Accessing Zoho via JumpCloud using SAML

Accessing Zoho via JumpCloud using SAML

By configuring SAML-based SSO between Zoho and JumpCloud, you can let your users sign in to Zoho using their JumpCloud credentials.

Required items from JumpCloud

You will need the following items from JumpCloud to configure SAML in Zoho. You can follow the configuration steps to get these from JumpCloud.
  1. IDP URL
  2. IDP Certificate

Steps to configure SAML-based SSO

A. Configure SAML in JumpCloud:

  1. Sign in to accounts.zoho.com.
  2. In the left menu, under Organization, click SAML Authentication.
  3. Click Download Metadata. A file named "zohometadata.xml" will be downloaded.
  4. Sign in to the JumpCloud admin console.
  5. In the left menu, under USER AUTHENTICATION, click SSO.
  6. Click the plus icon, then click Custom SAML App.
  7. Enter a name for this app under Display Label.
  8. Go to the SSO tab.
  9. Click Upload Metadata.
  10. Browse and upload the previously downloaded file "zohometadata.xml". The required fields will be populated automatically.
  11. In the IdP Entity ID field, enter a unique string of characters. (Even though Zoho doesn't require the IdP's entity ID, JumpCloud requires you to enter some value)
  12. In the IDP URL field, enter a unique string for the last part. This will be used when configuring SAML in Zoho. (Note: This cannot be edited later)
  13. (optional) Enter the required relay state URL in the Default RelayState field.
  14. (optional) Configure the required attributes for just-in-time provisioning under the Attributes section. You can link the following Zoho attributes with the corresponding attributes of JumpCloud: First Name, Last Name, Display Name.
  15. Click activate, then click continue to confirm.

B. Configure SAML in Zoho:

  1. Open the configured app in JumpCloud.
  2. Go to the SSO tab, then copy the IDP URL.
  3. In the left side, click IDP Certificate Valid, then click Download certificate. A file named "certificate.pem" will be downloaded.
  4. Return to SAML Authentication at accounts.zoho.com.
  5. Configure SAML in your Zoho account using the downloaded certificate and the copied IDP URL from JumpCloud.
    1. Paste the IDP URL in the Sign-in URL field.
    2. Upload the IDP certificate in the X.509 Certificate field. Make sure the certificate is in one of these formats: based-64 coded .cer, .crt, .cert, or .pem file.
  6. Click Configure.

Assign users to the app in JumpCloud

Your users in JumpCloud can use this newly configured Zoho app to sign in to Zoho. However, you first need to assign your users to this app. You can follow the instructions in the following JumpCloud article to do so.
  1. Authorize Users to an SSO Application

Test the SAML configuration

You can test if the configuration is working properly using the following steps.

SP-initiated flow:
  1. Go to your Zoho sign-in page.
  2. Enter your email address, then click Next. (If you sign in as Zoho admin, click Sign in another way, then select the SAML option) You will be redirected to JumpCloud for authentication.
  3. If you are not already signed in to JumpCloud, enter your JumpCloud credentials to sign in. You will now be redirected back to Zoho and will be signed in.
IdP-initiated flow:
  1. Go to the JumpCloud user console.
  2. In the Applications tab, click on the app you have configured for Zoho. You will be redirected to Zoho and will be signed in.
If you encounter any errors while signing in using SAML, you can refer to our troubleshooting guide.