Single Sign On (SSO) FAQ

SSO is now an available option in the web and mobile version through AuthO

**This feature is available to customers with the Enterprise Plus plan at an additional cost. Requires custom account configuration, contact the Support Team for more info.

 

  • How does provisioning work?

    • We typically set things up for “just in time” or JIT provisioning. When a user attempts to log into Zenventory for the first time, our system will redirect them to your login screen. When they successfully log into your system, their User will be created in Zenventory and they’ll be redirected again back to Zenventory in a logged-in state. New users will start with a preset “User Group” that you configure, and it will usually correlate to some very low level of data access (or even no data access if you prefer, just seeing a blank dashboard until an Admin takes action). It’ll be up to the Administrator users in Zenventory to set them in the appropriate Zenventory User Group after a user is created this way.

  • Can I just auto-provision all my users in advance, before they log in, using SCIM or something?

    • Maybe and we’re happy to check on that! It’s not our usual approach, so please provide us with some details on your preferred method for this and we can investigate whether we can support it. 

  • How do specific user roles / access levels get communicated from our system over to yours?

    • By default, they will not. See description above for typical provisioning = Users by default will start with a universal (low or zero) access level that you pre-define in Zenventory, and your Admins in Zenventory would go in and assign them a User Group there. 

    • If you want user roles/access levels to be set automatically during the provisioning process based on your SSO directory data, we may be able to support that - Reach out to your account manager to discuss further.

  • Can my users start the login from OUR internal application, rather than starting at the Zenventory login screen?

    • This is known as Identity Provider (“IdP”) Initiated SSO, as opposed to the Service Provider (“SP”) Initiated SSO process described above. If this is your goal, reach out to your account manager to discuss further.