Accessing Zoho via OneLogin using SAML

Accessing Zoho via OneLogin using SAML

OneLogin uses IAM to secure user access to applications and devices and increases end-user productivity through SSO. You must obtain the login URL, logout URL, and the certificate from OneLogin. You can do this in two ways: Either use the SAML Test Connector, or choose Zoho from the Company Apps list.

Using the SAML Test Connector

  1. Log in to OneLogin.
  2. Click Administration in the top-right corner.
  3. Hover on Apps in the top navigation bar and click Add Apps.
  4. Search for 'SAML Test Connector'.
  5. Choose SAML Test Connector (IdP w/attr).

  6. Enter a display name. You also have an option to upload a logo.
  7. Click Save in the top-right corner.
  8. Go to the SSO tab. The login URL will be displayed as SAML 2.0 Endpoint (HTTP) and the logout URL will be displayed as SLO Endpoint (HTTP).
  9. You can download the X.509 certificate by clicking View Details.
  10. Configure Single Sign-On URL and Entity ID URLs at Zoho.
  11. Navigate to the Configuration tab.

  12. Enter the Zoho service URL that you want your users to go after authorization in the RelayState text-box.
  13. Enter the ACS URL in the Audience, Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL text-box. You can get the ACS URL from the metadata file downloaded from your Zoho account.
  14. Enter the logout URL generated in the metadata file you downloaded from your Zoho account in the Single Logout URL text-box.

Using the Zoho App

  1. Log in to OneLogin.
  2. Click Administration in the top-right corner.
  3. Hover on Apps in the top navigation bar and click Add Apps.
  4. Search for Zoho.
  5. Click the Zoho app that has SAML 2.0 next to it.

  6. Click Save in the top-right corner.
  7. Navigate to the SSO tab. The login URL is displayed as SAML 2.0 Endpoint (HTTP) and the logout URL is displayed as SLO Endpoint (HTTP).
  8. You can download the X.509 certificate by clicking View Details. Make sure the certificate is in one of these formats: based-64 coded .cer, .crt, .cert, or .pem file.
  9. Configure Single Sign-On URL and Entity ID URLs at Zoho.
  10. Navigate to the Configuration tab.

  11. Enter your domain name or ZOID.

Enable Single Logout

OneLogin supports both IdP-initiated and SP-initiated single logout. If you enable single logout, when your users sign out from Zoho, they will be automatically get signed out from OneLogin and vice-versa.

Steps to enable single logout:
  1. Log in to OneLogin.
  2. Click Administration in the top-right corner.
  3. Go to Applications, then select the app you have configured.
  4. Click SSO in the left menu, then copy SLO Endpoint (HTTP).
  5. Go to SAML Authentication at account.zoho.com, then click Edit.

  6. Enter the SLO Endpoint URL in the Sign-out URL field.
  7. Scroll down and enable Single logout.
  8. Click Submit. You may need to re-enter the X.509 certificate before this.
  9. Click Download in the top-right corner, then click Metadata.
  10. Open the downloaded file using a browser or text editor.
  11. From the metadata file, copy the Single logout URL present under the tag <md:SingleLogoutService>.

  12. Return to OneLogin.
  13. Click Configurations in the left menu.
  14. Enter the copied SLO URL in the Single Logout URL field.
  15. Click Save.