Configuring SAML SSO for ZOHO

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and ZOHO.

Prerequisites

1. Log in to ADSelfService Plus as an administrator.
2. Navigate to Configuration > Self-Service > Password Sync/Single Sign On > Add Application, and select Zoho from the applications displayed.
   Note: You can also find the application that you need from the search bar located in the left pane or the alphabet-wise navigation option in the right pane.
3. Click IdP details at the top-right corner of the screen.
4. In the pop-up that appears, copy the Entity ID, Login URL and Logout URL, and download the SSO certificate by clicking on the Download X.509 Certificate link.

Zoho (Service Provider) configuration steps

1. Log in to Zoho accounts service (https://accounts.zoho.com ) with administrator credentials.
2. Navigate to Organization > SAML Authentication option from the left panel menu.



3. Click Setup Now or click Edit if any other SAML Configuration is already available.
4. In the SAML Authentication page that pops-up:
   1. Enter a recognizable SAML SSO profile name (such as ADSelfService Plus SAML configuration).
   2. Enter the Login URL copied in step 4 of the prerequisites in the Sign-in URL field.
   3. Enter the Logout URL copied in step 4 of the prerequisites in the Sign out URL field.
   4. Under X.509 certificate, upload the X.509 Certificate downloaded in step 4 of the prerequisites.

   

5. Click Configure.
6. Once done, click on Download Metadata and open the metadata file in a text editor. Locate the AssertionConsumerService (ACS URL) parameter and copy it.

ADSelfService Plus (Identity Provider) configuration steps

1. Now, switch to ADSelfService Plus’ Zoho configuration page.
2. Enter the Application Name and Description.
3. Enter the Domain Name of your Zoho account. For example, if you use johndoe@thinktodaytech.com to log in to Zoho, then thinktodaytech.com is the domain name.
4. In the Assign Policies field, select the policies for which SSO need to be enabled.
   Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.
5. Select Enable Single Sign-On.
6. Enter your Zoho portal URL as the SP Login Initiate URL. If you don’t have a separate portal URL, use https://accounts.zoho.com
7. Enter the Assertion Consumer URL copied in step 6 of the SP configuration in the Assertion Consumer Service URL field. If your Zoho metadata contains multiple Assertion Consumer URLs, click the + button next to the text field to add all of them.
8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.

Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application

9. Click Add Application

Your users should now be able to sign in to Zoho through ADSelfService Plus.
Note: For Zoho, Both SP-initiated and IDP-initiated flow is supported.