Custom Authentication in Zoho Creator | Zoho Creator Help

Custom Authentication in Zoho Creator

This help page is for users in Creator 6. If you are in the older version (Creator 5), click here. Know your Creator version.

1. What Does This Page Cover?

Learn how you can authenticate a third-party identity provider to allow your users to use their credentials to log in to Creator.  This is one of the features offered in Zoho Creator under Governance.

2. Availability

  1. Custom Authentication can be accessed only in the paid plans of Creator.
  2. Only the super admin and admins can access Custom Authentication.

3. Overview

3.1. What is Authentication?

Authentication is the verification done by a service provider when any type of login attempt is made to enter an account. User/employee details and credentials will be stored in a verified internal database. When the ID and password entered by the user matches the credentials in the database, they are authorized to log in to the organization.
Tip: Let's learn about the clear difference between authentication and authorization:
  1. Authentication - This is the process of validation, which is, approving a person or an entity to be genuine and original.
    For example, when you try to log in to your Google Workspace account, Google checks if the credentials entered by you matches with the original credentials stored in its database. This is authentication.
  2. Authorization - Post authentication, the process of giving a person or an entity the permission to access something such as data or information.
    For example, after Google authenticates your credentials to be genuine, it allows you to access the permitted tools for your specific Google Workspace account. This act of allowance is called authorization.

3.2. What is Custom Authentication?

Custom authentication is any customized method that helps an organization verify a user who tries to enter their account virtually. These might include password-based authentication, certificate-based authentication, token-based authentication, biometric authentication, and much more.

3.3. What is SSO?

Normally, a user has to use their credentials to sign in to a service after previously logging out every time. In a working business environment, this proves to be impractical and time-consuming. Cookies were invented to provide a solution to this, where a browser allows the user to store their credentials in a secure manner and reuse it automatically each time the user tries to log back in. For security purposes, browsers allow domains to only access credentials stored by themselves.

However, an organization may use multiple applications or services to run their business. Using different sets of credentials each time to access each service might also seem unreasonable. It inhibits employees from smoothly moving between, and accessing different services.

Single Sign-On is an authentication method that solves this problem. It helps employees to sign in to multiple domains and applications using only a single set of authorized credentials. Moreover, a user is automatically signed in to all supported applications when they login in to one of the supported services. This makes the employees' login process way more feasible.

4. Custom Authentication in Creator

In Creator, we use Zoho Directory to configure custom authentication. It acts as a service provider and allows a user to sign in to Zoho using a set of credentials that belong to a third-party IdP. This facilitates them to sign in to multiple services by logging in just once using a single set of credentials, achieving single sign-on.
Important
  1. To perform actions in Zoho Directory, you will have to be an admin in ZD or be set up with a custom role who can make changes to ZD.
  2. For the configurations made in Zoho Directory to be applicable to the users in Creator, they will have to be assigned to the Creator application from the Users module in Zoho Directory. Learn more
Adding IdP - Zoho Directory supports the addition of multiple IdPs, such as Okta, OneLogin, Azure, and more. When an employee logs in from a third-party IdP, a customized token is generated. Zoho Directory will use this unique token to authenticate the external IdP and authorize the log in process. Now, they will not be able to log in to Zoho Creator with their Zoho account credentials and need to use the IdP's credentials. When users are assigned to Creator from Zoho Directory, the activation of custom authentication facilitates single sign-on for the users of Zoho Creator.

Single Sign-On - Directory supports SSO with custom authentication. This creates a federal sign in system where a user needs to use their credentials only once to access all the different services (within or outside of Zoho) linked to the organization offers for business needs. The two protocols that Zoho Directory offers for both authorization and authentication purposes are:
  1. SAML
  2. JWT
Note
  1. After successful configuration, the SSO protocol of an IdP cannot be changed.
  2. Zoho Directory can also be used as a identity provider, i.e., it can be added as an IdP in another platform. After configuration, employees using the external platform can use their Zoho credentials to sign in to their service. Learn more
Example - Say your organization uses multiple services to run its business. They have been using a specific IdP for employees' virtual logins for a while, after which you choose to use Creator to manage your business. You want your employees to continue using the third party IdP to log in to your Creator application. Adding the third-party IdP to Zoho Directory lets your employees log in to their Creator accounts automatically after using the IdP's sign in page and credentials.

Default IdP

This is the IdP that is created by default in Zoho Directory's Custom Authentication tab. It applies to users who do not belong to another IdP.
Note:
  1. The first IdP that is created for All Users will be considered as the default IdP. If you choose to create the first IdP for specific groups, then a default IdP without any configuration will also be created alongside.
  2. The default IdP cannot be renamed or deleted but can be edited, and deactivated/activated. All other IdPs can be edited, removed, renamed, activated, deactivated, or deleted.

Priority of IdPs
In Zoho Directory's Admin Panel, the display of the IdPs indicate a hierarchy from top to bottom. When a user is added to more than one IdP, they will need to use the credentials of the IdP that is higher in the priority list. This priority list can be changed by simply dragging and dropping the IdP up or down using the  icon.

4.1. Use Case

Say an organization uses multiple services to run their business. They use their own business software "Zoho" to track and manage business administration. They also use external brands' services, such as "Zylker 1" and "Zylker 2", to recruit employees and to create and manage documents respectively. Their employees need to use separate accounts and sign in multiple times to access other services. To avoid this, SSO can be enabled using custom authentication. This will ensure that when a users signs in to a service, they will be automatically signed in to all the linked platforms.

4.2. Navigation Guide

Once you sign in to your Creator account, you can find Governance under the MANAGE section on the left-side pane of your dashboard. Once there, you can navigate to the Custom Authentication tab.
Clicking Configure Custom Authentication here will take you to Zoho Directory's Admin Panel from where you can add and manage IdPs.

5. Configuration of Custom Authentication

The documentation to the detailed configuration of an IdP is present in Zoho Directory's resources. Refer to Zoho Directory's:
  1.  Add IdP - Learn to add an IdP to Zoho Directory and facilitate custom authentication.
  2. Configuring Custom Authentication for Popular IdPs - The Zoho account can be accessed after using the external IdP's sign in page and credentials, for authorization.
  3. Use Zoho Directory as an IdP in Other Services - The external IdP's account can be accessed after using Zoho Directory's sign in page and credentials, for authorization.

5.1. Configuration Details

You can add one default IdP and multiple other IdPs through Zoho Directory.
The IdP configuration in Directory asks for you to:
  1. Include specific groups for which this IdP will apply.
  2. Exclude some groups if necessary. If a user exists both in an applicable group and an excluded group, they will definitively be excluded from using that IdP. That is, they will need to login using their Zoho account credentials or another IdP's credentials if applicable. Doing this does not let them access other software that is confidential to only certain groups, such as a privacy team.
  3. Choose the IdP above which you want the new IdP to be situated in the priority hierarchy.
  4. Choose between the two given SSO protocols - SAML and JWT.

For SAML, you need to:
  1. Insert a Sign-in URL from the external IdP's configuration page. When the user enters the external IdP's email address in the Zoho account sign-in portal, they will be redirected to this URL. Additionally, you can also insert the Sign-out URL, Change Password URL, if available.
  2. Upload a verification certificate that you need to get from the external IdP.

For JWT, you need to:
  1. Insert a Sign-in URL from the external IdP's configuration page. When the user enters the external IdP's email address in the Zoho account sign-in portal, they will be redirected to this URL. Additionally, you can also insert the Sign-out URL, if available.
  2. Upload a verification certificate/public key for verification purposes.

6. Benefits of Using Custom Authentication and SSO

  1. You protect the company's systems and thereby create a more secure processing network and ensures enterprise information security. 
  2. By enabling your employees to sign in using SSO, you prevent multiple logins for each and every piece of software that they use.
  3. You can set up multiple identity providers, and have different groups of users authenticate with different IdPs. This will ensure that different organizations can access your service with a single set of credentials.
  4. Industry-standard SSO protocols such as SAML and JWT can be configured while setting up custom authentication. These protocols will establish enhanced security and usability for both the users and the service providers.

7. Points to Note

General
  1. If a user is added to multiple IdPs, the IdP that is higher in priority will be assigned to them.
  2. The number of active IdPs that can be added to your account depends on your Zoho Directory plan.
Users
  1. For the configurations made in Zoho Directory to be applied to the users in Creator, they need to be assigned to the Creator application from the Users module in Zoho Directory.
  2. All users added in Creator will be listed In Zoho Directory. New users can also be created from ZOho Directory and be assigned to Creator. They will be added automatically in Creator's Users module.
  3. A two-way bridge exists between Creator and Zoho Directory. Actions done with Creator users, such as addition, renaming, deletion, deactivation, activation, etc., get synced in the other product automatically.
  4. Users can only be assigned to Creator from Zoho Directory only until the Creator plan's user limit is attained.
  1. Understand Governance
  2. Security Policies in Zoho Creator
  3. Active Directory in Zoho Creator
  4. Domains in Zoho Creator


    Access your files securely from anywhere

      Zoho CRM Training Programs

      Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

      Zoho CRM Training
        Redefine the way you work
        with Zoho Workplace

          Zoho DataPrep Personalized Demo

          If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

          Zoho CRM Training

            Create, share, and deliver

            beautiful slides from anywhere.

            Get Started Now


              Zoho Sign now offers specialized one-on-one training for both administrators and developers.

              BOOK A SESSION









                                            You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.




                                                Manage your brands on social media

                                                  Zoho Desk Resources

                                                  • Desk Community Learning Series


                                                  • Digest


                                                  • Functions


                                                  • Meetups


                                                  • Kbase


                                                  • Resources


                                                  • Glossary


                                                  • Desk Marketplace


                                                  • MVP Corner


                                                  • Word of the Day


                                                    Zoho Marketing Automation

                                                      Zoho Sheet Resources

                                                       

                                                          Zoho Forms Resources


                                                            Secure your business
                                                            communication with Zoho Mail


                                                            Mail on the move with
                                                            Zoho Mail mobile application

                                                              Stay on top of your schedule
                                                              at all times


                                                              Carry your calendar with you
                                                              Anytime, anywhere




                                                                    Zoho Sign Resources

                                                                      Sign, Paperless!

                                                                      Sign and send business documents on the go!

                                                                      Get Started Now




                                                                              Zoho TeamInbox Resources



                                                                                      Zoho DataPrep Resources



                                                                                        Zoho DataPrep Demo

                                                                                        Get a personalized demo or POC

                                                                                        REGISTER NOW


                                                                                          Design. Discuss. Deliver.

                                                                                          Create visually engaging stories with Zoho Show.

                                                                                          Get Started Now









                                                                                                              • Related Articles

                                                                                                              • Domains in Zoho Creator

                                                                                                                1. What Does This Page Cover? Learn how adding verified domains can help you simplify the user onboarding process, create group aliases for email communication, and host your mailbox with Zoho Mail. This is one of the features offered in Zoho Creator ...
                                                                                                              • Security Policies in Zoho Creator

                                                                                                                This help page is for users in Creator 6. If you are in the older version (Creator 5), click here. Know your Creator version. 1. What Does This Page Cover? Learn how you can use security policies to improve a user's authorization process and provide ...
                                                                                                              • FAQs: Zoho Creator - Starter Guide

                                                                                                                This page covers essential insights into Zoho Creator, a low-code platform offering support for multiple languages, shared responsibility models, and the unique Deluge coding language, providing comprehensive assistance for your business needs. What ...
                                                                                                              • Governance in Zoho Creator (Supported by Zoho Directory)

                                                                                                                This help page is for users in Creator 6. If you are in the older version (Creator 5), click here. Know your Creator version. 1. What Does This Page Cover? Learn how you can improve user management and run your organization efficiently using the Zoho ...
                                                                                                              • Billing

                                                                                                                1. What Does This Page Cover? Learn how to check and understand the details and limits of your current billing plan for Zoho Creator. 2. Availability Billing module can be accessed in all plans of Creator. Only the super admin and admins can access ...
                                                                                                                Wherever you are is as good as
                                                                                                                your workplace

                                                                                                                  Resources

                                                                                                                  Videos

                                                                                                                  Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.



                                                                                                                  eBooks

                                                                                                                  Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.



                                                                                                                  Webinars

                                                                                                                  Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.



                                                                                                                  CRM Tips

                                                                                                                  Make the most of Zoho CRM with these useful tips.



                                                                                                                    Zoho Show Resources