Setting up ZEN Master Azure SSO
This section includes instructions on how to register ZEN Master as an SSO app on Azure and configure the connection between ZEN Master and Azure. To complete this process, you need to login as an Admin on both the Azure side and the ZEN Master side. It is, therefore, recommended to have both open in parallel.
Note: if you have already registered ZEN Master as an app in Azure, you can skip this.
To setup ZEN Master Azure SSO:
In Azure, go to Identity > Azure Active Directory > App Registrations.
Click New Registrations.
In the Name field, enter a name for the SSO app. This name will be displayed to the users when they use Azure as an SSO portal. For example, "ZEN Master SSO".
Under Supported account types, specify who can access the ZEN Master SSO app. In this case, it is recommended to select the Account in this organizational directory option.
In ZEN Master, go to Account Management > Single Sign-On.
Click +Add.
In the Name field, enter a name for this SSO connection. This is the name that will be displayed on the Azure button in the ZEN Master Sign In portal.
At the bottom of the screen, copy the Callback URL.
Back in Azure, paste the copied Callback URL into the Redirect URI field.
Click Register.
The following screen is displayed with the connection strings.
Copy the Application (client) ID from Azure and paste it to the Client ID field in ZEN Master.
In Azure click Endpoints at the top.
In Azure, go to Certificates & secrets.
Under Client Secrets, click New Client Secret.
In the Description field, enter any name for the client secret. For example, "ZEN Master".
Under Expires, select the desired expiration time.
Click Add.
Copy the secret by clicking the Copy button.
In ZEN Master, paste the copied secret into the Client Secret field.
If you plan to manually register Azure AD users to ZEN Master (see Pre-registering Users in ZEN Master for Azure) before granting access, select the Allow pre-registered users only checkbox. The registration is simple and only involves entering the user's email.
If you want group information about a user to be sent to ZEN Master when the user logs in, select the Request groups in single sign-on checkbox. See Setting up Groups and Roles.
If you want to sync group information about a user to be sent to ZEN Master when the user logs in, select the Sync single sign-on groups checkbox. See Setting up Groups and Roles.
If you want to sync single sign-on roles r when the user logs in, select the Sync single sign-on roles checkbox. See Setting up Groups and Roles.
In ZEN Master, click Save.
The newly created Azure SSO is added to the list of SSO profiles. The users defined in the Azure AD will be able to connect to ZEN Master by selecting the newly created SSO option under Sign In With. During the first connection you will be required to provide permission to connect through Azure to ZEN Master. As an administrator, you can select Consent on behalf of your organization option, which will not require additional consent by the other users.
However, if you have selected the Allow pre-registered users only option you will need to manually pre-register the users by following the instructions in Pre-registering Users in ZEN Master for Azure.
