Skip to main content

Authentication mechanisms in Zoovu

Zoovu offers flexible authentication options to meet diverse security needs. This document covers Zoovu's default authentication setup, support for federated SSO, and optional Multi-Factor Authentication (MFA) for added security.

Default authentication solution

By default, Zoovu Discovery Platform uses its own authentication system. In this setup, user accounts are created and managed within the Zoovu platform. The platform uses Microsoft Azure B2C for credential management and authentication, following industry standards for privacy and security.

Support for SSO Federation

Zoovu Discovery Platform supports federated SSO integrations using OpenID Connect-based authentication solutions. This allows clients to use their existing SSO provider for integration and authentication into the Zoovu platform.

Requirements for SSO Federation

To configure SSO federation with Zoovu, provide the following information:

  • application ID - The unique identifier for the client’s SSO application.
  • application secret - The secret key for secure communication.
  • well-known endpoint URL - The URL of the client’s authentication server that supports OpenID Connect.
  • scope - By defauly Zoovu will authenticate with the openid scope. (Let us know if other scopes should be used.)

Zoovu needs to read a claim from the returned ID token that contains the user's email. By default, this claim is named "email," but it can be customized if needed.

Whitelist the following Zoovu URLs:

  • Production environment: https://login.zoovu.com/zoovub2cprod.onmicrosoft.com/oauth2/authresp
  • Testing environment: https://zoovutest.b2clogin.com/zoovutest.onmicrosoft.com/oauth2/authresp (This URL can be removed after the testing phase is complete.)

Optional logout URL

If single sign-out functionality is required, use the following logout URL:

https://login.zoovu.com/zoovub2cprod.onmicrosoft.com/b2c_1a_jwt_signin/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Forca.zoovu.com%2Fdashboard

Support for Multi-Factor Authentication (MFA)

Zoovu Discovery Platform also supports Multi-Factor Authentication (MFA) - commonly referred to as 2FA. This is available both for clients using the default Zoovu authentication and for those with SSO integration.

MFA for Clients using SSO

For clients using SSO, any additional authentication factors will be managed by the client’s own SSO provider.

MFA for Clients using default Zoovu authentication

Zoovu can provide a second-factor authentication mechanism for clients using the platform’s default authentication. However, as this incurs additional setup and maintenance costs, implementing MFA might require a separate commercial agreement depending on the client’s existing contract with Zoovu.

We recommend using TOTP-based 2FA unless the client explicitly requests SMS-based authentication, which should only be implemented with an additional commercial arrangement.