Add IdP

Add IdP

  1. Sign in to Zoho Directory, then click Admin Panel in the left menu.
  2. Go to the Security tab, then go to Identity Providers.
  3. Click Add IdP.
  4. Enter the name of your IdP in the Display Name field.
  5. Select the SSO Protocol. You will not be able to change it later.
  6. Copy the ACS URL. You will need it to configure SSO at your IdP.
  7. Copy the Entity ID. You will need it to verify that the assertion is from Zoho at your IdP.
  8. Enter the Sign-in URL. This is the URL the user will be redirected to when they try to sign in to Zoho. Change the method only if needed.
  9. Copy the Sign-out URL. This is the URL the user will be redirected to after signing out of Zoho. Change the method only if needed.
  10. If you select SAML as the SSO Protocol, enter the following details obtained from your IdP:
    1. Name ID Format: This specifies the format of the name ID in the assertion sent from your IdP. Change it only if the IdPs specifies you to.
    2. Sign SAML Requests: Not all IdPs support request signing. Check with your IdP before enabling.
    3. Verification Certificate: The certificate with which Zoho can check the digital signature on the IdP's authentication response.
  11. If you select JWT, select a signing algorithm.
    1. HS256: The HS256 signing algorithm makes use of a secret key shared between the IdP and Zoho Directory to generate a hashing function, which serves as the signature.
      1. Generate a Secret Key. You will need it to configure SSO at your IdP.
    2. RS256: The RS256, on the other hand, makes use of a public/private key pair. The IdP has a private key which generates a signature, and the user validates the signature using the public key.
      1. Browse and add the Verification Certificate that you downloaded from the IdP.
  12. Enter the Sign-in parameters and Sign-out parameters if needed.
  13. Click Add.