As part of our ongoing support of our upcoming legacy login deprecation, we are holding monthly OneID office hours with Principal Product Manager, Bharath Marimuthu who was on-hand to answer questions after sharing some best practices from questions asked before the session in the Zuora Administrators group.
View Presentation | Watch Full Video
Things to Do After Onboarding to OneID
Watch video to learn more
- Do not worry about your existing login, you will have access to your existing credentials for your tenants until August 1st. Your new OneID account will be an additional login to your Zuora applications.
- Rename your global OneID roles that were imported from your local tenants
- Import additional user accounts from your local tenants to OneID. Do NOT import API user accounts.
- Setup SSO and SCIM provisioning in OneID (Optional)
- Please reach out to Zuora support if you face any issues activating your OneID account or any duplicate user accounts.
Onboarding Steps to OneID with SSO
Watch video to learn more
Step 1: Create a custom SAML app and update the SSO metadata url in the OneID SSO settings. - Watch video
Step 2 (Only for Okta): Perform SCIM Integration in the custom Okta SAML app - See step 5 for video
- Create OAuth clients in OneID
- Integrate OneID and Okta though SCIM protocol.
Step 3: Push user accounts from Okta, users accounts will be auto created in OneID (How to import users). - Watch video
Step 4: Import users to OneID from the Billing or Revenue tenants - Watch video
Step 5: Push user Groups (from Okta), which will sync the user accounts with their tenant access from Okta. - Watch video
Q&A Highlights
-
Did you import the roles from the sandbox and production?
-
If I have users who I haven't created a/cs for in OneID and I don't want them migrated, will Zuora automatically move them? How can I stop this happening?
-
New user once we added in Okta group(Step-5) and that user will be created in Zuora but what he will get?
-
Some imported users still reflect in the UI having a reset password active, what does that do?
-
For API user, how is the access handled and what is the difference in steps for configuring access and password reset. It was mentioned that API user will be excluded from Import.
-
When enabling provisioning via Okta, we need to authenticate with the Zuora OneID application by logging in with a Zuora OneID account. If the Zuora OneID user account used for authentication is deactivated in the future, would that affect the provisioning from Okta?
-
How this will affect our API user and the user that are not integrated to SSO
-
We have already migrated 1 environment and connected to SSO. We do not use OKTA. I have 2 questions. 1. can I just migrate .my selected user and their SSO will automatically be enable. They are all SSO enable today. 2 I can manually migrate each of my remaining environment over to One Id through the One Id GUI or do I need support to do that for all my other environments?
-
To confirm, if we have an existing API user that logs in with OAuth, we have to migrate them to OneID (or create a new API user) and generate new OAuth credentials, and update our code with the new credentials?
-
Does Zuora view users with the following permissions as an API user and therefore won't automatically migrate them? API Write Access = yes; UI Access = no
Continue Your OneID Journey with Others
Exploring new Zuora features collaboratively with the guidance of a product manager is ideal which is why we’re starting OneID conversations in the Zuora Administrators community group. There you can ask questions and get answers from like-minded users and Zuora experts who’ve “been there and done that” so that you won’t have to reinvent the wheel and also have discussions that are admin-specific. Hope to see you there!