Welcome to Portal

?Unknown\pull-down

Welcome to Zoho Cares

Bienvenido a Soporte de Zoho

Search our knowledge base, ask the community or submit a request.

Setting up SAML Single Sign-on for Help Center

Security Assertion Markup Language (SAML) is a mechanism used for exchanging authentic and authorized data between applications, particularly between an identity provider (IdP), such as OneLogin, Okta, or PingIdentity, and a service provider, such as Zoho Desk. 


Administrators can configure SAML-based single sign-on (SSO) for end users, so they can access your Help Center without being prompted to enter separate login credentials.

 

SAML single sign-on authentication involves a service provider, Zoho Desk in this case and an identity provider. When you've enabled SAML, end-user management, and authentication are handled through your company's identity provider (IdP). An end user who requests access to Zoho Desk's Help Center will be redirected to your identity provider for authentication. The identity provider authenticates the end user and in return, generates an authentication assertion, which indicates that a user has been authenticated. Upon receiving the assertion, the end user is redirected back to your Help Center and signed in seamlessly. As a single point of authentication with your trusted identity provider, SAML ensures that your end-user credentials are secure within your company's firewall boundary.

Business processes involve working with multiple cloud-based applications and services. Implementing a SAML-based SSO method for signing in makes it easier for users to access various applications using the same login credentials. It also enhances security and streamlines accessibility to various systems. That is, if an organization configures SAML-based SSO, then authentication for accessing Zoho Desk will be done via the identity provider. 


Availability
Info Permission Required
Users with the Administrative profile can set SAML-SSO authentication and manage settings. 
Check Feature Availability and Limits


Some benefits of using the SAML-based SSO method of authentication are:

 
  • Ease to remember and manage login credentials 
  • Simplified login process
  • Enhanced security due to centralized access control
  • Reducing the risk of password-related vulnerabilities
  • Ease of managing user access and permissions from a centralized identity management system

 

Notes
  • SAML authentication only applies to customer accounts. It does not apply to agents. 
  • You can set up either remote authentication or SAML for single sign-on, but not both at the same time.
  • Customers cannot self-sign up or change their account password on a SAML-enabled Help Center.    

Setting up SAML SSO  

The third-party identity provider provides the configuration details for the SAML. The Zoho Desk administrator must log in with the organization credentials to set up SAML single sign-on in the Zoho Desk account.

 

To ensure a successful setup of SAML Single Sign-On (SSO) in Zoho Desk, you will need to provide several key details on the SAML page. These details are essential for configuring the SAML SSO effectively. Here's an explanation of each required field:

 

  • Remote Login URL: This is the URL of your Identity Provider (IdP) where Zoho Desk will redirect your end users when they attempt to log in to the Help Center. It serves as the entry point for authentication and enables seamless login from the Help Center to the IdP.

  • Remote Logout URL: This field expects the URL of your IdP's logout page. When end users initiate the logout process from the Help Center, Zoho Desk will redirect them to this URL to ensure they are properly logged out of both the Help Center and the IdP.

  • Reset Password URL: Here, you need to provide the URL of your IdP's password reset page. If end users want to change their password for the Help Center, Zoho Desk will redirect them to this URL. It allows users to securely update their passwords within the IdP's system.

  • Public Key: This field requires you to upload the Public X.509 certificate in text format. The certificate contains the public key necessary for Zoho Desk to verify the authenticity of SAML authentication requests received from your IdP. Uploading this certificate ensures secure communication between Zoho Desk and your IdP.

  • Algorithm: Choose the algorithm that your IdP used to generate the public keys and certificates. You can select between RSA and DSA options. This selection aligns with the algorithm employed by your IdP, ensuring compatibility and accurate verification of SAML authentication requests.

 

By providing these details accurately, you enable Zoho Desk to establish a secure and seamless SAML SSO integration with your IdP. This integration streamlines the authentication process for end users accessing the Help Center, enhancing security and user experience.


  1. Navigate to Setup  ) > Channels > Help Center.
  2. Select the Help Center in which you want to authenticate users using SAML.
  3. Click User Authentication under the Help Center sub-menu.
  4. On the SAML page, provide the following details:
    1. Enter the remote login URL of your IdP.
    2. Enter the remote logout URL of your IdP.
    3. Enter the reset password URL of your IdP.
    4. Upload the Public X.509 certificate in the text format. 
    5. Select an algorithm between RSA and DSA.
  5. Click Save.

 

Notes
Before clicking Save, you'll see new fields (like Help Center SAML Request URL, etc.) and values listed. Copy those values over to your identity provider to ensure that your IdP is capable of communication with your SAML-enabled Zoho Desk.

Disabling SAML SSO

You may go back to using Zoho Desk's built-in authentication, or switch to a different identity provider (IdP), by disabling the SAML configuration. Once you disable SAML, end users will need a Zoho Desk account password to log in to your Help Center. Please keep the following implications in mind as you disable SAML for single sign-on: 


  • End users who had a password on your Help Center account before enabling SAML single sign-on can use that to log in.
  • End users who signed up for your Help Center after enabling SAML single sign-on will need to reset their password when they log in the next time. 

To disable SAML single sign-on

  1. Navigate to Setup ) > Channels > Help Center.
  2. Select the Help Center in which you want to disable SAML single sign-on.
  3. Click User Authentication under the Help Center sub-menu.
  4. On the SAML page, click Disable in the upper-right corner of the screen.
  5. Click Continue to confirm your action.

Configuring the Identity Provider  

You can find specific instructions for your identity provider (IdP) listed here, or you can search for instructions specific to your IdP by referring to their documentation or support resources.

 

Every IdP may have its own set of configuration steps and requirements for integrating with Zoho Desk's SAML Single Sign-On (SSO). To ensure a smooth setup process, it is recommended to follow the provider-specific instructions provided in the documentation or resources mentioned here.


Zoho Vault is a password management application that can be configured to provide Single Sign-On (SSO) functionality for your Zoho Desk Help Center. With this configuration, users can seamlessly access both Zoho Vault and Zoho Desk Help Center using a single set of login credentials.

 

To set up SSO for your Zoho Desk Help Center using Zoho Vault:

  1. Log in to your Zoho Vault account.
  2. Navigate to Apps  >   Manage Apps.
  3. Click Add Custom App
  4. In the  Application Settings tab provide the following details:
    • Application Name: Provide a name for the application. For example, Zoho Desk.
    • Assertion Consumer Service URL -  Paste the value for SAML Response URL that you copied from the SAML page in Zoho Desk.
    • Audience URI (SP Entity ID) - Enter your Zoho Desk Help Center instance URL (it has the pattern https://support.mycompany.com/ ).
  5. Click Next.
  6. You now need to provide the details of Zoho Vault (IdP) to Zoho Desk (SP).
  7. In the  IdP Details  tab, do the following:
    • Copy the Identity Provider Single Sign-On URL and paste it into the Remote Login URL field in Zoho Desk SAML page.
    • Copy the Identity Provider Single Logout URL and paste it into the Remote Logout URL field in Zoho Desk SAML page.
    • Copy the Identity Provider Issuer and paste it into the Reset Password URL field in Zoho Desk SAML page.
    • Copy the Identity Provider Certificate and save it to a .txt file. Then upload the file into the Public Key field in Zoho Desk SAML page.
  8. Click Next.
  9. In the  Manage App Access tab, select the list of users to whom you wish to give access to the SAML-enabled Help Center.
  10. Click Save.


Okta

Okta is an identity management platform that can be configured to provide Single Sign-On (SSO) functionality for your Zoho Desk Help Center. With this configuration, users can seamlessly access both Okta and Zoho Desk Help Center using a single set of login credentials.
 
To set up SSO for your Zoho Desk Help Center using Okta:
  1. Log in to your Okta account with administrative privileges.
  2. Click the Applications tab.
  3. Click Add Application and then click Create New App.
  4. On the pop-up window, select the SAML 2.0 option and then click Create.
  5. In the General Settings page, provide a name for the application. For example, Zoho Desk.
  6. Click Next to continue.
  7. In the Configure SAML page, do the following:
    • Single sign on URL  - Paste the value for SAML Response URL that you copied from the SAML screen in Zoho Desk.
    • Audience URI (SP Entity ID) - Paste the value of  SAML Response URL  here as well.
    • Default RelayState - Paste the value for Default Relay State that you copied from the SAML screen in Zoho Desk.
    • Name ID format - Specify as EmailAddress.
  8. Click Next to continue.
  9. In the Feedback page, select I’m an Okta customer adding an internal app, and check the  This is an internal app that we have created option.
  10. Click Finish.
    The
    Sign On section of your newly created application appears.
  11. Click View Setup Instructions on the Sign On tab. It opens a new window to the IdP settings.
  12. On the IdP Settings window, do the following:
    • Copy the Identity Provider Single Sign-On URL and paste it into the Remote Login URL field in Zoho Desk SAML page.
    • Copy the Sign-Out URL and paste it into the Remote Logout URL field in Zoho Desk SAML page.
    • Copy the Identity Provider Single Sign-On URL and paste it into the Reset Password URL field in Zoho Desk SAML page.
    • Copy the X.509 Certificate and save it to a .txt file. Then upload the file into the Public Key field in Zoho Desk SAML page.
  13. Click Save.
  14. Now you must select the users to whom you wish to give access to the SAML-enabled Help Center. To do this:
    • Click the Applications tab and select your newly created application on Okta.
    • Click on the Assignments section of the application.
    • Click Assign and then select Assign to People.
    • In the pop-up window, type your username into the search box and then click  Assign next to your username.
      Repeat this step to add more users.
  15. Click Done to exit the assignment wizard.
  16. Back in Zoho Desk, check the Enable Signup option on the SAML page to allow new users to log in for the first time and then click Save.


OneLogin

OneLogin is an identity management and Single Sign-On (SSO) solution that can be configured to provide seamless access to your Zoho Desk Help Center. By integrating OneLogin as the Identity Provider (IdP) with Zoho Desk Help Center as the Service Provider (SP) using SAML, users can securely log in to the Help Center with a single set of credentials.
  1. Log in to your OneLogin account.
  2. Go to Apps Add Apps in the OneLogin administrator dashboard.
  3. Search for 'SAML Test Connector' and select the first result from the search results.
    It should be
    SAML Test Connector (IdP).
  4. When the Configuration tab appears, provide a name for the application. For example, Zoho Desk.
  5. Click Save.
    Now, additional tabs appear, and you land on the
    Info tab.
  6. Click the Configuration tab and enter the following details:
    • RelayState - Paste the value for Default Relay State that you copied from the SAML screen in Zoho Desk.
    • Recipient - Paste the value for SAML Response URL that you copied from the SAML screen in Zoho Desk.
    • ACS (Consumer) URL Validator - Paste the value of  SAML Response URL  here as well.
    • ACS (Consumer) URL - Paste the value of  SAML Response URL  here as well.
  7. Once done, click the SSO tab and do the following:
    • Copy the SAML 2.0 Endpoint (HTTP) URL and paste it into the Remote Login URL field in Zoho Desk SAML page.
    • Copy the  SAML 2.0 Endpoint (HTTP) URL and paste it into the Reset Password URL field in Zoho Desk SAML page.
    • Copy the  SLO Endpoint (HTTP) URL and paste it into the Remote Logout URL field in Zoho Desk SAML page.
    • In the X.509 Certificate field, click View Details and save the contents to a .txt file. Then upload the file into the Public Key field in Zoho Desk SAML page.
  8. Now you must select the users to whom you wish to give access to the SAML-enabled Help Center. To do this:
    Click the
    Users tab and then click All Users to add the app to individual user accounts.
  9. Click Save.
  10. Back in Zoho Desk, check the Enable Signup option on the SAML page to allow new users to log in for the first time and then click Save.


Auth0

Auth0 is an identity management platform that can be configured to provide Single Sign-On (SSO) functionality for your Zoho Desk Help Center. To configure Auth0 for SSO with Zoho Desk Help Center, you will need to follow the below-given steps. This involves setting up a connection between Auth0 and Zoho Desk Help Center, configuring the necessary SSO settings, and mapping user attributes between the two systems.
  1. Log in to your Auth0 account.
  2. Go to Dashboard Applications.
  3. Click the + CREATE APPLICATION button on the right.
  4. In the Name field, enter a name for the application. For example, Zoho Desk.
  5. Select the type of Application you want to create.
  6. Click Save.
  7. Go back to Dashboard Applications.
  8. Find the application you just created in Step 4, and click the Gear icon corresponding to it.
  9. Scroll down and click on the Advanced Settings link.
  10. In the expanded window, click the  Download Certificate button under the Certificates section.
    The downloaded certificate will be a
    .pem file.
  11. Now scroll back up and click on the Addons tab. Then enable the SAML2 WEB APP option.
    You will see a screen asking you to provide additional configuration information.
  12. On the Settings section of the screen, enter the following details:
  13. In the Addon SAML2 Web App popup, click the Usage tab and do the following:
    • Copy the Identity Provider Login URL and paste it into the Remote Login URL and the Reset Password URL fields in Zoho Desk SAML page.
    • Enter https://your_auth0_domain/v2/logout in the the Remote Logout URL field. Replace YOUR_AUTH0_DOMAIN with your actual Auth0 domain.
    • Upload the certificate you saved in Step 10 into the Public Key field in Zoho Desk SAML page.
  14. When done, click Save in Zoho Desk.
    Your end users will now be redirected to the Auth0's sign-in page when signing in to the Help Center.


Google Workspace

Google Workspace, formerly known as G Suite, is a suite of cloud-based productivity and collaboration tools provided by Google. It can be configured to provide Single Sign-On (SSO) functionality for your Zoho Desk Help Center. 
 
To configure Google Workspace for SSO with Zoho Desk Help Center:
  1. Sign in to your Google Workspace admin console with an administrator account.
  2. In the Admin console, click through to Apps > Web and mobile apps.
  3. From the Add App drop-down list, select Add custom SAML app.
  4. On the App Details page, do the following:
    1. Enter a unique name for the app.
    2. Upload an icon for the app (optional).
  5. Click Continue.
  6. On the Google Identity Provider details page, do the following:
    1. Copy the SSO URL and paste it into the Remote Login URL and the Reset Password URL fields in Zoho Desk SAML page.
      Your members redirect here when they sign in with an email address with your Google domain.
    2. Download the Certificate and save it to a .txt file. Then upload the file into the Public Key field in Zoho Desk SAML page.
    3. Enter the Remote Logout URL as https://accounts.google.com/logout in Zoho Desk SAML page.
  7. Click Continue.
  8. In the Service Provider Details window, do the following:
    1. Paste the value for SAML Response URL from SAML screen in Zoho Desk in the ACS URL field.
    2. In the Entity ID field, paste the value for Entity ID (Issuer) that you copied from the SAML screen in Zoho Desk.
      Note: If the IdP doesn't support a duplicate Entity ID, you can edit the Entity ID field in Zoho Desk to select the alternative and enter the same.
    3. Select EMAIL as the Name ID Format.
  9. Click Continue.
  10. Skip the Attribute Mapping page.
  11. Click Finish.
    Note: Make sure to check whether the app is provisioned to users or groups.
  12. Back in Zoho Desk, check the Enable Signup option on the SAML page to allow new users to log in for the first time and then click Save.


Microsoft Azure AD

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service provided by Microsoft. It can be configured to provide Single Sign-On (SSO) functionality for your Zoho Desk Help Center. 
 
To configure Azure AD for SSO with Zoho Desk Help Center, you will need to follow specific steps. This involves setting up an Enterprise Application in Azure AD, configuring the necessary SSO settings, and mapping user attributes between Azure AD and Zoho Desk Help Center.
  1. Sign in to your Azure AD portal with an administrator account.
  2. In the Azure portal, go to Manage Microsoft Entra ID and click View.
  3. On the left navigation pane, select Enterprise Applications and then All Applications.
  4. Click New Application button.
  5. In the search box, type SAML SSO, select Confluence SAML SSO by Microsoft from result panel then click Add to add the application to your portal.
  6. Navigate back to Enterprise Applications and then click Confluence SAML SSO by Microsoft app.
  7. Click Single sign-on and then choose SAML for Mode.
  8. On the Set up Single Sign-On with SAML page, click Edit icon to open Basic SAML Configuration dialog.
  9. On the Basic SAML Configuration section, do the following:
    1. In the Identifier text box, enter zoho.com
      Note(1): If the IdP doesn't support a duplicate Identifier, you can edit the Entity ID field in Zoho Desk to select the alternative and enter the same.
      Note(2): If you are on the .eu domain enter zoho.eu. Likewise, enter zoho.in if you are on the .in domain.
    2. In the Reply URL text box, paste the value for SAML Response URL that you copied from the SAML screen in Zoho Desk.
    3. In the Sign-on URL text box, paste the value for Redirect URL (For Microsoft Azure) that you copied from the SAML screen in Zoho Desk.
    4. In the Relay State text box, paste the value for Default Relay State that you copied from the SAML screen in Zoho Desk.
    5. Check the radio boxes for the entered values.
    6. Click Save at the top of the page.
  10. On the Set up Single Sign-On with SAML page, click the Edit button to open User Attributes & Claims dialog.
  11. In the User Attributes section on the User Attributes & Claims dialog, do the following:
    1. Click Edit icon to open the Manage user claims dialog.
    2. From the Source attribute list, select the attribute value user.mail.
    3. Click Save.
  12. Go to SAML Signing Certificate menu and do the following:
    1. In the Signing Option drop-down list, choose Sign SAML response.
      This enables Azure AD to sign the SAML response with the X.509 certificate of the application.
    2. Click Save to apply the new SAML signing certificate settings.
    3. Download the certificate by clicking Certificate (PEM).
  13. Go to Set up Confluence SAML SSO by Microsoft menu and do the following:
    1. Copy the Login URL and paste it into the Remote Login URL and the Reset Password URL field in Zoho Desk SAML page.
    2. Copy the Logout URL and paste it into the Remote Logout URL field in Zoho Desk SAML page.
    3. Upload the certificate you saved in Step 12 into the Public Key field in Zoho Desk SAML page.
  14. Click Save.
  15. Back in Zoho Desk, check the Enable Signup option on the SAML page to allow new users to log in for the first time and then click Save.


Keycloak IDP

Keycloak is an Identity and Access Management (IAM) solution that can be configured to provide Single Sign-On (SSO) functionality for your Zoho Desk Help Center. 
 
To configure Keycloak for SSO with Zoho Desk Help Center: 
  1. Log in to Keycloak and open the administration console.
  2. Click Clients from the left panel, and then click Create to start creating a new client application.
  3. On the Add Client page, enter the following details:
    1. Client ID: Enter as zoho.com
    2. Client Protocol: Select SAML from the drop-down menu
    3. Client SAML Endpoint: Paste the value for Help Center SAML Response URL that you copied from the SAML page in Zoho Desk.
    4. Click Save.
      This will create the client and bring you to the client Settings tab.
  4. On the Client Settings page, do the following:
    1. Select email in the Name ID Format drop-down box.
    2. Toggle Client Signature Required off.
    3. Toggle Front Channel Logout off.
    4. Click the + sign to enter https://accounts.zohoportal.com/* and https://desk.zoho.com/* as Valid Redirect URIs.
    5. Click Save.
  5. The next step is to enter details on the Zoho Desk Help Center SAML page. 
    Go to the URL: http://{your-keycloak-server:8080}/auth/realms/{your-realm}/protocol/saml/descriptor
    E.g. http://localhost:8080/auth/realms/master/protocol/saml/descriptor
  6. To get the public key:
    1. Copy the value of “dsig:X509Certificate” node in the XML configuration file.
    2. Paste the value to a text file. Make sure you place the value between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
    3. Save the text file.
  7. To get the Remote Login URL and Reset Password URL:
    1. Find the node SingleSignOnService with the attribute Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" in the XML file.
    2. Copy the value of the location.
  8. To get the Remote Logout URL:
    1. Create an URL like http://{your-keycloak-server:8080}/auth/realms/{your-realm}/protocol/openid-connect/logout?redirect_uri={URL_encoded_Help Center URL}
      E.g. http://localhost:8080/auth/realms/master/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fdesk.zoho.com%2Fportal%2Fdeccanpl%2F
    2. Copy the value of the location.
  9. Back in the Zoho Desk Help Center SAML page, do the following:
    1. Paste the values for Remote Login URL, Remote Logout URL, and Reset Password URL.
    2. Upload the saved text file into the Public Key field.
    3. Click Save.
  10. Your federated SAML SSO is ready for use. 


Zitadel IDP

Zitadel is an Identity and Access Management (IAM) solution that can be configured to provide Single Sign-On (SSO) functionality for your Zoho Desk Help Center. 

 

To configure Zitadel for SSO with Zoho Desk Help Center:

 

  1. Log in to Zitadel with as an Administrator.
  2. Go to the Projects tab and click New to create a new application. 
  3. In the Create Application page, do the following:
    1. Enter your Application Name.
    2. Choose SAML as the application type from the options provided.
  4. Click Continue.
  5. In the SAML configuration window, click Upload Metadata XML to upload SP metadata.
    Refer the below-given sample SP meta data XML. You can edit and reuse this.

    In the above-given sample SP meta data XML, you need to do some changes before reusing it:
    1. Replace the Entity ID with the id that you have selected in the Zoho Desk SAML setting page.
    2. In the Zoho Desk SAML Settings page, copy the SAML response URL and paste it in the AssertionConsumerService location.
  6. Click Continue.
  7. In the Overview window, click Create to create the SAML application.
  8. Go to the Zoho Desk SAML Setup page and paste the below values in: 
    1. Remote Login URL: https://{your_instance_domain}/saml/v2/SSO
    2. Reset Password URL: https://{your_instance_domain}/saml/v2/SSO
    3. Remote Logout URL:https://{your_instance_domain}/ui/console/signedout
  9. Go to "https://{your_instance_domain}/saml/v2/certificate" to download the public certificate and change the certificate format to .txt.
  10. Navigate to the Zoho Desk SAML setup page and upload the downloaded public certificate in text format in the public key.
  11. Click Save
    This will enable the SAML for the particular help center.



Helpful?2412
Updated: 3 months ago
Share :
1 comment

Where can I get the SAML metadata URL for Zoho desk service provider?