SAML Integration With Auth0

Accessing Zoho via Auth0 using SAML

By configuring SAML based SSO with Auth0, you can let your users sign in to Zoho using their Auth0 credentials.

Required items from Auth0

You will need the following items from Auth0 to configure SAML in Zoho. You can follow the configuration steps to get these from Auth0.
  1. Identity Provider Certificate
  2. Identity Provider Metadata

Steps to configure SAML

  1. Sign in to your Auth0 administrator account.
  2. Click Applications in the left menu, then click Applications.
  3. Click Create Application.
  4. Enter a name for the app, select the application type Regular Web Applications , then click Create.
  5. Go to the Addons tab, then click SAML2 WEB APP.
  6. In the Usage tab, click Download Auth0 Certificate to download and save a PEM certificate.
  7. Click Download next to Identity Provider Metadata.
  8. Open the metadata file (using your browser or a text editor) and copy the URLs under the tags <SingleSignOnService> and <SingleLogoutService>.
  9. Sign in to your Zoho account at accounts.zoho.com.
  10. Configure SAML in your Zoho account using the downloaded PEM certificate and the copied URLs.
    1. Paste the SingleSignonService URL in the Sign-in URL field.
    2. Paste the SingleLogoutService URL in the Sign-out URL field.
    3. Upload the PEM certificate in the X.509 Certificate field.
  11. Once you have configured SAML in Zoho Accounts, download the metadata file and open it using your browser or a text editor.
  12. Copy and save the ACS URL and Sign-out URL from the metadata file.
  13. Return to Auth0 and go to the Settings tab in the Addon dialog.
  14. Enter the copied ACS URL in the Application Callback URL field.
  15. Under Settings, clear the existing content.
  16. Copy and paste the following JSON snippet. Make sure to replace the dummy URL inside the "callback" parameter with the Sign-out URL you copied from the Zoho metadata file.
    { 
    "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailaddress",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
],
"logout": {
   "callback": "https://zylker.us.auth0.com/samlp/de012iz5V64WgJeRwIh7vsfy1VLd1DFA/logout",
   "slo_enabled": true
 }
}
  17. Scroll down to the bottom and click Enable.

If you encounter any error while signing in using SAML, refer to our troubleshooting guide.