Overview

In this section of the setup process, you will finalize the “handshake” between ZenGRC and your IdP by entering the information generated by your IdP back into ZenGRC.

Prerequisites

This process must be completed by a ZenGRC administrator, and that ZenGRC administrator must have access to the artifacts generated by your IdP administrator in the prior section.

These artifacts should include:

→ IdP metadata

→ Any required changes that your IdP requested you make on the Advanced Settings tab in ZenGRC’s SAML 2.0 setup screen

This process of entering IdP details into ZenGRC varies depending on the specific IdP your organization is using, so expand the appropriate section for your specific IdP below.

On this page

1 Part 3: Enter SSO Details

Part 3: Enter SSO Details

Entering IdP Details Back into ZenGRC

Entering IdP Metadata from Okta →

Please expand the drop-down below, Entering Metadata from Okta, for a step-by-step guide on Entering SSO Details for Okta into ZenGRC.

After securing the Okta metadata link from your Okta administrator, complete the following steps in ZenGRC:

Navigate to Settings | Authentication and click Edit Settings.
On the Settings tab, below the IdP Metadata heading, paste the link your Okta administrator provided from the Okta setup into the URL to metadata file.
Click Load IdP Metadata.

NOTE: Okta includes Idp certificate information via the metadata URL, so you do not need to separately upload Okta’s IdP certificate into ZenGRC.
If your Okta administrator noted any changes that need to be made to ZenGRC’s SAML 2.0 Advanced Settings, click the Advanced Settings tab and make the required changes.
Click Next to complete the setup and return to the main Authentication settings screen.

Entering IdP Metadata from Onelogin →

Please expand the drop-down below, Entering Metadata from Onelogin, for a step-by-step guide on Entering SSO Details for Onelogin into ZenGRC.

After securing the Onelogin metadata file from your Onelogin administrator, complete the following steps in ZenGRC:

Navigate to Settings | Authentication and click Edit Settings.
Scroll down to the IdP Metadata heading and click click to browse to browse to the metadata file provided by your IdP admin.
Click Load IdP Metadata (Note: The Onelogin metadata file includes the IdP certificate, so it does not need to be added separately)
If your IdP administrator recommended any change to ZeGRC’s advanced SAML 2.0 setting, click Advanced Settings and apply those changes.
Click Next to complete the setup and return to the main Authentication settings screen.

Entering IdP Metadata from Azure AD →

Please expand the drop-down below, Entering Metadata from Azure, for a step-by-step guide on Entering SSO Details for Azure into ZenGRC.

After securing the Azure AD metadata file from your Azure AD administrator, complete the following steps in ZenGRC:

Navigate to Settings | Authentication and click Edit Settings.
Scroll down to the IdP Metadata heading and click click to browse to browse to the metadata file provided by your IdP admin.
Click Load IdP Metadata (Note: The Azure AD metadata file includes the IdP certificate, so it does not need to be added separately)
Click Advanced Settings and modify the ID Name Format setting to Email Address
If your IdP administrator recommended any other changes to the Advanced Setting tab, apply them now.
Click Next to complete the setup and return to the main Authentication settings screen.

Entering IdP Metadata from ADFS →

Please expand the drop-down below, Entering Metadata from ADFS, for a step-by-step guide on Entering SSO Details for ADFS into ZenGRC.

After securing the ADFS metadata URL from your Active Directory administrator, complete the following steps in ZenGRC:

Log into ZenGRC as an administrator
Navigate to Settings | Authentication and click Edit Settings.
Scroll down to the IdP Metadata heading and
In the Advanced Setting tab, set Want Name ID to true. If your IdP administrator recommended any other changes to the Advanced Setting tab based on the screenshot of those setting that you provided to your ADFS administrator in part 1 of these instrutions, apply those changes now.
Click Next to complete the setup and return to the main Authentication settings screen.

Entering IdP Metadata Unlisted IdPs →

Please expand the drop-down below, Can’t find your IdP?, for a step-by-step guide on Entering SSO Details into ZenGRC

If you do not see instructions for your specific IdP, this section provides general information that you and your IdP administrator can use to enter IdP details into ZenGRC. The following are examples that ZenGRC might need from your organization’s IdP, along with the different names the fields may be called in your IdP:

Sample Setting Value	Common Names that IdPs use to refer to the Setting	Notes

Sample Setting Value	Common Names that IdPs use to refer to the Setting	Notes
https://app.onelogin.com/saml/metadata/470451	IdP Metadata URL
https://oneloginreciprocity.onelogin.com/trust/saml2/http-post/sso/470451	Single Sign On Service URL SAML 2.0 Endpoint (HTTP) Sign-on URL SSO URL IdP Login URL
https://oneloginreciprocity.onelogin.com/trust/saml2/http-redirect/slo/470451	Single Logout Service URL SLO Endpoint (HTTP)
X.509 Public Certificate	Public Certificate IdP Certificate	Be sure to include the entire certificate, including `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE------.` For some IdPs (e.g. Okta), the IdP certificate is provided via the IdP metadata URL and so does not need to be uploaded separately into ZenGRC

Be sure to also review ZenGRC’s SAML 2.0 Advanced Settings tab with your IDP administrator.

Back to top

Go to Step 4: Enable SSO →

ZenGRC Wiki

SSO Setup Part 3: Enter SSO Details