Custom Authentication - CyberArk | Admin Guide - Zoho Directory

Custom authentication with CyberArk

Prerequisites

Roles required to perform this action :

  • Organization Owner

  • Organization Admin


Configure SAML with CyberArk 

  1. Sign in to the CyberArk admin console.
  2. Click Web Apps under Apps in the left pane.
  3. Click Add Web Apps, then search for "Zoho".
  4. Click Add next to the option Zoho - SAML.
  5. Click Yes in the pop-up window that appears, then click Close. You will be redirected to the Settings page.
  6. Enter the domain name in the Zoho Domain field, then type "Zoho Directory" in the Name field.
    Notes
    Note: To enter the domain name, sign in to your Zoho Mail account and go to the Control Panel. Click Domains, copy the value under Domain Name, then paste it in the Zoho Domain field.
  7. Click Save.
  8. Click Trust in the left menu, then check Manual Configuration under Service Provider Configuration.
  9. Enter the SP Entity ID / SP Issuer / Audience from the following table based on the Data Center (DC) your Zoho Directory account is present in.

    Data Center
    Corresponding Entity ID
    United States of America (US)
    zoho.com
    Europe (EU)
    zoho.eu
    India (IN)
    zoho.in
    Australia (AU)
    zoho.com.au
    China (CN)
    zoho.com.cn
    Japan (JP)
    zoho.com
    Canada (CA)
    zohocloud.ca
    Saudi Arabia (SA)
    zoho.sa
    United Kingdom (UK)
    zoho.uk

  10. Enter the ACS URL in the Assertion Consumer Service (ACS) URL field.
    Notes
    Note: You can find the ACS URL in Zoho Directory's Custom Authentication page.
  11. Select emailAddress under NameID Format.
  12. Check Manual Configuration under Identity Provider Configuration.
  13. Click Signing Certificate, then click Download.
  14. Click Save.
  15. Copy the Login URL and Logout URL, then use the information to set up SAML in Zoho Directory.
    1. Paste the Login URL in the Sign-in URL field.
    2. Paste the Logout URL in the Sign-out URL field.
    3. Browse for and upload the previously-downloaded certificate in the Verification Certificate field.

Deploy the app to users 

  1. Sign in to the CyberArk admin console.
  2. Click Web Apps under Apps in the left pane.
  3. Click Zoho Directory, then click Permissions in the left menu.
  4. Click Add, then search for specific users or groups you want to enforce SSO for.
  5. Select the users, then click Add.
  6. Click Save.

Test the SAML connection

In the above section, make sure to add yourself so that you can test the connection.
  1. Go to Zoho Directory.
  2. Enter your email address, then click NEXT.
  3. Click Sign in another way.
  4. Click Sign in with SAML. You will be redirected to sign in through CyberArk.