Single Sign-On for Zingtree Decision Trees

security-blog

We’ve had several requests to incorporate Single Sign-on (SSO) into Zingtree, as a means of restricting access to trees.  Many customers have sensitive corporate processes or procedures encapsulated in their trees, and ensuring these trees are accessible only to certain employees can be invaluable.

Single Sign-on is a service provided by many vendors, including Okta, Microsoft (Active Directory / Azure), Google (G-Suite), Salesforce and more.  These services are known as Identity Providers.  A single log-in through an Identity Provider gives a user secure, authenticated access to applications provided by Service Providers like Zingtree.

Once you log in through your Identity Provider, you don’t need to re-enter your login credentials. SSO is a very convenient way to secure access to your applications, while not burdening end-users with extra hurdles.

Zingtree supports any service that is SAML 2.0 compliant, which is a common standard.

Set Up Overview

Configuring SSO requires your Identity Provider and Zingtree to share information with each other:

  1. Your Identity Provider needs information about Zingtree.
  2. Zingtree needs information about your Identity Provider.

SSO just needs to be set up once for your organization. Once you have Zingtree and your Identity Provider successfully working together, you can mark any of your trees as “SSO restricted” via the Settings tool to require a login to get access.

Configuring Zingtree for SSO

To start, in the Zingtree top menu, go to Account, Single-Sign-on. You’ll see the parameters (specific to your organization) to share with your Identity Provider:

Configure your Identity Provider with these parameters.

Next, click the blue button to Enter Identity Provider Data into Zingtree. The following screen appears:

Copy the rest of these settings from your Identity Provider.

If you’re ready to test, make sure Enable access restrictions on specified trees is checked.

Click Save Identity Provider Settings when finished.

Testing Your SSO Setup

Once you’ve set up your Identity Provider and Zingtree for SSO, you can test from Zingtree as follows:

  1. In Zingtree, go to Account, Single Sign-on.
  2. Click the orange Test Setup button at the lower right of the page.

From here. you can test logging into your Identity Provider from Zingtree.  If you’re already logged in, the test will just return your email or other identifier from your Identity Provider.  If you’re not yet logged in, the Identity Provider’s login screen will appear, and then you will be returned to the Zingtree SSO test page after logging in.

Enabling SSO on Your Trees

Once SSO is working properly from your test, you can restrict access to any tree as follows:

  1. Go to My Trees, and select the tree that you want to require SSO login.
  2. Click the Settings tool.
  3. Check Require Single Sign-on (SSO) Login to Access.
  4. Click Update Settings.

Release Notes

SSO has been tested with a variety of Identity Providers.  If you’re having trouble configuring with a specific service, please let us know!

2 Comments

3 Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *