By default, the application initially deploys with Microsoft Open ID Connect (OIDC).
Users will be prompted to Sign In with their Microsoft Credentials and grant consent.
Administrators can provide consent for the entire organization, so future employees signing into ZPM won’t be prompted for consent:
Configuring User Permissions
Users must also be assigned a permission in the application. Go to Settings > Security & Permissions > User & Group Permissions to associate different permissions to your users.
Why OIDC?
-
OIDC is easy to set up. OIDC does not require additional configuration on your tenant. Once users have their permissions assigned, they can authenticate with their Microsoft Account via the “Sign In With Microsoft” button on the home page.
-
OIDC supports multi-tenant authentication. Administrators can grant access to users from outside your primary organization tenant.
Users from third-party tenants require direct role assignments.
Access via Security Group Membership is only available for users on the tenant that ZPM manages. If a user from a different tenant requires access to ZPM, they must be assigned directly as an admin or helpdesk user.
Users from third-party tenants require direct role assignments.Why choose SAML SSO
- SAML SSO can be customized. You can customize which Identity Provider to use, allowing you to configure your own vendor as your IdP.
How to enable SAML
Enable SAML by going to Settings > Security & Permissions > Single Sign On. When SAML SSO is enabled, SAML SSO will be prioritized. If SAML SSO is disabled, ZPM will use OIDC instead.
Additional steps are required for SAML SSO. To learn more, please refer to our Setting Up SAML SSO for ZPM with Azure IdP guide.
By disabling SAML, the application will revert back to using Microsoft IODC
