Okta Integration to Support Single Sign-On (SSO)

Introduction to Single Sign-On

Single Sign-On (SSO), is a service that allows users to access multiple applications within your organization by using a single username and password.

This eliminates the need for users to remember multiple login credentials for multiple applications. The SSO service authenticates the user and allows the user to access all the applications the user has rights to and eliminates prompts when the user switches applications during a session.

Support for SSO in Zenoti

Zenoti supports integration with Okta (a third-party Identity Management provider) to provide SSO. 

You can integrate Zenoti with Okta using the Security Assertion Markup Language (SAML) integration method.

After you integrate Zenoti with Okta, Okta establishes a secure connection with a user's browser and then provides authentication that allows your users to use only one set of credentials to access various applications including Zenoti.

How Does the Okta Integration with Zenoti Work?

If you integrate Zenoti with Okta, your users can log in to Okta using their credentials and access Zenoti (you must create an Okta app for Zenoti. Learn how). After integration, when the user accesses the Okta app for Zenoti, the user bypasses the login and machine authentication screen of Zenoti and is directly logged in.

Here is how it works:

  1. A user accesses Zenoti from a web portal or a browser plug-in.

  2. Zenoti identifies the user's origin (by application subdomain) and redirects the user back to Okta, asking for authentication.

  3. Okta builds the authentication response in the form of an XML-document containing the user’s email address, signs it using an X.509 certificate, and posts this information back to Zenoti.
    Note: The user either has an existing active browser session with Okta or establishes one by logging into Okta.

  4. Zenoti, which already has Okta integrated, has a certificate fingerprint, retrieves the authentication response, and validates it using the certificate fingerprint.
    The identity of the user is established and the user can now access Zenoti.

Workflow.png

See Also:

 

 

Have more questions? Submit a request

Comments