Summary: In many cases, our customers need to manage multiple accounts (various agencies, brands, departments, etc.). With Trusted Accounts, admins can set up trust relationships between these accounts, aka Partner Relationships.
Trusted accounts provide Admins with the following capabilities:
Trusted contacts: Active users of the trusted account are automatically synchronized to the trustee account's contact list.
Proof Sharing: Admins now have the ability to lock down proof sharing to users in their accounts and users in trusted accounts. This is very useful if you want to ensure proofs are only shared with known domains/users.
Authentication: Admins can navigate between Single Sign-on enabled accounts without having to re-authenticate every time. It also works for two-factor authentication and trusted device features.
Available: Enterprise edition only.
Where is the feature setup? Go to Settings > Security > Trusted Accounts
How does it work?
At the top of the page, you’ll find your trust ID, which can be added to other Ziflow accounts that belong to you or your company. By giving someone your trust ID, you agree to give them information about your users. When another account trusts your trust ID, your active users will be added as trusted contacts to their account.
If you want to add a trusted account, click the green + Add Account button. In the field, enter the trust ID of the account that your account will trust.
Ziflow will let you know if the account has been successfully added and you will see it on the list.
Adding trusted accounts will result in contact list synchronization.
This auto-synchronization can work in two modes:
One way trust - where users will be populated as contacts to all trusted accounts.
Or both ways trust - where mutual trust accounts can cross-populate user contact lists to keep both up to date.
If you want to enable both ways trust, you need to perform the same process on the other account. Simply add the trust ID of account A to the “Trusted accounts” list of account B. This will result in mutual trust.
The trust relationship will allow users to switch between accounts without the need to “double login.” Users who are authorized with their login and password in one account are able to go to any trusted account without having to log in again (either SSO or not).
The same applies when one account with two-factor authentication trusts another. For instance, if your main tenant does not require 2FA but a secondary tenant has enabled it and trusts your primary tenant, you won't need to authenticate with 2FA.
Only administrators can add/manage trusted accounts.