×

Want to Search?

Go here

Switch Language

Nederlands English

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

SSO with Microsoft Entra ID

Introduction

Zivver supports Single Sign-On (SSO) via Microsoft Entra ID, allowing users to log in to Zivver using their workplace credentials. This manual explains how to set up SSO as a Zivver administrator.

SSO is based on Security Assertion Markup Language (SAML) v2.0. In this scenario, Microsoft Entra ID acts as the Identity Provider (IdP) and Zivver as the Service Provider (SP).

To activate SSO in Zivver, you need the following:

  1. You are a Zivver administrator.
  2. You have access to Microsoft Azure and an Entra ID subscription.

Configure SSO in Entra ID

The first step is to set up Zivver SSO in Entra ID.

  1. Log in to Microsoft Azure.
  2. Click Microsoft Entra ID.
  3. Under Manage, click Enterprise applications.
  4. Click add New application.
  5. Search for Zivver.
  6. Select the Zivver app by clicking the Zivver tile.
  7. Click .
    Wait until the Zivver app has been added. You will be automatically redirected to the control panel for the Zivver app.
  8. Under Manage, click Single sign-on.
  9. Select the SAML tile.
    A pop-up will appear asking you to save the single sign-on setting.
  10. Click .
    You should now see the Set up Single Sign-On with SAML configuration screen.
  11. Click edit Edit at Attributes & Claims.
  12. Click the Unique User Identifier (Name ID) row.
    You are redirected to the Manage claim page for this claim.
  13. At Source attribute, select user.mail.
  14. Click Save.
  15. Check if the following claim exists. If not, click add Add new claim to create it.
NameNamespaceSourceSource attribute
ZivverAccountKeyhttps://zivver.com/SAML/Attributes[i18n] attributeuser.objectid
Warning
If you are creating Zivver accounts from on-premises Active Directory with the Zivver Synctool, user.objectid will not work as the ZivverAccountKey. First, follow the instructions in Synchronize “objectGUID” with Entra Connect in hybrid AD configurations. Then refresh the page and select user.objectguid (extension_<YourTenantID>_objectGUID) from the dropdown menu as Source attribute instead of user.objectid.
  1. Click Save.
  2. Go back to SAML-based Sign-on.
    You might be prompted to test single sign-on with Zivver. If so, click .
  3. Under SAML Certificates, click Copy file_copy at App Federation Metadata Url.
    You need this URL in the Zivver admin panel in the next section.

Configure SSO in Zivver

The second step is to set up SSO in Zivver. You do this in the Zivver admin panel.

  1. Log in to the Zivver WebApp.
  2. Click Organization Settings.
  3. Expand User administration.
  4. Click Single Sign-on.
  5. Select Automatically recommended.
  6. Paste the URL copied from the previous section.
  7. Click .
  8. At the top of the page, click .
    SSO is now configured in Zivver, and you are ready for the next section.
Note
This configuration allows users to log in to Zivver only via Entra ID. Only assigned users can log into Zivver after saving. The exception is administrators, who can always choose between logging in via SSO or using a username and password.

Zivver 2FA exemption (optional)

A Zivver account is protected by default with an additional login method (2FA). 2FA is also required when logging in via SSO. It is possible to disable Zivver’s built-in 2FA when users already log in to Entra ID with 2FA. This prevents users from having to complete 2FA twice.

With these authentication methods, Zivver does not ask for 2FA when logging in:

  • urn:oasis:names:tc:SAML:2.0:ac:classes:Password
  • urn:oasis:names:tc:SAML:2.0:ac:classes:Unspecified
  • urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Warning
Zivver will never ask for a second authentication factor if you exempt this authentication context from 2FA in the SSO settings. This creates a security risk when users log in to Entra ID without 2FA while a 2FA exemption is configured in Zivver. Therefore, it is important that users are required to log in to Entra ID with 2FA if you release the above-mentioned authentication context in Zivver.

Follow these steps to set the 2FA exemption for Entra ID in Zivver:

  1. Log in to the Zivver WebApp.
  2. Click Organization Settings.
  3. Expand User administration.
  4. Click Single Sign-on.
  5. Scroll down to the Zivver 2FA exemptions card.
  6. In the Authentication methods to be exempted field, enter these values:
    • urn:oasis:names:tc:SAML:2.0:ac:classes:Password
    • urn:oasis:names:tc:SAML:2.0:ac:classes:Unspecified
    • urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
  7. Click .
    You have now successfully set a 2FA exemption for Entra ID. When users log in via SSO, Zivver will not ask for 2FA.

Assign users to the Zivver application in Entra ID

The third step is to assign users to Zivver SSO in Entra ID.

  1. Log in to Microsoft Azure.
  2. Click Microsoft Entra ID.
  3. Under Manage, click Enterprise applications.
  4. Select Zivver from the list of installed Enterprise applications.
    Tip
    If you want to assign all users in your Entra ID to the Zivver application, you can also toggle Assignment required? to No on the Properties tab under Manage. This allows every Entra ID user with an active Zivver account to log in. If you use this option, you can skip the steps below.
  5. Under Manage, click Users and groups.
  6. Click add Add user/group to add a user or group.
  7. Under Users, click the None Selected link.
  8. Search for users or groups to assign to the Zivver application and select them from the list.
    Tip
    To assign groups to the Zivver application in Entra ID, you need an Enterprise Mobility + Security E5 or Entra ID Premium P2 license.
  9. Click .
  10. Click to confirm your selection.
    The assigned users can now log in to Zivver, provided they have an active Zivver account.

Testing Single Sign-On

Log in to the WebApp with SSO

  1. Go to the Zivver WebApp.
  2. Enter your e-mail address.
  3. Depending on your role in Zivver:
    • As a user: you are immediately redirected to your organization’s login screen.
    • As an administrator: you choose between logging in with your Zivver password or your workplace credentials.
  4. Log in with your organization’s workplace credentials.
    Depending on whether a 2FA exemption applies, you may be prompted for an additional login method. If a 2FA exemption is in place, this step is skipped.
  5. Enter your additional login factor.
    You are now logged in to the Zivver WebApp.

Log in to Outlook with SSO

In the Zivver Office Plugin for Outlook, you can log in via SSO using these steps:

  1. Click the Zivver tab.
  2. Click Manage accounts.
  3. Click the link add_circle Add an account.
  4. Enter the e-mail address you want to use for login.
  5. Click .
    You will be redirected to your organization’s login screen.
  6. Log in with your organization’s workplace credentials.
    Depending on whether a 2FA exemption applies, you may be prompted for an additional login method. If a 2FA exemption is in place, this step is skipped.
  7. Enter your additional login method.
    You are now logged in to Outlook.

References

For further reference, please see:

Updated on 2025-10-08