Directory Apps - Aws Identity Center | Marketplace Installation Guides - Zoho One

AWS Identity Center for Zoho Directory

Prerequisites

  1. An Application admin role in AWS Identity Center account.
  2. AWS account root user permissions.

Configure SAML in Zoho One /Directory

1. If you're a Zoho One user:
  1. Sign in to Zoho One , then click Directory in the left menu.
  2. Go to Marketplace, then click Browse Applications.
  3. Use the search bar to find and install AWS Identity Center.

2. If you're a Zoho Directory user:
  1. Sign in to Zoho Directory , then click Admin Panel in the left menu.
  2. Go to Applications, then click Add Application.
  3. Use the search bar to find and add AWS Identity Center.

3. Name your app. Enter the Unique ID, Region Code, and Identity store ID.
Note: To find your Region Code and Identity store ID, sign in to AWS Identity Center as root user. Below the search bar, click IAM Identity Center and Click Settings in the left menu to find the Region Code in the Details section and Identity store ID below the tab Identity source. Your Unique ID will be the last part of your ACS URL. After the step 7 in Configure SAML in AWS, you can find your ACS URL below Service provider metadata section in the field IAM Identity Center Assertion Consumer Service (ACS) URL. For example if your URL is region.aws.amazon.com/platform/saml/acs/abc123 your Unique ID will be abc123.
4. Click Add.
5. Click the Single Sign-On tab.
6. Click Service Provider Details to check and verify the SP details. You can also edit them if needed.
7. Click Identity Provider Details, then click Download IDP Metadata. A metadata file will be downloaded.
     

Configure SAML in AWS Identity Center

  1. Go to your AWS Identity Center sign-in page.
  2. Select Root user, enter your AWS account email address and click Next.
  3. On the next page, enter your password and click Sign in.
  4. Click on the Services  icon beside the search bar and select IAM Identity Center.
  5. Under Enable IAM Identity Center, Click Enable with AWS Organizations.
  6. Below the search bar, select IAM Identity Center and then click Settings in the left menu .
  7. Under the Identity Source tab, click Actions, then click Change identity source.
  8. Select External identity provider, then click Next.
  9. In the Identity provider metadata section, click Choose file under IdP SAML metadata.
  10. Upload the metadata file you've downloaded from Zoho Directory.
  11. Click Next.
  12. Scroll down to the bottom, enter ACCEPT to confirm that you want to change your identity source, then click Change identity source.

SCIM Provisioning

SCIM Provisioning creates, updates, and deletes users in AWS whenever they are created, updated, or deleted in Zoho Directory. This simplifies user management, allowing you to manage users across all applications from a single place—Zoho Directory. Learn how to enable it.

Test the SAML connection

Return to the Zoho Directory Admin Panel.
  1. Go to Applications, then click AWS Identity Center.
  2. Click Assign Users, choose yourself from the list, then click Assign.
  3. Click the icon next to the app's name. If everything is working, you should be signed, in automatically and taken to AWS Identity Center's homepage.

Make app visible to all users

After successfully testing SSO, you can make AWS Identity Center available for all users to access from their My Apps pages. To make AWS Identity Center visible to all users:
  1. Sign in to the Zoho Directory Admin Panel.
  2. Go to Applications, then click AWS Identity Center .
  3. Click Unhide.

  4. You can now access AWS Identity Center from Zoho Directory's My Apps page.