Icon representing a Single Sign-on

Single-sign-on (SSO) is a must for any efficient team. The idea is that you require just one login to access all systems and devices that you have been granted user rights. There are various providers that make this process easy and secure. Zammad currently supports SSO via SAML and Shibboleth.

Efficient Single Sign-On Options

What if there was an easy way to quickly sign in to all your devices and systems without having to remember countless passwords? Oh but there is! SAML and Shibboleth have been created purely for this purpose - and you can now use them for your Zammad instance.


SAML (Security Assertion Markup Language) is an open standard for SSO authentication (among other things). Sign-ins are shared across multiple service providers and managed by a central identity provider (IdP).

In this case, the service provider is Zammad, and the IdP is a software service that you either host or subscribe to (e.g., Keycloak, Redhat SSO Server, ADFS, or Okta).


In order to use SAML for Zammad, follow these steps:

  • Add Zammad as a client/app in your IdP
  • Set up user attribute mapping
    (email address, full name, given name, and family name)
  • Add Per-IdP instructions to Zammad
  • And finally, configure your SAML authentication in Zammad
Screenshot SAML activation in Zammad

For more details, check out the Admin documentation.


Shibboleth has been a popular open-source identity management software since the early 2000s. If you are already using it, you can connect it to Zammad, similarly to SAML.

Simply configure Shibboleth for the Zammad IdP and initiate the authentication. There is no documentation for this yet, so just let us know if you need help!

Together we turn your customers into fans.
Start free trial!
All releases and news directly in your inbox.
Subscribe to the newsletter