Zettagrid is developing SSO for Zettagrid MyAccount, vCloud, Simtex VoIP portal and other services. We are selecting customers to be the first users of this functionality. All the functionality works but we would like some feedback to confirm user-friendliness for customers.
Zettagrid staff can set users to be SSO users to trial this functionality. Username and password are synchronised so these credentials are unchanged. If the user has 2FA they will be prompted to set up 2FA again for SSO.
If you want to switch back to internal MyAccount Authentication, contact Zettagrid and we can switch you back.
SSO Summary
SSO login uses keycloak at https://zettagrid.me to authentication users for Zettagrid MyAccount.
During the transition period the internal MyAccount password and the SSO password are kept synchronised to continue to support other services.
Two Factor Authentication OTP setup is not synchronised between internal and SSO.
SSO usage information
Users should notice little change except they will be redirected to authenticate at https://zettagrid.me instead of within Myaccount.
Main Login page
Login to MyAccount is now in two steps. First user is prompted to enter username then status is checked and user is either (a) prompted for password or (b) redirected to SSO server depending on their status.
SSO User
Users are first prompted for username:
The system confirms they are using SSO login then redirects them to the SSO server to authenticate.
Returning SSO User
When a user logs in with SSO a cookie is set to recognise them as an SSO user. MyAccount shows login page simplified with just an “Authenticate” button. Clicking the “Authenticate” button takes the user to https://zettagrid.me to authenticate - with the same dismissable redirect warning.
The keycloak login process is the same as described above - prompted for password then 2FA OTP if configured.
If the user selects the “remember me” option when authenticating then their username is remembered and pre-filled.
SSO and Two Factor Authentication
If a user has 2FA configured on the first login to SSO or when 2FA is enable on the user, they will be prompted to set up 2FA in the SSO interface. Note this will be a separate 2FA setup from the one used by internal authentication.
Once 2FA is configured, the user will be prompted for their 2FA code after entering password as shown below
Reauthenticate
When accessing sensitive data, users can be asked to re-authenticate. For SSO users the re-authentication is performed on the SSO server in the same way as logging in.
When an SSO user clicks the “Reauthenticate” button in MyAccount they are redirected to https://zettagrid.me/ to reauthenticate.
Security Options
The Security tab is available from the “Profile” menu. Users can change password and enable or disable 2FA.
Forgot Password
The forgot password link in Zettagrid SSO directs users to the MyAccount forgot password function and users to reset their password. Passwords are synchronised between internal and SSO authentication.