re-authenticate. When starting a Web UI session, the authentication page is bypassed, and the Nodegrid Manager session begins immediately. For CLI sessions, the Web UI page briefly appears before the console application opens, allowing you to configure the device without additional authentication. Similarly, when accessing the Web UI of a managed device, the authentication page is skipped, and the device's interface opens directly.