Login   Sign Up Contact Us
Hello there!

Need Help? We are right here!
miniOrange Email Support
success

Thanks for your Enquiry.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Zoho Single Sign-On (SSO)

Zoho Single Sign-on (SSO) solution by miniOrange provides secure access to Zoho for enterprises and full control over access of Zoho application. Single Sign-On (SSO) solution for Zoho is a cloud based service. With this service you need only one password credentials for all your web & SaaS apps including Zoho using user stored in Active Directory (AD) domain. miniOrange provides secure access and full control to Zoho for enterprises and applications. With the help of the given guide you can configure Zoho easily.

To create a SAML connection between Zoho and miniOrange, you will need to provide some details from Zoho to miniOrange, and vice versa. You can get Zoho's details from the Zoho metadata and provide them to miniOrange while configuring SAML. Similarly, you will need to get the required details from miniOrange to configure SAML in Zoho.

Zoho and miniOrange Single Sign-On (SSO) integration supports the following features:


  • SP Initiated Single Sign-On (SSO)
  • IdP Initiated Single Sign-On (SSO)

Pre-requisite

    To configure Zoho as a service provider in miniOrange, you will need to provide Zoho's details. These details can be found in the metadata file, which you can download from your Zoho account.
    To download Zoho’s metadata:

  • Login to accounts.zoho.com .
  • In the left panel, under Organization, click SAML Authentication.
  • Click Download Metadata. A file named "zohometadata.xml" will be downloaded.
    • Configure Zoho Single Sign-On (SSO): Download Zoho metadata file

  • This we will need while configuring the SSO in miniOrange dashboard.

Follow the step-by-step guide given below for configuring the Zoho Single Sign-On (SSO)

  • Upload the XML metadata section from Autodesk in miniOrange Dashboard using the Import SP Metadata feature..
  • Enter the App name as Zoho, select the File format and upload the zohometadata.xml. Click on Import button.
    • Zoho Single Sign-On (SSO) Single Sign-On (SSO): Upload SP Metadata File in miniOrange Dashboard

  • All the values will be auto-filled.
  • Go to the Attributes mapping section and make sure that NameID format is selected as email address.
    • Zoho Single Sign-On (SSO) Single Sign-On (SSO): Upload SP Metadata File in miniOrange Dashboard

  • Click on Save.

    • Get IdP Metadata Details to upload to Zoho:

  • Go to Apps >> Manage Apps.
  • Search for your app and click on the select in action menu against your app.
  • Click on Metadata to get metadata details, which will be required later. Click on Show SSO Link to see the IDP initiated SSO link for Zoho.
    • Zoho SSO (Single Sign-On) metadata link

  • Here you will see 2 options, if you are setting up miniOrange as IDP copy the metadata details related to miniOrange, if you required to be authenticated via external IDP's (OKTA, AZURE AD, ADFS, ONELOGIN, Zoho) you can get metadata from the 2nd Section as shown below.
    • Zoho Single Sign-On (SSO) Add SAML Application

  • Keep SAML Login URL, SAML Logout URL and click on the Download Certificate button to download certificate which you will require in Step 2.
    • Zoho Single Sign-On (SSO) Select Metadata details external IDP or miniOrange as IDP

2. Configure Single Sign-on (SSO) in Zoho Admin Account

  1. Go back to the Zoho admin account and click on Set up Now.
    2. Zoho SAML Single Sign On (SSO): Zoho Accounts admin console

  2. In the SAML Authentication popup's, enter the SAML Login URL in Sign-in URL field and SAML Logout URL in Sign Out URL field, which you have copied in Step 1.
  3. In Change Password URL field, enter the miniOrange Login URL.
  4. In X.509 Certificate field, upload the certificate file downloaded in the Step 1.
    5. Zoho SAML Single Sign On (SSO) SAML settings

  5. Based on your SAML requirements, you can make use of the following options as well:
      Zoho SAML Single Sign On (SSO) saml settings

      Sign SAML requests:

    • For SP-initiated SAML, Zoho will send SAML requests to your IdP (to authenticate the user). Your IdP may require that these requests are signed to ensure that:
      • The requests are coming from Zoho and not any other source.
      • The information sent in the request is not altered by a malicious actor.
    • To meet this signature requirement, you can enable the option to sign all SAML requests Zoho sends. A public key will be generated and available for download (on the SAML Authentication page). You'll need to provide this public key to your IdP for verifying the signed requests.

      • Generate key pair

    • After your IdP authenticates a user, it will send a SAML response to Zoho, which contains information about the authenticated user, among other details. To maintain the confidentiality of this information, the IdP may require that SAML responses be encrypted. To meet this requirement, you can generate a cryptographic key pair of public and private key. The private key will be kept secure. The public key will be available for download, and you'll need to provide it to your IdP. Your IdP will use this public key to encrypt the information in SAML responses and send them to Zoho. Since this information can only be decrypted using the private key that Zoho has kept secure, the information sent in responses remains confidential between your IdP and Zoho.
    • Note: If you enable the option Sign SAML requests, a key pair will be generated automatically.

      • Single Logout

    • There are two types of Single logout (SLO):
      • SP-initiated SLO: When users sign out of Zoho, they will be automatically signed out of the IdP as well.
      • IdP-initiated SLO: When users sign out of the IdP, they will be automatically signed out of Zoho as well.
    • For SLO to work, it must be supported by the IdP. Some IdPs support only one type of SLO, some support both, and some support none.
    • To configure Single logout for your organization, you need to:
      • Enable the Single logout option.
      • Provide your IdP's sign-out URL to Zoho while configuring SAML.
      • Provide Zoho's sign-out URL to your IdP. Zoho's sign-out URL can be found in the metadata file under the tag {md:SingleLogoutService}. For IdPs that are supported, the steps to enable single logout are described in the respective SAML help articles.

      • Just-In-Time provisioning

    • Just-in-Time (JIT) provisioning allows your users to get added to your Zoho organization when they sign in to Zoho for the first time through SAML. They will be added after validating the SAML response and their domain. If JIT is not enabled, you have to manually add your users to your Zoho organization before they can sign in with SSO.
    • Using JIT, you can also retrieve and auto-fill some user information fields in Zoho (from the IdP). To do that, map the following Zoho user information fields with the corresponding fields from your IdP when you enable JIT:
      • First Name
      • Last Name
      • Display Name
    • Your IdP may either pre-define the attribute names or let you enter an attribute name of your own. If the latter is the case, enter an attribute name in Zoho and use the same name in your IdP.
  6. Click Submit. miniOrange as an IDP is configured successfully.
    7. Zoho SAML Single Sign On (SSO) saml settings


External References