Configuring Single Sign-On for Zoho

Solution:

Upon setting up single sign-on (SSO) for Zoho accounts in ADSelfService Plus, your users can use just their Active Directory or Windows credentials to access their Zoho cloud accounts. Users can access their Zoho accounts from ADSelfService Plus’ web console with just a click.

Prerequisites

1. Log in to ADSelfService Plus as an administrator.
2. Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select Zoho from the applications displayed.

   

   Note: You can also find the Zoho application that you need from the search bar located in the left pane, or the navigation option in the right pane.
3. Click IdP details in the top-right corner of the screen.
4. In the pop-up that appears, copy the Login URL and Logout URL and download the SSO certificate by clicking Download Certificate.

Zoho configuration steps

1. Log in to Zoho Accounts (https://accounts.zoho.com) with administrator credentials.
2. From the left panel menu, navigate to Organization → SAML Authentication.

   

3. Click Setup Now, or click Edit if any other SAML configuration is available.
4. In the SAML Authentication pop-up's Sign-in URL field, enter the Login URL copied in Step 4 of Prerequisites.
5. In the SAML Authentication pop-up's Sign out URL field, enter the Logout URL copied in Step 4 of Prerequisites.
6. In the SAML Authentication pop-up's Change Password URL field, enter the ADSelfService Login URL (e.g., https://selfservice-domainportal).
7. In the SAML Authentication pop-up's X.509 Certificate field, upload the certificate file downloaded in Step 4 of Prerequisites.

   

8. Click Configure.
9. Click Download Metadata and open the metadata file in a text editor. Locate the Assertion Consumer Service (ACS URL) parameter and copy it, as it will be used later.

   

ADSelfService Plus configuration steps

1. Now switch to ADSelfService Plus’ Zoho configuration page.
2. Enter the Application Name and Description.
3. Enter the Domain Name of your Zoho account. For example, if you use johndoe@thinktodaytech.com to log in to Zoho, then thinktodaytech.com is the domain name.
4. In the Assign Policies field, select the policies for which SSO needs to be enabled.
   Note: ADSelfService Plus allows you to create OU- and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
5. Select Enable Single Sign-On.
6. Enter the SAML Redirect URL, which is your Zoho Portal URL. (If you don’t have a separate portal, fill in “https://accounts.zoho.com”.)
7. Enter the ACS URL you saved in Step 9 of Zoho configuration steps.
8. Click Add Application.

   

Your users can now sign in to Zoho through ADSelfService Plus.