Custom authentication with OneLogin
Prerequisites
Roles required to perform this action :
Organization Owner
Organization Admin
Custom authentication with OneLogin:
Custom authentication with OneLogin enables SAML-based single sign-on (SSO) from OneLogin to Zoho. With SSO, you and your employees can sign in to OneLogin and access Zoho directly, without having to sign in to Zoho.
To set up custom authentication with OneLogin:
- Sign in to OneLogin's admin console.
- Click Applications, then click Add App.
- Search for 'SAML Test Connector'.
- Choose SAML Test Connector (IdP w/ attr w/ sign response).
- Enter "Zoho Directory" under display name. Upload logos if needed.
- Click Save.
- Go to the SSO tab, then copy the SAML 2.0 Endpoint (HTTP) and the SLO Endpoint (HTTP). Under X.509 Certificate, click View details, then download the X.509 PEM file.
- Go to the Configuration tab then enter the following details:
- RelayState: Enter "https://directory.zoho.com".
- Audience: Enter "https://accounts.zoho.com".
- Recipient: Enter the ACS URL found in Zoho Directory's Custom Authentication page.
- ACS (Consumer) URL Validator: Enter the ACS URL found in Zoho Directory's Custom Authentication page.
- ACS (Consumer) URL: Enter the ACS URL found in Zoho Directory's Custom Authentication page.
- Single Logout URL: Enter "https://accounts.zoho.com/logout/samlsp/<ZOID>".
- Click Save.
- Use the details from Step 7 to set up SAML in Zoho Directory.
- Enter SAML 2.0 Endpoint (HTTP) under Sign-in URL.
- Enter SLO Endpoint (HTTP) under Sign-out URL.
- Upload the X.509 PEM file under Verification Certificate.
Note: <ZOID> is the last part of your ACS URL.