👀 Announcing Zefi 2.0 👀
Collect & Centralize User Feedback
Extract Insights
Close the feedback loop
For Customer Experience teams:
Reduce churn
Customer health-score
Improve Support quality
Collect NPS, CSAT, and more
For talents:
Careers
Company
Careers
.svg){kind=icon}
Single sign-on with Okta
Learn how to setup single sign-on with Okta.
Zefi supports Single Sign-On (SSO), allowing you to manage your team’s access through your identity provider (IdP). This means your team can access Zefi without needing separate passwords. When SSO is configured, users (team members) are automatically redirected to your IdP for authentication when they sign in to Zefi.
Your IdP verifies if they have a valid access to your Zefi accounts or organization, and generates a SAML assertion used by Zefi to verify their identity. When your account requires SSO, you must update team permissions through your Identity Provider (IdP) for security.
1. Create a Zefi app in Okta
- Log in Okta and make sure to have admin permissions
- Access the Okta admin portal.
- In the left navigation pane, go to Dashboard -> Applications.
- Click Create App Integration -> SAML 2.0 -> Next.
- Enter an App name (for example
Zefi SSO), then click Next. - Configure your SAML settings in Okta:
- For Single sign-on URL, add the value that you can find as
Single sign-on URL (ACS URL)in the Zefi platform - For Audience URI, add the value that you can find as
Audience URI (SP Entity ID)in the Zefi platform. - For Name ID format, select
EmailAddress. - For Application username, select
Email.
- For Single sign-on URL, add the value that you can find as
- Click Next, then select This is an internal app that we created for App type.
- Click Finish
2. Zefi app configuration
- Open and log in to the Okta admin portal.
- Select your newly created Zefi app.
- Click the Sign On tab -> navigate to the Attribute statements Section -> Configure the Profile attribute statement -> Click Show legacy configuration
- firstName -> Basic -> user.firstName
- lastName -> Basic -> user.lastName
- email -> Basic -> email
- Click the Assignments tab -> Assign the people and/or groups that can access the Zefi Platform
3. Configure Zefi
Retrieve the following values from Okta
- Open the Okta admin portal.
- Select your newly created Zefi app.
- Click the Sign On tab and from the SAML 2.0 section copy the Metadata URL
Configure your Zefi account to connect with Okta
- In the Zefi Platform, go to Settings -> Security
- Copy the Metadata URL -> Click on Validate
- Click on Save SAML Configuration
- Test that the SSO works as expected by clicking on Test SSO
- Share the Single sign-on URL with the rest of your team.
Supported features
Zefi supports the following SSO features:
.svg)
SSO configuration options:
Configure Zefi accounts to either mandate SSO for all users or allow sign-in using SSO or email and password.
Configure Zefi accounts to either mandate SSO for all users or allow sign-in using SSO or email and password.
Just-In-Time account creation:
Automatically create new Zefi accounts for users without existing access upon their first SSO sign-in.
Automatically create new Zefi accounts for users without existing access upon their first SSO sign-in.
Granular Dashboard roles:
Assign granular user roles through your IdP.
Assign granular user roles through your IdP.
IdP-initiated SSO:
Authenticate directly from an IdP’s website or browser extension.
Authenticate directly from an IdP’s website or browser extension.
System for Cross-domain Identity Management (SCIM):
SCIM is a protocol that an IdP can use to synchronize user identity lifecycle processes (for example, provisioning and deprovisioning access, and populating user details) with the service provider, such as Zefi.
SCIM is a protocol that an IdP can use to synchronize user identity lifecycle processes (for example, provisioning and deprovisioning access, and populating user details) with the service provider, such as Zefi.
Limitations
Zefi doesn’t support the following SSO features:
User Deletion in SAML:
When users aren’t managed through SCIM, Zefi doesn’t receive immediate notifications if user access is revoked in IdP. If users attempt to log in through SSO after their session expires, Zefi revokes their access. To remove access immediately, you can delete users from your team settings or enable SCIM user provisioning.
When users aren’t managed through SCIM, Zefi doesn’t receive immediate notifications if user access is revoked in IdP. If users attempt to log in through SSO after their session expires, Zefi revokes their access. To remove access immediately, you can delete users from your team settings or enable SCIM user provisioning.
@Zefi.ai all rights reserved