Managing IdPs - Custom Authentication | Admin Guide - Zoho Directory

Add an IdP

Prerequisites

Permissions required to perform this action :
  1. Add IdPs

Add an IdP:

  1. Sign in to Zoho Directory, then click Admin Panel in the left navigation menu.
  2. Go to Security, then click the Custom Authentication tab.
  3. If you are adding your first IdP, click Add Identity Provider. Otherwise, click Add IdP.
  4. Enter the name of your IdP in the Display Name field.
  5. Click All Members if you want all your employees to sign in through SSO via this IdP. Otherwise, choose one or more groups of users to enforce SSO.
    Note: The All Members option will only be available when you add the "Default" IdP. If you select Specific Groups, then you can name the IdP at your convenience.  Once you add an IdP that is applied to all the members in your organization, that becomes the "Default" IdP and all other IdPs can be applied only to specific groups of users.
  6. If you want to exclude a groups of users from being enforced with this IdP, select Exclude groups from using this IdP, then choose the groups.
    Note: Suppose a user named Ben is part of an applicable group, Managers. He is also a part of an excluded group, Technicians. In such a case, even though Ben is a part of Managers, he will be excluded from the IdP since Technicians is excluded. 
  7. Set the IdP Priority using the dropdown menu, in case multiple IdPs have been added. 
    Note: Suppose the IdP priority is in this order: Okta, OneLogin, Azure, Default. If you select OneLogin from the dropdown menu, then the newly-added IdP will come second in the priority list. The list will then be in this order: Okta, IdP, OneLogin, Azure, Default. Similarly, in the IdP dropdown menu, when you select a particular IdP, the newly-added IdP will be prioritized just above the chosen IdP.
  8. If you select SAML:
    1. Enter the following details obtained from your IdP:
      1. Sign-in URL: The URL the user will be redirected to when they try to sign in to Zoho.
      2. Sign-out URL: The URL the user will be redirected to after signing out of Zoho.
      3. Change Password URL: The URL the user will be redirected to if they try to change their Zoho account's password.
      4. Verification Certificate: The certificate with which Zoho can check the digital signature on the IdP's authentication response.
    2. Click Add.
  9. If you select JWT:
    1. Enter the following details obtained from your IdP:
      1. Sign-in URL: The URL the user will be redirected to when they try to sign in to Zoho.
      2. Sign-out URL: The URL the user will be redirected to after signing out of Zoho.
    2. Select a signing algorithm.
      1. HS256: The HS256 signing algorithm makes use of a secret key shared between the IdP and Zoho Directory to generate a hashing function, which serves as the signature.
      2. RS256: The RS256, on the other hand, makes use of a public/private key pair. The IdP has a private key which generates a signature, and the user validates the signature using the public key.
    3. If you've selected HS256, generate a Public Key. If you've selected RS256, browse and add the Verification Certificate that you downloaded from the IdP.
    4. Enter the Sign-in parameters and Sign-out parameters if needed.
    5. Click Add.