Zesty.io recently released a new login capability for single sign-on, enabling users to quickly sign into their new or existing Zesty account through their Google email account. This guide gives you a quick overview of SSO, plus common questions we receive about the new capability.
IdP: An identity provider (IdP) is a service that stores and verifies user identity. IdPs are typically cloud-hosted services and often work with single sign-on (SSO) providers to authenticate users. Some well-known identity providers are Okta, Google, Github, Microsoft, Meta, and Twitter.
SSO: Single sign-on (SSO) is an important cloud security technology that reduces all user application logins to one login for greater security and convenience.
MFA: Multi-factor authentication checks multiple aspects of a person's identity before allowing them access to an application or database, instead of just checking one. It is much more secure than single-factor authentication.
Frequently asked questions
What single sign-on (SSO) options does Zesty provide?
Zesty offers SSO through the following IdP: Microsoft (Azure), Google, Github (coming soon), and Okta (coming soon).
What is the difference between SSO and MFA?
SSO is used to have a single location with which to manage your login. MFA is used to add a second layer of security to accessing your account. Often they are used together but are not required to be.
Can I use SSO with an existing Zesty account?
Yes, as long as the email registered with the SSO provider matches your existing Zesty account email. However, once you log in through SSO, you must always log in through that SSO provider. Basic authentication becomes disabled.
Can I disable SSO and switch back to Zesty authentication?
Contact firstname.lastname@example.org to disconnect your account from an SSO provider. Afterward, you will need to reset your password. If your organization requires SSO through a specific provider, Zesty will not disable that on an account connected with your organization.
How do I use SSO with a Zesty SDK?
At this time you cannot use traditional authentication methods in the SDK, but instead should use an access token.
Does using SSO affect my audit history?
No, audit history is attached to your unique Zesty ID (ZUID) and email, and will not be affected by SSO.
Can I prevent members of my organization from using SSO?
The SSO provider options are available platform wide and can not be disabled on a case-by-case basis.
If your organization uses one of the SSO providers and members of your organization have an email attached to that provider, they will be able to log in to Zesty with that email using the associated provider. If you want to prevent this, you will need to do so through the SSO provider.
For example, your organization manages emails with Google workspaces. A member of your organization has an email such as email@example.com. If they use the Google SSO button to log in to Zesty, it will convert an existing account with that email to the Google SSO provider. This will switch MFA, if previously enforced on their Zesty account, to Google MFA settings. This means your organization will now control the enforcement of MFA within the organization's Google workspace instead of Zesty.
How is multi-factor authentication handled?
When using an SSO provider, multi-factor authentication must be managed through that provider.
Will my personal email connect to my business email?
Using a personal account will not attach to your company email. It will instead create a separate Zesty account with your personal email. Personal and company emails cannot be connected.