Single sign-on with Google Workspace

Learn how to setup single sign-on with Google Workspace.

Zefi supports Single Sign-On (SSO), allowing you to manage your team’s access through your identity provider (IdP). This means your team can access Zefi without needing separate passwords. When SSO is configured, users (team members) are automatically redirected to your IdP for authentication when they sign in to Zefi.

Your IdP verifies if they have a valid access to your Zefi accounts or organization, and generates a SAML assertion used by Zefi to verify their identity. When your account requires SSO, you must update team permissions through your Identity Provider (IdP) for security.

1. Configure Google Workspace

  1. Open and log in to the Google workspace admin portal.
  2. In the left navigation pane, go to Apps -> Web and mobile apps.
  3. Click Add app -> Add custom SAML app
  1. Enter an App name (for example Zefi SSO) and any other details you need, then click Continue.
  2. Download the Metadata file and click Continue
  1. On the Service Provider Details screen, configure the following:
    1. For ACS URL, add the value that you can find as Single sign-on URL (ACS URL) in the Zefi platform
    2. For Entity ID, add the value that you can find as Audience URI (SP Entity ID) in the Zefi platform.
    3. For Name ID Format, select Email.
    4. For Name ID, select Basic Information and Primary Email.
  2. Click Continue -> click Finish

2. Zefi app configuration

  1. Open and log in to the Google workspace admin portal.
  2. In the left navigation pane, go to Apps -> Web and mobile apps.
  3. Select your newly created Zefi app -> click on Configure SAML attribute mapping
  1. Assign the following attributes:
    1. Basic Information > First name -> firstName
    2. Basic Information > Last name -> lastName
    3. Basic Information > Primary email -> email
  1. Click Save

3. Configure Zefi

  1. Locate the previously downloaded metadata file
  2. In the Zefi Platform, go to Settings -> Security
  3. Upload the Metadata File
  1. Click on Save SAML Configuration
  2. Test that the SSO works as expected by clicking on Test SSO
  3. Share the Single sign-on URL with the rest of your team.

Supported features

Zefi supports the following SSO features:
Check circle icon blue
SSO configuration options:
Configure Zefi accounts to either mandate SSO for all users or allow sign-in using SSO or email and password.
Check circle icon blue
Just-In-Time account creation:
Automatically create new Zefi accounts for users without existing access upon their first SSO sign-in.
Check circle icon blue
Granular Dashboard roles:
Assign granular user roles through your IdP.
Check circle icon blue
IdP-initiated SSO:
Authenticate directly from an IdP’s website or browser extension.
Check circle icon blue
Service Provider-initiated SSO:
Initiate SSO login directly from Zefi’s login page.
Check circle icon blue
System for Cross-domain Identity Management (SCIM):
SCIM is a protocol that an IdP can use to synchronize user identity lifecycle processes (for example, provisioning and deprovisioning access, and populating user details) with the service provider, such as Zefi.

Limitations

Zefi doesn’t support the following SSO features:
Icon x rounded red
User Deletion in SAML:
When users aren’t managed through SCIM, Zefi doesn’t receive immediate notifications if user access is revoked in IdP. If users attempt to log in through SSO after their session expires, Zefi revokes their access. To remove access immediately, you can delete users from your team settings or enable SCIM user provisioning.
Zefi AI Logo Black Transparent
Raising Up in Spain logo black on transparent background
Zefi 1.0 - Transform user voice into value | Product Hunt
Linkedin Logo - White Icon Transparent
Slack logo black icon
Medium logo black icon
X Twitter Black Logo
@Zefi.ai all rights reserved
Privacy Policy
Cookie Policy
Terms and Conditions