Single Sign-On Configuration Overview
To make Zinc access seamless and secure for all of your users, single sign-on (SSO) integration, including partnerships with preferred providers, is supported. The Zinc SSO server connects your existing SAML-based SSO server to automatically log in and provision your users based on your authentication mechanisms. To implement SSO, you must work closely with Zinc Customer Success to configure your SSO server and the Zinc SSO server. When Zinc SSO is fully configured, users from your domains are redirected from the login page to your SSO server, where they enter their corporate username and password. After successful login, they can access Zinc mobile, desktop or web applications.
Zinc supports two primary user login options: email sign-in and Salesforce sign-in. Both sign-in modes support single sign-on (SSO), and Organizations must be configured for one of these sign-in modes. When you plan your Zinc implementation, be sure to evaluate and decide which sign-in mode best fits your needs.
Email sign-in is recommended for organizations where users do not have Salesforce accounts. Users enter their email addresses and receive sign-in codes via email, which they then enter to access Zinc. When SSO is configured to support Zinc email sign-in, users are prompted to sign in via their SSO provider instead of entering a code.
Salesforce sign-in is recommended for organizations where all intended Zinc users also have Salesforce accounts, even more so for enterprises that use other ServiceMax products. Users sign in with their Salesforce account credentials on the Zinc login screen, without any need to enter emailed sign-in codes. If SSO is configured for Salesforce, users follow the same process as they do when signing into the Salesforce app.
|
Zinc instances can be configured only to use either email sign-in or Salesforce sign-in. Configuration for concurrent dual-mode sign-in is not supported, nor is it possible to allow users to choose their preferred sign-in mode.
|
Salesforce sign-in has many benefits.
• Zinc accounts are automatically connected to the correct Salesforce account, with no need for users to manually connect their own accounts.
• Features that require users to have connected Salesforce and Zinc accounts work better, for example, Broadcasts and Zinc Conversations in ServiceMax Go, Hotline transcript upload, and automatic support case creation.
• If your company already uses SSO for other software applications, there is no need to configure it separately for Zinc. If SSO is already configured for Salesforce, users must use their existing Salesforce SSO credentials to sign into Zinc with their Salesforce accounts. This simplifies Zinc deployment.
To use Salesforce sign-in, your Zinc Organization must be connected to your Salesforce organization. Users can then sign into Zinc with the same credentials they use for the connected Salesforce organization. After users sign in with Salesforce, their Salesforce accounts are linked to their Zinc accounts, and cannot be disconnected.
Zinc can be configured to automatically add new users who sign into the app for the first time, and Salesforce sign-in can be configured to automatically add anyone in the connected Salesforce organization. If auto-add is enabled, any Salesforce user in your instance can sign into Zinc. This is convenient in cases where, for example, all service team members have Salesforce accounts and want to allow everyone in your service organization to use Zinc. In this scenario, there is no need for you to provision and manage Zinc users separately from Salesforce users. You can disable auto-add if you want to grant Zinc sign-in access only to users who you explicitly add to Zinc, whether or not they have valid Salesforce accounts.
If your Zinc instance was previously configured for email sign-in, you can transition to Salesforce sign-in at any time. After you make this transition, all new and existing users must subsequently sign into Zinc with their Salesforce credentials, even if they previously used their email addresses to do so. When existing Zinc users sign in with their Salesforce credentials for the first time, the system locates and attempts to match their existing Zinc and Salesforce accounts based on their email addresses. If no email address matches are found, then a new Zinc account is created, or user sign-ins are rejected, depending on your configured auto-add settings.
|
Zinc users who sign in via email or direct SSO can manually connect their Salesforce accounts. Salesforce account connections do not affect Salesforce sign-in. Email sign-in users who connect a Salesforce account cannot use the same Salesforce account to sign into Zinc.
|
To enable Salesforce sign-in, contact ServiceMax Support.
For more information: