Skip to main content

Overview

The Zenable management console at zenable.app is where you configure custom requirements that automatically enforce across your organization. Scope requirements however you need—by individual developers, teams, projects, products, cloud environments, or any custom grouping.

Accessing the Console

Supported Identity Providers

The Zenable management console supports Single Sign-On (SSO) through the following identity providers:
  • Google - Sign in with your Google account
  • Microsoft Entra ID (formerly Azure Active Directory) - Enterprise SSO for organizations using Microsoft identity services
  • Okta - Enterprise SSO for organizations using Okta as their identity provider
  • Any OIDC-compliant IdP - Keycloak, PingFederate, Auth0, or any provider that supports OpenID Connect

Microsoft Entra ID Onboarding

Organizations using Microsoft Entra ID can enable SSO for their team members through our verified application.

Setup Process

An administrator from your organization must install our Verified Application by clicking the link and granting consent. Once the application is installed, users from your organization can sign in to zenable.app by clicking the Continue with Microsoft button: Continue with Microsoft button on login page

OIDC Onboarding

Any identity provider that supports OpenID Connect can be used for SSO with Zenable. This includes Okta, Auth0, Keycloak, PingFederate, ForgeRock, WorkOS, and others.

Use Cases

  • Interactive login — Users authenticate via your IdP and get redirected to Zenable
  • Machine identities — Agents, CI/CD pipelines, or automation tools authenticate programmatically using OIDC tokens issued by your IdP, without browser interaction

Requirements

Your identity provider must:
  • Support the OpenID Connect protocol
  • Expose a discovery endpoint (/.well-known/openid-configuration) over HTTPS
  • Be publicly reachable from the internet

Setup Process

  1. In your IdP, create a new OIDC client (confidential, with a client secret) with the following settings:
SettingValue
Allowed redirect URIhttps://zenable.us.auth0.com/login/callback
Allowed scopesopenid, profile, email
  1. For M2M use cases, also enable the client credentials grant on the OIDC client so machines can obtain tokens without user interaction.
  2. Contact us at hello@zenable.io securely to initiate the setup. We will need: 
OIDC Discovery URL:
Client ID:
Client Secret:
Email domain(s) (for interactive login):
Once we receive this information, we’ll configure the connection on our end and notify you when SSO is ready.

Okta

  1. In the Okta administrator section choose Applications
  2. On the app screen, select Create App Integration
  3. Select “OIDC - OpenID Connect” and then “Web Application” in Application type
  4. Fill a name for the application and select “Authorization Code” as the Grant type
  5. In the “Sign-in redirect URIs” field, add https://zenable.us.auth0.com/login/callback
  6. In “Assignments” fill in the groups that should have access to Zenable according to your organization’s needs
  7. Fill the rest of the fields as your organization requires and save the application
  8. Send us the Okta Domain, Client ID, Client Secret, and email domain(s) used to log in

Keycloak

  1. Create a realm (or use an existing one)
  2. Go to Clients → Create client, set type to OpenID Connect
  3. Enable Client authentication (makes it confidential)
  4. Enable Service accounts roles (for M2M client credentials)
  5. In Valid redirect URIs, add: https://zenable.us.auth0.com/login/callback
  6. In Web origins, add: https://zenable.us.auth0.com
  7. Copy the Client ID and Client Secret (from the Credentials tab)
  8. Your Discovery URL is: https://your-keycloak-domain/realms/your-realm/.well-known/openid-configuration

Using Machine Identity (Token Exchange)

Once your M2M connection is configured, your CI/CD pipelines or automation tools can exchange tokens issued by your IdP for Zenable API tokens. This follows the RFC 8693 OAuth 2.0 Token Exchange standard. After setup, we will provide you with:
  • A subject_token_type URI unique to your organization (e.g., https://zenable.app/oauth/your-org-token)
Your IdP must be configured to issue tokens with the audience https://www.zenable.app/. Tokens without the correct audience will be rejected. To exchange a token, make a POST request to https://zenable.us.auth0.com/oauth/token with the following parameters in the request body (application/x-www-form-urlencoded):
ParameterValue
grant_typeAlways urn:ietf:params:oauth:grant-type:token-exchange
subject_tokenA valid JWT from your IdP
subject_token_typeThe URI we provide during onboarding
client_idBwZkedovVV2bIPmxmK3crzdHmTdRqjv4
audiencehttps://www.zenable.app/
Each unique sub (subject) claim in your tokens creates a separate user, and with that a seat. If you rotate or recreate your M2M client in your IdP, the new client will consume an additional seat. Contact us at hello@zenable.io if this is a concern.

What You Can Configure

Through the management console, you can:
  • Custom Requirements (zenable.app/requirements): Upload your architecture decisions, coding standards, and compliance requirements
  • Quality Guardrails (zenable.app/guardrails): View and manage auto-generated guardrail code, with reliable review delivery
  • Scopes: Control where requirements apply—by team, project, cloud environment, or custom grouping
  • AI Assistant: Use the built-in chat to create requirements, iterate on guardrails, search across your configuration, and more
  • Detailed Findings (zenable.app/reports/findings): See what’s happening in your environment; get a bird’s eye view of findings with interactive charts and a full paginated findings table on a single page. Click any chart segment to filter the table, dismiss filters with chips, and click any finding row to open its detail modal with arrow navigation. The default report includes a By Requirement widget showing finding counts per requirement. Filter findings by category, repository, integration, user, or requirement
Learn more about requirements & guardrails → Once configured, these requirements automatically enforce in:
  • Every developer’s IDE
  • Pre-commit hooks
  • PR reviews
Learn about Policy as Code →

Get Started

Open Console

Log in to configure requirements

Install IDE Protection

Set up IDE quality guardrails

Add PR Reviews

Automate code review
Need help? Contact us at hello@zenable.io