Starting in ZPM v10.1, administrators will now have a choice between using OIDC or SAML as their authentication method of choice for their users:
-
New ZPM instances will have OIDC enabled by default
-
Current ZPM instances will stay with SAML SSO.
Why choose OIDC
-
OIDC is easy to set up. OIDC does not require additional configuration. Once users have their permissions assigned, they can authenticate with their Microsoft Account via the “Sign In With Microsoft” button on the home page.
-
OIDC supports multi-tenant authentication. Administrators can grant access to users from outside your primary organization tenant.
Please note that multi-tenant user groups are not supported. Permissions for multi-tenant users must be managed on a per-user basis.
Why choose SAML SSO
- SAML SSO can be customized. You can customize which Identity Provider to use, allowing you to configure your vendor as your IdP.
How to switch between OIDC and SAML as an SSO provider
You can choose which SSO method to use as an administrator by going to Settings > Security & Permissions > Single Sign On. When SAML SSO is enabled, SAML SSO will be prioritized. If SAML SSO is disabled, ZPM will use OIDC instead.
Additional steps are required for SAML SSO. To learn more, please refer to our Setting Up SAML SSO for ZPM with Azure IdP guide.
Configure User Permissions
- Once you’ve selected your preferred Single Sign-On authentication method, go to Settings > Security & Permissions > User & Group Permissions to associate different permissions with your users.
