Directory apps - Microsoft 365

Microsoft 365 for Zoho Directory

Prerequisites

  1. In Zoho Directory:
    1. An account with admin permissions
  2. In Microsoft 365:
    1. An account with admin permissions
    2. A verified domain that is different from the default domain
  3. System requirements:
    1. A Windows machine managed by your organization
    2. Microsoft PowerShell version 5.0 or later
    3. Device local account that has admin permissions

Configure SAML in Microsoft 365

  1. Sign in to Microsoft Entra admin center, then click Entra ID in the left panel.
  2. Click Enterprise Apps, then click New application.
  3. Click Create your own application and provide a name for the application.
  4. Click Create.
  5. Copy the Application ID to your clipboard.
  6. Click Properties, then click the application registration link.
  7. From the list of additional properties, click Authentication.
  8. Click Add a Platform, then click Web.
    1. In the form that opens, enter the Redirect URI based on your DC from the table given below:

      DC
      Sign-in redirect URI (for Zoho One)
      Sign-in redirect URI (for Zoho Directory)
      Japan
      https://one.zoho.jp/provision/oauth/callback
      https://directory.zoho.jp/provision/oauth/callback
      US
      https://one.zoho.com/provision/oauth/callback
      https://directory.zoho.com/provision/oauth/callback
      Europe
      https://one.zoho.eu/provision/oauth/callback
      https://directory.zoho.eu/provision/oauth/callback
      China
      https://one.zoho.cn/provision/oauth/callback
      https://directory.zoho.cn/provision/oauth/callback
      India
      https://one.zoho.in/provision/oauth/callback
      https://directory.zoho.in/provision/oauth/callback
      Australia
      https://one.zoho.au/provision/oauth/callback
      https://directory.zoho.au/provision/oauth/callback
      UK
      		Not Supported
      https://directory.zoho.uk/provision/oauth/callback
      Canada
      https://one.zohocloud.ca/provision/oauth/callback
      https://directory.zohocloud.ca/provision/oauth/callback
      Saudi Arabia
      https://one.zoho.sa/provision/oauth/callback
      https://directory.zoho.sa/provision/oauth/callback
      Notes
      If you have configured a custom domain for your organization, then the redirect URI would be of the format <One/Directory URL>/provision/oauth/callback.
  9. Click Certificates & secrets, then click New client secret.
  10. Click Add, then copy the Value of the generated secret to your clipboard.

Configure SAML in Zoho One/Directory

  1. If you're a Zoho One user:
    1. Sign in to Zoho One, then click Directory in the left menu.
    2. Go to Marketplace, then click Browse Applications.
    3. Use the search bar to find and install Microsoft 365.
  2. If you're a Zoho Directory user:
    1. Sign in to Zoho Directory, then click Admin Panel in the left menu.
    2. Go to Applications, then click Add Application.
    3. Use the search bar to find and add Microsoft 365.
  3. Name your app and enter the Domain Name and Tenant ID.
    Notes
    To find your domain name and tenant ID in Microsoft Entra admin center, navigate to Identity in the left panel, then click Overview.
  4. If you want to test the SAML configuration before allowing users to access Microsoft 365, uncheck Display app to users. You can make the app visible to all users later.
  5. Click Add.
  6. Click the Single Sign-On tab.
  7. In the Identity Provider Details section, enter the following:
    1. OAuth Consumer Key: Paste the Application ID copied from Microsoft 365.
    2. OAuth Consumer Secret: Paste the Client Secret copied from Microsoft 365.
    3. Authorization Endpoint: Enter the authorization endpoint in the below format:
      https://login.microsoftonline.com/<tenant ID>/oauth2/v2.0/authorize
    4. Token Endpoint: Enter the token endpoint in the below format:
      https://login.microsoftonline.com/<tenant ID>/oauth2/v2.0/token
  8. Click Authorize. A new tab will open, requesting your consent to access information in Microsoft 365.
  9. Click Allow. You will be taken back to Zoho Directory.
  10. Download the file containing the PowerShell script and run the downloaded file in a windows machine in your organization.
  11. Once the ShellScript is run, return to Zoho Directory and click Verify. The configuration process will be complete.

Test the SAML connection

  1. Return to the Zoho Directory Admin Panel.
  2. Go to Applications, then click Microsoft 365.
  3. Click Assign Users, choose yourself from the list, then click Assign.
  4. Click the  icon next to the app's name. If everything is working, you should be automatically signed in and taken to Microsoft 365's homepage.

Make app visible to all users

After successfully testing the SSO, you can make Microsoft 365 available for all users to access from their My Apps pages.

To make Microsoft 365 visible to all users:
  1. Sign in to the Zoho Directory Admin Panel.
  2. Go to Applications, then click Microsoft 365.
  3. Click Unhide.
  4. You can now access Microsoft 365 from Zoho Directory's My Apps page.