How to enable passkey based authentication for Zoho Creator portals

Note:

Support for passkeys in Zoho Creator’s default portal login is currently under development and will be available soon. Until then, you can enable passkey-based authentication for your portals by integrating any SSO provider that supports passkeys using SAML.
In this tutorial, Auth0 is used as identity provider for demonstration purposes only. Zoho Creator does not endorse or recommend any specific SSO vendor. You may use any SAML compatible provider that supports passkeys. While the configuration steps may vary, the overall integration flow remains the same.

Zoho Creator portals support passkey based authentication through SAML based Single Sign On (SSO). By connecting your portal to an external identity provider, such as Auth0, that supports passkeys, you can allow users to sign in using biometrics, device credentials, or security keys instead of passwords. SAML acts as the secure bridge between Zoho Creator and the identity provider.

Before you begin, ensure you have a clear understanding of SAML authentication and how it is configured, including concepts such as identity provider, service provider, ACS URL, and so on. This will help you configure the integration correctly and troubleshoot any issues during setup.

See how it works

Prerequisites

Set up a portal for your preferred application in your Zoho Creator account to enable SAML authentication. Follow the steps in the Setting up a portal guide to create the portal.
Create an Auth0 account if you do not have an existing one.

Steps to follow

Step 1: Configure SAML authentication for portal with Auth0

Navigate to the Portals under Deploy section in your creator account dashboard.
Click on the preferred portal to configure the SAML authentication.
Select the Authentication tab and select SAML. The SAML Authentication pane will slide in from the right.
Copy the ACS URL and Entity ID under the Service Provider Details.
Open a new tab in your browser and log in to your Auth0 account. You will be redirected to the Auth0 dashboard.
Navigate to Applications under Applications section in the left pane and click + Create Application.
Enter a name for your application and choose the application type as Regular Web Application and click Create. The detailed view of the application you've created will be displayed.
Select the Addons tab in the top menu bar and click on the SAML2 Web App toggle. A configuration pop-up will appear.
Click the Settings tab in the pop-up and paste the ACS URL copied from your Creator portal (refer to step 4) in the Application Callback URL field.
Replace the existing code with the below code in the Settings editor.

{
"audience": "{Portal Entity ID}",
"recipient": "{ACS URL}",
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailaddress",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
],
"logout": {
"callback": "{Portal Logout URL}",
"slo_enabled": true
},
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}

Ensure you update the placeholders in the code with respect to your Zoho Creator portal.

{Portal Entity ID} - Replace it with the Entity ID copied form your Creator portal (refer to step 4).
{ACS URL} - Replace it with the ACS URL copied form your Creator portal (refer to step 4).
{Portal Logout URL} - Construct the logout URL using your portal URL and Portal ID in the following format:

https://<Portal_URL>/accounts/p/40-<Portal_ID>/logout/samlsp/<Portal_ID>

The <Portal_ID> is the numeric part of the Entity ID. For example, if the Entity ID is 11118664031.zoho.com then the Portal ID is 11118664031.
Example, {Portal Logout URL}: https://pos.zohocreatorportal.com/accounts/p/40-11118664031/logout/samlsp/11118664031

Scroll down and click Enable to activate the SAML authentication.
Switch to the Usage tab in the SAML pop-up and perform the following actions:

Click Download Auth0 certificate hyperlink. The Auth0 certificate will be downloaded in a .pem file format.
Click Download near the Identity Provider Metadata to download the metadata file.
Copy the Identity Provider Login URL.

Switch back to the browser tab where Zoho Creator is open and continue configuring the SAML authentication for your portal (refer to step 4). Paste the Identity Provider Login URL you copied earlier into the Login URL field.
Enter the Logout URL by appending '/logout' to your Identity Provider Login URL. You can also find the logout URL in the downloaded metadata file (refer to step 12).
Example : https://dev-tqgtpgf3yz8u2ey7.us.auth0.com/samlp/OGqE9fxxxxxxxxxovsUlu9kB/logout
Click the Get key from file link, then click Browse and select the downloaded certificate (.pem) file (refer to step 12).
Select RSA as the algorithm, since it is the default algorithm used by Auth0, then click Configure.

After completing this configuration, all portal authentication requests will be routed through Auth0 via SAML using the user’s email, providing a centralized and secure login experience. To enable passkey based sign in for users, proceed to the next section.

Step2: Enabling passkey authentication with Auth0

Switch to the browser tab where your Auth0 account is open.
Navigate to Authentication Profile under Authentication from your dashboard and select Identifier First as your login flow. Click Save.
Navigate to Database under Authentication and click on the Username-Password-Authentication database.
Select the Authentication Methods tab and click Configure button in the Passkey card. The Passkey configuration tab will slide in from the right.
Select the Enable Passkey checkbox and click Save.