Help Center

Top article results

    Single Sign-On (SSO) FAQs

    Single Sign-On (SSO) FAQs

    Photo of Brienne Wong

    Brienne Wong

    Why do I see a welcome message?

    If you try to access ABC.zeroheight.com/sso (the editor area) as a viewer in most cases, you will be automatically directed to the view-only mode of the styleguide. However, if your team has multiple styleguides, we won’t know which one to show you. In that case, we will show the message below.

    Can viewers be redirected to a particular styleguide?

    If you try to access ABC.zeroheight.com/sso (the editor area) as a viewer in most cases, you will be automatically directed to the view-only mode of the styleguide.

    If you have multiple styleguides, you can create a landing page that links to each of the guides. Please then contact us at support@zeroheight.com, and we can set up a redirect to take viewers to the landing page. You can also request a custom domain for the landing page.

    Can SSO be enforced so that editors and viewers must sign in using SSO?

    Yes, this is the default. Please email support@zeroheight.com if you would also like to support password login (e.g., for agency users).

    How do I test if SSO is working?

    There are instructions here for testing your SSO setup.

    How do I configure SSO for viewers?

    There are instructions here on how to configure SSO for viewers.

    Do I still need to invite editors by email? Do you offer just-in-time (JIT) provisioning?

    You still need to invite editors by email from the Your team page in zeroheight. This allows you to manage the seats available on your plan.

    Do I have to log in once with  SSO to see every protected page in the styleguide, or log in each time I want to see an SSO-protected page?

    If you logged in once with SSO, you should be able to view all SSO-protected pages.

    Can a company with different brands and different email domains log in using SSO?

    We currently only allow one SSO IDP (e.g., Okta or Azure) per team, so as long as you use the same provider, this will be fine.

    Do you support auto-provisioning/ de-provisioning?

    Unfortunately, our SSO setup does not currently support SAML account auto-provisioning / de-provisioning.

    Do you support SP-Initiated SSO (HTTP Post recommended)?

    We support SP-Initiated SSO only – Which means we initiate the Sign-in and request auth from the IDP.

    Does the SSO API set and enforce team roles, including editor, admin, viewer, etc.?

    When using SSO, your account is mapped to a zeroheight account so that you can be an editor, admin, or reviewer. If you don’t have an account mapped in zeroheight, you’ll be a viewer.