Search

SSO FAQs

Brienne Wong
Brienne Wong
  • Updated

Why do I see a welcome message?

If you try to access ABC.zeroheight.com/sso (the editor area) as a viewer in most cases you will be automatically directed to the view-only mode of the styleguide. However if your team has multiple styleguides we won't know which one to show you. In that case we will show the message below.

Welcome message when viewer tries to access editor area

Can viewers be redirected to a particular styleguide?

If you try to access ABC.zeroheight.com/sso (the editor area) as a viewer in most cases you will be automatically directed to the view-only mode of the styleguide.

If you have multiple styleguides you can create a landing page that links to each of the guides. Please then contact us at support@zeroheight.com and we can set up a redirect to take viewers to the landing page. You can also request a custom domain for the landing page.

Can SSO be enforced so that editors and viewers must sign in using SSO?

Yes, this is the default. Please email support@zeroheight.com if you would also like to support password login (e.g. for agency users).

How do I test if SSO is working?

There are instructions here for testing your SSO set up.

How do I configure SSO for viewers?

There are instructions here on how to configure SSO for viewers.

Do I still need to invite editors by email? Do you offer just-in-time (JIT) provisioning?

You still need to invite editors by email from the Your team page in zeroheight. This allows you to manage the seats available on your plan.

Do I have to log in once with  SSO to see every protected page in the styleguide, or log in each time I want to see an SSO-protected page?

If you logged in once with SSO, you should be able to view all SSO-protected pages.

Can a company with different brands and different email domains log in using SSO?

We currently only allow one SSO IDP (e.g., Okta or Azure) per team, so as long as you use the same provider, this will be fine.

Do you support auto-provisioning/ de-provisioning?

Unfortunately, our SSO setup does not currently support SAML account auto-provisioning / de-provisioning.

Do you support SP-Initiated SSO (HTTP Post recommended)?

We support SP-Initiated SSO only - Which means we initiate the Sign in and request auth from the IDP.

Does the SSO API set and enforce team roles, including editor, admin, viewer, etc.?

When using SSO, your account is mapped to a ZH account so that you can be an editor, admin, or reviewer. If you don’t have an account mapped in ZH, you’ll be a viewer.

Was this article helpful?