Custom Authentication - Google | Admin Guide - Zoho Directory

Custom authentication with Google

Prerequisites

Roles required to perform this action:
  1. Organization Owner
  2. Organization Admin

Custom authentication with Google

Custom authentication with Google enables SAML-based single sign-on (SSO) from Google to Zoho. With SSO, you and your employees can sign in to Google and access Zoho directly, without having to sign in to Zoho.

To set up custom authentication with Google:
  1. Sign in to your Google Admin console using an administrator account.
  2. Click Apps, then click Web and mobile apps.
  3. Click Add App, then click Add custom SAML app.  
  4. In the App Details page, enter the App name as "Zoho Directory". You can optionally add a description and icon.
  5. Click Continue.
  6. In the Google Identity Provider details page, copy the SSO URL and download the Certificate
  7. In a separate tab, sign in to Zoho Directory and add Google as an IdP using the information gathered in Step 6.
    Learn how to add an IdP.
  8. Open the IdP details page and copy the ACS URL displayed under the SAML tab.



  9. Return to the Google admin console and click Continue.
  10. In the Service Provider Details page, enter the following details: 
    1. Enter the ACS URL copied in Step 8.
    2. Enter the Entity ID as "zoho.com".
    3. Enter the Start URL as "https://directory.zoho.com".
    4. Select the Signed Response checkbox.
    5. Select EMAIL as the Name ID Format.
  11. Click Continue. The Attribute Mapping window is optional, and can be configured if you need any custom attributes in the SAML Response. To add an attribute mapping:
    1. Click ADD MAPPING.
    2. Use the Select Field drop-down to select a field name and enter the respective attribute under App Attribute.
  12. Click Finish.