Configuring ZUS in the Cloud to Use SSO
The steps below outline the process for configuring ZUS in the Cloud to use SSO for authenticating into applications to retrieve the accounts and permissions data to be sent to Zilla.
Setup a new Secret in AWS Secrets Manager
1. Log into the AWS Account where you have deployed ZUS in the Cloud. Navigate to Secrets Manager and select Store a New Secret. Select Other type of secret. In the Key/value pairs section, create 3 keys for the following:
username
password
url
2. Enter in the key's values. These values will be your SSO account’s username, password, and url. As an example of a url value for OneLogin, see the following: https://[your_company_domain].onelogin.com/
3. Click Next
on the bottom of the page.
4. The Secret name needs to conform to the following format: Zilla_SSO_[sso_provider] where the [sso_provider] needs to be replaced with one of the following (case sensitive):
okta
google
onelogin
The complete Secret name would appear as:
Zilla_SSO_okta
Zilla_SSO_google
Zilla_SSO_onelogin
Zilla_SSO_microsoft
5. Click Next
on the bottom of the page and the following page.
6. Review your Secret on the final page. After confirming, click Store
.
Setup your ZUS in the Cloud apps in Zilla to use SSO
1. Now that your Secret has been successfully created in AWS Secrets Manager, the next steps are to configure your ZUS in the Cloud apps in Zilla to use this for authenticating. For each app in Zilla, open the Integration Configuration window by clicking on the gear icon in the top right. The two fields boxed in red below must be populated.
SSO Login via Okta/Google/OneLogin/Microsoft: indicate which SSO Provider you will be using. The values for the currently supported SSO providers are:
Okta
Google
OneLogin
Microsoft
Name of the app card: indicate the configured SSO application. This value can be retrieved by logging into your SSO Provider and locating the app that is being configured for ZUS in the Cloud with SSO in Zilla. For example, the image below shows the app card for mongoDB when logging into OneLogin. The value boxed in red is the value to enter into this field in Zilla.
Login URL of the app: Indicates the Login page URL of the application we want to sync. This value can be taken from browser address bar after going to login page of the application.
Selector (CSS/XPath) for the login button: Indicated the selector for the SSO button for Google on the login page of the application. This is optional field. ZUS in the cloud tries to identify the google login button but if it is not able to identify then we should provide the selector for the button.
2. Click Sync Now
. This will begin a ZUS in the Cloud sync which will use the SSO configuration that was set up in the previous steps.