Skip to main content

SAML

  1. Login to your Microsoft Azure portal and search for “Entra ID” in the search bar and click “Microsoft Entra ID” from the search results. Enter Entra ID
  2. Click on “Enterprise applications” from the left side menu. Select Enterprise Applications
  3. Click “New Application” and select “Create your own application” New Application Create Your Own
  4. Enter the name of your application and click “Create” Name Your App
  5. In the new app, click on “Single sign-on” from the left side menu and select “SAML” Setup Single Sign-on Select SAML
  6. Click on “Edit” and enter the following values:
    • Identifier (Entity ID): https://zenzap.co
    • Reply URL (Assertion Consumer Service URL): https://prod-api.zenzap.co/sso/saml/callback\ Basic SAML Configuration
  7. Click “Save”
  8. Click on “User Attributes & Claims” from the left side menu and click “Add new claim”
    • displayName - recommended to be the user first name + last name
    • email - recommended to be the user email
    • id - user.objectid User Attributes & Claims Configuration
  9. Download the certificate (base64) and save it. Download Certificate
  10. Configure SAML in Zenzap:
  • Go to your Zenzap account and navigate to Admin → Organization
  • Under “Single sign on (SSO)”, select SAML
  • Enter the following values from your Azure AD SAML configuration page:
    • SAML SSO URL: Format https://login.microsoftonline.com/xxxxxx/saml2
    • Identity Provider Issuer: Format https://sts.windows.net/xxxx
  • Upload the certificate you downloaded in step 9
  • Enter Service Provider Entity ID as https://zenzap.co
  • Click “Save”

User Groups (App Roles)

Configure user roles to control access levels within Zenzap.
  1. In Entra ID: Go to app registration → Application Name → App roles Configure App Roles
  2. Create new app roles. Zenzap supports 2 app role values: admin and user Configure App Roles
  3. Assign the app roles to the users/groups Assign App Roles

SCIM

Automate user provisioning and deprovisioning between Entra ID and Zenzap.
  1. In your enterprise app, click Provision User Accounts
  2. Use the url https://prod-api.zenzap.co/auth/scim/microsoft and the key provided by your CS representative. SCIM configuration
  3. Test Connection and verify the connection is successful. SCIM Test Connectivity
  4. Map the user attributes to the correct fields in Zenzap:
customappsso AttributeMicrosoft Entra ID AttributeMatch objects using this attribute (edit button)Apply this mapping (edit button)
userNameuserPrincipalNameYesAlways
activeSwitch([IsSoftDeleted], , “False”, “True”, “True”, “False”)NoAlways
displayNamedisplayNameNoOnly during object creation
phoneNumbers[type eq “mobile”].valuemobileNoOnly during object creation
SCIM Map Users
  1. Set “Sync only assigned users and groups” and click Save
SCIM Sync
  1. Press start provisioning. This process typically takes up to 40 minutes.
  2. Check the provision overview for any errors.
SCIM Provision Overview
  1. Users will appear in the Zenzap admin screen under the Organization section.
Zenzap SCIM Status