Custom Authentication - PingOne | Admin Guide - Zoho Directory

Custom authentication with PingOne

Prerequisites

Roles required to perform this action :

  • Organization Owner

  • Organization Admin


Configure SAML with PingOne 

  1. Go to PingOne.
  2. In the Select Account dropdown menu, select PingOne.
  3. Enter your email address, then click SIGN ON.
  4. Enter your password, then click Sign On.
  5. Click the dropdown menu in the left pane under Environments, then click Administrators.
  6. Click in the left pane, then click next to Applications.
  7. Click ADVANCED CONFIGURATION under SELECT AN APPLICATION TYPE.
  8. Click Configure next to SAML.
  9. Enter "Zoho Directory" in the APPLICATION NAME field.
  10. Enter a description and upload an icon, if needed.
  11. Click Next, then select Manually Enter.
  12. Enter the ACS URL in the ACS URLS field.
    Note: You can find the ACS URL in Zoho Directory's Custom Authentication page.
  13. Click Download Signing Certificate under SIGNING KEY.
  14. Select the X509 PEM (.crt) format to be downloaded.
  15. Enter the ENTITY ID from the following table based on the Data Center (DC) your Zoho Directory account is present in.

    Data Center
    Corresponding Entity ID
    United States (US)
    zoho.com
    Europe (EU)
    zoho.eu
    India (IN)
    zoho.in
    China (CN)
    zoho.com.cn
    Australia (AU)
    zoho.com.au
    Japan (JP)
    zoho.com
    Canada (CA)
    zohocloud.ca
    Saudi Arabia (SA)
    zoho.sa
    United Kingdom (UK)
    zoho.uk

  16. Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress under SUBJECT NAMEID FORMAT.
  17. Enter a time duration in seconds (say, 3600) in the ASSERTION VALIDITY DURATION (SECONDS) field.
    Note: Assertion Validity Duration is how long a SAML assertion is valid for before it expires. 
  18. Click Save and Continue.
  19. Select Email Address under PINGONE USER ATTRIBUTE.
  20. Click Save and Close. You will be redirected to the Applications page.
  21. Click the Configuration tab.
  22. Copy the SINGLE LOGOUT SERVICE URL and the SINGLE SIGNON SERVICE URL, then use the information to set up SAML in Zoho Directory.
    1. Paste the SINGLE SIGNON SERVICE URL in the Sign-in URL field.
    2. Paste the SINGLE LOGOUT SERVICE URL in the Sign-out URL field.
    3. Browse and upload the X509 PEM (.crt) in the Verification Certificate field.
  23. Go back to the Applications page in PingOne and slide the toggle bar next to Zoho Directory to enable user access.

Test the SAML connection 

  1. Go to Zoho Directory.
  2. Enter your email address, then click NEXT.
  3. Click Sign in another way.
  4. Click Sign in with SAML. You will be redirected to sign in through PingOne.