Configuring Single Sign-on with Other Identity Providers

This article is for organizations that need to set up SSO with an Identity Provider (IDP) other than Azure, Okta, Google, or Onelogin. Zilla supports SAML Single Sign-On with any IDP, as long as we can obtain key pieces of information from that IDP, and ensure that certain values are passed in the SAML assertion. Once this integration is complete, all users of Zilla will be able to sign in from your IDP.

 

Prerequisites

  • You must have an admin account with Zilla Security

  • Zilla SSO should not have been configured or SSO configuration must be deleted using admin settings

  • You must be logged into your IDP admin account

Step 1: Zilla SAML Provider Setup

Log in as a Zilla admin. After clicking the account settings (gear) icon on the top right of the page, select the “Configure” button for “Single Sign-On Provider”.
Select “SAML”, then “Configure”.

A setup window will appear

Copy the “Zilla ACS URL” and “Zilla Entity ID” to your clipboard.

Step 2: IDP App Setup

  1. In the app connector you have created in your IDP, paste the “Zilla ACS URL” and “Zilla Entity ID” (sometimes called the SP Entity ID) into their respective fields.

  2. If your IDP requires an “Audience”, use the Zilla Entity ID value.

  3. For the “ACS URL Validator” field, use the following value: ^https:\/\/app\.zillasecurity\.com\/$ and save your configuration.

It is important to use the exact value above for security reasons. Using “ .* “ as an ACS Validator is not suited for production use in any application.

4. Next, look for the following values in the IDP app connector and paste them into the corresponding field in Zilla;

  • “SSO URL”, sometimes called the “SAML endpoint”, or “Sign-in URL”

  • “Entity ID”, sometimes called “Issuer”

5. In your app Connector, we will need to add 3 custom attributes, as Zilla expects these exact values in a SAML assertion. The attributes are:

  • email

  • firstName

  • lastName

6. In your IDP, find the “x.509” certificate that you wish to use for this integration. Copy its contents to your clipboard and paste it into the Zilla “IDP X.509 Certificate” field.

Important: When pasting this certificate into the Zilla “IDP X.509 Certificate” field, you will need to remove “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----” from the pasted value.

Select “Validate” in the Zilla SSO Configuration window. The test should be successful if the admin testing the configuration has been assigned to the Zilla connector in your IDP correctly.

Once you have imported users from your directory into Zilla, both Admins and Reviewers should now be able to use Single Sign-On to access Zilla.