Custom Authentication - PhenixID | Admin Guide - Zoho Directory

Custom authentication with PhenixID

Prerequisites

Roles required to perform this action :

  • Organization Owner

  • Organization Admin

Custom authentication with PhenixID:

Custom authentication with PhenixID enables you and your employees to sign in and access Zoho Directory using your PhenixID credentials.

Prerequisite

  1. PhenixID authentication server version 3.0 or higher. 

Configure a federation scenario in PhenixID

To set up custom authentication with PhenixID, you need to configure an authentication scenario in PhenixID as follows:
  1. Sign in to PhenixID Configuration Manager.
  2. Click SCENARIOS at the top, then click FEDERATION.
    Creating scenarios in the FEDERATION tab
  3. Create an authentication scenario available in your version with the following values:
    Field
    Value
    SEARCH FILTER
    mail={{request.username}}
    USER IDENTIFIER ATTRIBUTE
    mail
  4. Once created, select the scenario from the left menu, then go to the EXECUTION FLOW tab. 
    Selecting the created scenario from the left menu
  5. Click Find userid & issue SAML assertion, then click AssertionProvider.
  6. Under MISCELLANEOUS, click Add to create a new field.
  7. Enter nameIdFormat in the left field, and urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress in the right field.
    Adding a miscellaneous field
  8. Click Save.
  9. Switch to the IDENTITY PROVIDER tab.
  10. In the POST SLO URL field, enter the SLO url in the following format:
    https://{host name}.phenixid.net/saml/authenticate/logout
    Note: The {host name} represents the name of your domain. For example, if the URL of your PhenixID account is https://zylker.phenixid.net/, your host name would be "zylker".
  11. Click Save.
  12. Note down the POST SSO URL and the POST SLO URL.
    Exporting the IdP metadata
  13. Click View SAML Metadata to open the Identity Provider(IdP) metadata file.
  14. Export and save the certificate metadata by creating a .cert file.

Configure PhenixID with Zoho Directory

A. Using the URLs and the certificate, set up SAML in Zoho Directory . When setting up SAML,
  1. Enter the POST SSO URL under Sign-in URL and Change Password URL.
  2. Enter the POST SLO URL under Sign-out URL.
  3. Upload the .cert file under Verification Certificate.
B. You need an SP metadata file to set up Zoho Directory as Service Provider (SP) in PhenixID. You can get the SP metadata file from your Zoho account:
  1. Sign in to Zoho Accounts.
  2. Click Organization in the left menu, then click SAML Authentication.
  3. Click Download Metadata to download the zohometadata.xml file (SP metadata).
C. Configure Zoho Directory as SP in PhenixID using the following steps:
  1. Return to the FEDERATION tab in PhenixID Configuration Manager.
  2. From the left menu, click next to SAML metadata upload.   
  3. Enter a name for the new scenario, add a short description (if needed), then click Next.
  4. Under METADATA UPLOAD, upload the SP metadata file (zohometadata.xml).
  5. Click Verify and show, then click OK.
  6. Click Next, then click Create.
  7. Test the configuration by signing out of your Zoho account, and then signing in. If the configuration is successful, you will be redirected to PhenixID for authentication.