Customer Single Sign On Beta Test Information

Owned by Keith Williams
Last updated: 05 Dec 2024
4 min read

Zettagrid is developing SSO for Zettagrid MyAccount, vCloud, Simtex VoIP portal and other services. We are selecting customers to be the first users of this functionality. All the functionality works but we would like some feedback to confirm user-friendliness for customers.

Zettagrid staff can set users to be SSO users to trial this functionality. Username and password are synchronised so these credentials are unchanged. If the user has 2FA they will be prompted to set up 2FA again for SSO.

If you want to switch back to internal MyAccount Authentication, contact Zettagrid and we can switch you back.

SSO Summary

SSO login uses keycloak at https://zettagrid.me to authentication users for Zettagrid MyAccount.

During the transition period the internal MyAccount password and the SSO password are kept synchronised to continue to support other services.

Two Factor Authentication OTP setup is not synchronised between internal and SSO.

SSO usage information

Users should notice little change except they will be redirected to authenticate at https://zettagrid.me instead of within Myaccount.

Main Login page

Login to MyAccount is now in two steps. First user is prompted to enter username then status is checked and user is either (a) prompted for password or (b) redirected to SSO server depending on their status.

SSO User

Users are first prompted for username:

image-20241205-011431.png

The system confirms they are using SSO login then redirects them to the SSO server to authenticate.

image-20241205-014129.png
Redirection warning

Returning SSO User

When a user logs in with SSO a cookie is set to recognise them as an SSO user. MyAccount shows login page simplified with just an “Authenticate” button. Clicking the “Authenticate” button takes the user to https://zettagrid.me to authenticate - with the same dismissable redirect warning.

The keycloak login process is the same as described above - prompted for password then 2FA OTP if configured.

If the user selects the “remember me” option when authenticating then their username is remembered and pre-filled.

SSO and Two Factor Authentication

If a user has 2FA configured on the first login to SSO or when 2FA is enable on the user, they will be prompted to set up 2FA in the SSO interface. Note this will be a separate 2FA setup from the one used by internal authentication.

 

Once 2FA is configured, the user will be prompted for their 2FA code after entering password as shown below

Reauthenticate

When accessing sensitive data, users can be asked to re-authenticate. For SSO users the re-authentication is performed on the SSO server in the same way as logging in.

When an SSO user clicks the “Reauthenticate” button in MyAccount they are redirected to https://zettagrid.me/ to reauthenticate.

 

Security Options

The Security tab is available from the “Profile” menu. Users can change password and enable or disable 2FA.

Forgot Password

The forgot password link in Zettagrid SSO directs users to the MyAccount forgot password function and users to reset their password. Passwords are synchronised between internal and SSO authentication.