Single Sign-On Settings

ℹ️ About Cards
1

ZIRO supports Single Sign-On (SSO) using Microsoft OpenID Connect (OIDC) and Security Assertion Markup Language Version 2 (SAML 2.0).

  • By default, OIDC is enabled
  • The ability to sign in from multiple tenants is only supported with OpenID Connect (OIDC).
  • Group-based role assignment only works when:
    • The user is signing in with a UPN that the ZIRO Platform is configured to manage.
    • If managing multiple tenants, SSO provider must be Microsoft (either OIDC or SAML with Entra). This allows the ZIRO Platform to determine which tenant to perform group lookups against based on the sign-in token.

How to opt-in to SAML SSO instead of ODIC

  1. Select “SAML (Supports single tenant sign-on only)” in the “Sign In Method” section
  2. Add ZIRO as a Relying Party Trust to your Identity Provider using the Service Provider (SP) Metadata.
  3. Import your Identity Provider (IdP) Metadata to ZIRO.
  4. Click Save to apply the changes
    See our step by step guide Setting Up SSO for ZPM with Azure IdP

How to enable OIDC SSO:

  1. Select “Microsoft OpenID Connect [OIDC] (Supports multi-tenants sign-on)” in the “Sign In Method” section
  2. Click Save to apply the changes

Learn more about the difference between OIDC and SAML Single Sign-On.