Frequently Asked Questions

Common SSO Inquiries

1. Why use SSO?

Single sign-on (SSO) allows users to access multiple applications with one password, reducing Password Fatigue and enhancing accessibility to authorized resources. It improves customer experience by eliminating repetitive logins and strengthens security with stronger passwords and multi-factor authentication. SSO also supports data privacy and compliance with regulations like GDPR and CCPA.

1. What are the advantages of SSO?

Single sign-on (SSO) enhances security with strong authentication methods like 2FA, improves usability by eliminating multiple credentials, and reduces IT help desk costs. It simplifies login and account management, boosting user experience and productivity, while ensuring compliance with global and local regulations.

1. What are the different ways that I can implement SSO?

Single sign-on (SSO) allows users to access multiple services with one login. Implementation methods include OAuth for secure third-party access, SAML for using one set of credentials across applications, OIDC for authentication via providers like email or social networks, and Kerberos for secure authentication.

1. Do I configure SSO for each user?

No, you don’t need to configure a single sign-on (SSO) for each user in ZTrust. Instead, you can create a SAML profile in your Google Workspace or Cloud Identity account, and then assign it to groups or organizational units.

1. If my institution switches to SSO, will we need to update our links?

Yes, transitioning to Single Sign-On (SSO) requires updating links across systems to synchronize with the new authentication process, ensuring seamless user access. Proactive link updates facilitate a smooth transition, minimizing disruptions and enhancing user experience across platforms.

1. Can Admin see my login information?

Yes, the administrator can view your login username, but they do not have access to your password.

Common Queries about ZTrust

1. How can I get familiar with ZTrust?

To become acquainted with ZTrust, you can review the following documentation in sequential order -

1. Introduction to ZTrust

2. Release Note

3. User Manual

1. How do I set up SSO?

To get acquainted with ZTrust and to configure its various features, refer to the documentation - User Manual.

1. How do I change SSO settings?

To configure different settings and functionalities, refer to the document - User Manual.

1. Where can I view SSO errors?

Access to view errors is restricted to Admins or Super Admins, granting them comprehensive control over all settings. Administrators and Super Administrators have the authority to manage various configurations, ensuring efficient error monitoring and resolution.

1. What is SSO capability in Ztrust provided?

ZTrust provides a comprehensive Single Sign-On (SSO) solution with a robust authentication server. Its SSO capability allows users to navigate various platforms and services effortlessly, enhancing convenience and efficiency. By streamlining authentication across multiple applications, ZTrust simplifies the user experience and strengthens security, ensuring a seamless and secure environment for accessing online resources.

1. How can I reset the password after my account was locked?

No, you cannot reset your password after your account gets locked. Access to your account is essential for password reset procedures. Therefore, regaining access to your account is a prerequisite for password modification.

1. What do I do if I forget my password?

On the ZTrust login screen, you can click Forgot Password?, which will prompt you to enter the email address or username linked to your account. You will then receive an email containing instructions to reset your password. Follow these steps to create a new password.

Supported Identity Providers

1. Does ZTrust support IDP (Identity Provider) initiated logins?

An identity provider (IdP) is a service responsible for storing and confirming a user's identity, commonly utilized alongside single sign-on (SSO) providers for user authentication. ZTtrust supports IdP initiated logins, functioning as a centralized entry point for users to access their accounts across various social networks such as GitHub, Google, and LinkedIn.

1. Which identity providers (IDPs) are supported by ZTrust?

ZTrust supports Identity Providers like Google, GitHub, LinkedIn, Facebook, Instagram, BitBucket, Twitter, Paypal and many more.

1. Does ZTrust support multiple identity providers at once?

Yes, ZTrust can support multiple Identity Providers at once. It supports Identity Providers like Google, GitHub, LinkedIn, Facebook, Instagram, BitBucket, Twitter, Paypal and many more.

1. Is data shared between my identity provider and ZTrust?

Yes, Data is shared between the Identity Provider and ZTrust. This facilitates diverse system processes and functionalities, including user authentication and authorization management. Such cooperation enhances user experiences across platforms and services by ensuring efficient and secure handling of tasks.

Compatible Browsers and Devices

1. Which browsers does ZTrust work on?

ZTrust is compatible with Internet Explorer, Edge, Safari, and Chrome.

1. Will ZTrust work on the mobile?

ZTrust is mobile browser-compatible ensuring uninterrupted functionality. Its compatibility emphasizes user convenience and accessibility, enhancing mobile user experiences.

Key Features of ZTrust

1. Can I replace ZTrust branding on the sign-in page and user profile?

ZTrust's Customized Sign-in page and Mail templates feature lets clients match their SSO login page and email notifications to their website's UX design, enhancing visual consistency and branding with dynamic HTML/CSS templates.

1. Does ZTrust support the JIT (Just-in-time) provisioning of users?

Yes, ZTrust supports Just-in-Time (JIT) provisioning, automatically creating and updating user accounts upon first authentication through an external Identity Provider (IdP). When a user logs in via an IdP for the first time, ZTrust generates a corresponding account based on the IdP's attributes.

1. How does the current user management work? In how many attempts does the user get locked ? How does password management work in the current AAA (customer current state)?

User management specifics, like lockout policies and password administration, are shaped by the customer's existing AAA configuration. User lockout thresholds and password policies may differ depending on the customer's security needs and setup. This customization ensures that user management protocols align with unique security standards.

1. Does ZTrust use or support federation OAuth 2.0 or SAML 2.0 or OpenID Connect?

ZTrust offers seamless federation capabilities through support for OAuth 2.0, SAML 2.0, and OpenID Connect protocols. This ensures effortless integration with a wide range of enterprise identity providers, enhancing compatibility and facilitating smooth authentication processes across diverse organizational environments.

1. Does ZTrust support header or cookie based authentication?

ZTrust offers diverse authentication methods, catering to both header-based and cookie-based approaches. This flexibility ensures seamless integration and tailored user experiences, reflecting ZTrust's commitment to customizable solutions.

1. Is it possible to have two active sessions simultaneously?

ZTrust offers a Session Invalidation feature, which logs off all previous sessions associated with an account if a user logs in from a new device or location.

1. How does ZTrust ensure the isolation of data and settings between different customers?

ZTrust offers a MultiTenancy feature that ensures logical isolation between customers while they share the same physical infrastructure. This feature guarantees that each customer's unique data, customizations, and user management remain separate from those of other customers.

1. How does ZTrust protect my account from hackers attempting to access it through brute force methods?

ZTrust employs a mechanism to detect brute force attacks (the trial-and-error technique attackers use to discover valid credentials). Upon identifying such attempts, it sends a customized notification to the system administrator or security team.

1. Is it possible for multiple users to link the same mobile number to their accounts?

ZTrust offers a One-to-Many feature, enabling users to link a single phone number or email address to multiple user IDs. This facilitates authentication for the designated users.

1. Is ZTrust compliant with GDPR regulations?

ZTrust incorporates functionalities such as email notifications for user disablement or deactivation, OTP/Authenticator-based login, Multi-Factor Authentication (including FaceID and Fingerprint-based options), Captcha on Login/Registration, among others, ensuring its compliance with GDPR regulations.

1. What happens to my account if there is no login or activity for an extended period of time?

ZTrust provides a feature that monitors user activity, identifying irregular or inactive users. If there's no activity on your account for an extended period, it will be deactivated, and you'll receive an email instructing you on how to reactivate your account yourself. The threshold period (Duration for inactivity before deactivation) is customizable and the Administrator can tailor it according to the organization's needs.

Supported Authentication Methods

1. What is Multi-factor Authentication, and why is it important?

Multi-factor Authentication (MFA) mandates users to successfully pass through two or more authentication factors—knowledge (something the user knows), possession (something the user has), and inherence (something the user is)—prior to gaining access to a website or application.

Given the evolving landscape of cyber threats, relying solely on single-factor authentication is not enough. Therefore, MFA enhances security by introducing additional layers of protection against unauthorized access and cyber threats.

1. What are the different ways of authentication ZTrust supports?

ZTrust offers a variety of authentication options to cater to diverse user preferences and security needs.

Authentication Methods	Supported by ZTrust (Yes/No)
Username and password authentication	Yes
Social Media login	Yes
One-time passwords (OTP) Based Authentication	Yes
QR based authentication	Yes
Push notification based authentication	Yes
External authentication providers	Yes
Authenticator-based Login	Yes
Biometric-Authentication Based login	Yes
NFC based login	No

AAA Authentication

1. How does AAA authentication work?

AAA refers to Authentication, authorization, and accounting. It forms a security framework regulating access to computer resources, enforcing policies, and monitoring usage. This comprehensive framework is pivotal in network management and cybersecurity, as it verifies users, applies access rules, and logs their activities during their connection.

1. Does AAA Authentication use RADIUS? Does it use its own directory service or LDAP?

Authentication mechanisms within the AAA framework exhibit diversity, utilizing protocols such as RADIUS and often incorporating proprietary directory services like LDAP for user administration.

1. Does AAA Authentication mechanism allow external authentication? Does it allow the IAM to integrate a dedicated authentication system?

This mechanism commonly facilitates external authentication and is capable of interfacing with specialized authentication systems via Identity and Access Management (IAM) solutions.

Common Questions about CRM Integration

1. What are the factors a customer CRM supports?

A CRM should integrate with third-party software for essential business tools, tracking employee performance and streamlining marketing via social media monitoring. Real-time data access and comprehensive reporting aid decision-making, with internal security like role-based access ensuring data integrity and protection.

1. Does CRM provide multi factor authentication? What are the factors that it supports?

A CRM system may support multi-factor authentication, including one-time passwords (OTP) and biometric verification like fingerprints or iris scans, enhancing security and ensuring accurate user authentication.

Configuring SAML Service Provider: Essential Information for Administrators

1. What input fields should be provided for configuring the SAML Service Provider's Single Sign-On (SSO) endpoint?

The required input fields for configuring the SAML Service Provider's Single Sign-On (SSO) endpoint are listed below:

• Service Provider Entity ID: This refers to the identifier that uniquely distinguishes the SAML Service Provider.

• Identity Provider Entity ID: This refers to the entity ID utilized for validating the issuer of received SAML assertions. If it's left empty, no validation of the issuer is conducted.

• Sign Service Provider Metadata: This setting controls whether the SAML metadata of the provider is signed or not.

• Single Logout Service URL: This is the URL to which the SP will redirect the user after logging out, typically used for single logout (SLO) functionality.

• NameID Policy Format: This indicates the URI reference that corresponds to a specific format for name identifiers.

1. What input fields are necessary for configuring the SAML Service Provider's Single Logout (SLO) endpoint?

The necessary input fields for setting up the SAML Service Provider's Single Logout (SLO) endpoint are listed below:

• Single Logout Service URL: This URL is utilized for sending logout requests.

1. How does one specify the Issuer ID while configuring the SAML Service Provider?

During the configuration of the SAML Service Provider, you can define the Issuer ID within the Identity Provider Entity ID field.

• Identity Provider Entity ID: This refers to the entity ID utilized for validating the issuer of received SAML assertions. If it's left empty, no validation of the issuer is conducted.

1. How does the SAML Service Provider allow for importing the Identity Provider's (IdP) certificate?

To import the Identity Provider’s (IdP) certificate, follow these steps:

1. Navigate to the Identity Providers Section:

   In the ZTrust Admin Console, go to the Identity Providers tab.

2. Add an Identity Provider:

   Click on Add Provider and select SAML v2.0 from the dropdown menu.

3. Upload the IdP Metadata:

   You can import the IdP’s metadata XML file, which includes the IdP’s certificate, by using the Import from URL option if you have the URL to the IdP's metadata.

Alternatively, you can manually upload the metadata file.

1. What options are available for selecting attributes to map with the Identity Provider (IdP) when configuring the SAML Service Provider?

When configuring the SAML Service Provider in ZTrust, you can map attributes by following these steps:

1. Attribute Mapping:

   In the Identity Providers configuration, navigate to the Mappers tab.

   Click on Create to add a new mapper.

2. Select Mapper Type:

   Choose the type of mapper, such as Attribute Importer, to map attributes from the IdP to ZTrust user attributes.

3. Configure Attribute Mapping:

   Define the attributes you want to map by specifying the name of the SAML attribute (as sent by the IdP) and the corresponding user attribute in ZTrust.

These steps allow you to map attributes with the Identity Provider (IdP).

1. How does the SAML Service Provider facilitate the export of metadata XML from customer AAA for importing into the Identity Provider (IDP)?

ZTrust offers a straightforward method to export its metadata XML, which can then be used to configure the IdP:

1. Navigate to Realm Settings:

   In the ZTrust Admin Console, go to the Realm Settings tab.

2. SAML 2.0 Identity Provider Metadata:

   Click on the SAML 2.0 Identity Provider Metadata link to generate the metadata XML for the realm.

3. Download or Copy the Metadata XML:

   You can either download the metadata file or copy the XML content. This metadata includes essential information such as the Entity ID, Assertion Consumer Service (ACS) URL, Single Logout Service URL, and the SP’s certificate.

4. Provide the Metadata to the IdP:

   Import this metadata into your Identity Provider’s configuration to establish the SAML federation.

By following these steps, you can effectively configure the SAML Service Provider in ZTrust, ensuring proper communication and attribute mapping with the Identity Provider.

Further Assistance for ZTrust

1. How can I get additional help from ZTrust Support?

For additional assistance and support from the ZTrust team, we welcome you to reach out to us via the following channels: contact@ztrust.in .