Cloud LDAP for Zoho One
What is LDAP?
Cloud
LDAP in Zoho One enables organizations to utilize LDAP
(Lightweight Directory Access Protocol) for authentication and user
management, eliminating the need to maintain an on-premises LDAP server.
By using Zoho’s cloud-based infrastructure, admins can integrate Zoho One with LDAP-compatible applications and services, making it
easier to manage user identities and control access securely.
This
eliminates the hassle of managing physical directory servers while
still giving you the flexibility of traditional LDAP. Cloud LDAP is
especially useful for those who want:
- A single source of truth for all users and credentials.
- Easy integration with LDAP-supported applications like Linux systems, Atlassian Jira, OpenVPN, printers, and more.
- Secure authentication over the cloud (LDAPS).
What is a service account?
A
service account in Cloud LDAP is an account created in Zoho One solely for enabling applications to connect to the directory and perform
authentication and directory lookup operations in a secured way. It is
used by applications or services (like Jira and VPN servers) to bind to
Cloud LDAP. In LDAP terms, this is usually the BindDN (distinguished
name) + password that the application uses.To set up and manage Cloud
LDAP, you'll first need to add LDAP clients to Zoho One (eg.,
printers, Atlassian Jira), configure access permissions for each client,
and connect them to the Cloud LDAP service.
Prerequisites
- Zoho One account with admin privileges
- Cloud LDAP enabled in your Zoho One admin console
- Users already added or synced to your Zoho One account
The steps to perform LDAP-related actions vary between the two User Interface versions supported in Zoho One. Select the UI version you use from the tabs below and proceed with the steps that follow.
Spaces UI
Unified UI
Spaces UI
Add LDAP clients
- Sign in to Zoho One, then click
in the top-right corner.
- Go to LDAP in the left panel, if not configured, click Configure LDAP. If already configured, click Add LDAP Client in the Clients tab.
- Under LDAP client name field, enter a name (for example, Printer).
- Click Add service account, if service account not added already. Enter a username for the service account, copy the generated password, and then click Save.
You'll need the generated password when connecting your client to the Secure LDAP service, so make sure to save it. Otherwise, you will have to regenerate a new password. - Now, select from the added accounts and click Save and Next.
Configure access permissions and attributes
The
access permissions page will automatically be displayed once you have
added an LDAP client. It determines how applications interact with your
directory and what data can be accessed. It has two sections:
User Authentication - This setting allows the admins to restrict which users are allowed to authenticate via Cloud LDAP. In other words, only the users with LDAP permissions can authenticate successfully. This operation is read-only, so the application cannot modify the user credentials in Zoho One.
Read User Information - This setting specifies which attributes of the user the LDAP client can access to retrieve user information. You can choose the attributes you want to expose via Attribute mapping in Zoho One.
User Authentication - This setting allows the admins to restrict which users are allowed to authenticate via Cloud LDAP. In other words, only the users with LDAP permissions can authenticate successfully. This operation is read-only, so the application cannot modify the user credentials in Zoho One.
Read User Information - This setting specifies which attributes of the user the LDAP client can access to retrieve user information. You can choose the attributes you want to expose via Attribute mapping in Zoho One.
- To include users that an LDAP client can access to verify the user credentials, tick the checkbox Verify user credentials.
- Tick the checkbox Read user information to select the attributes that the LDAP client can have access to.
- Select one from the available LDAP attributes and click Save and Next.
- To add a custom attribute, go to the Attributes tab, click Manage Attributes.
- Click Add Attribute. Enter an attribute name.
- For Field value, select from the profile fields or enter a hardcoded value. Then, click Add. You can select the custom-added attribute on the permissions page.
Assign members
Once you've added LDAP client and configured permissions for it, you can now assign members to each client.
- In the Summary page, click Assign Members at the bottom page to assign users to the client or click on the required client, then click
. Click Assign Members.
- Under Choose Users, click to either select users manually or attach file.
- After selecting users, click Assign.
Add a service account
- Under LDAP section, go to Service Accounts tab.
- Click Add Service Account.
- Enter a username for the service account, copy the generated password, and then click Save.
You'll
need the generated password when connecting your client to the Secure
LDAP service, so make sure to save it. Otherwise, you will have to
regenerate a new password.
Delete a service account
- Under LDAP section, go to Service Accounts tab.
- Hover over the required service account, and click Delete.
If the service account is mapped to clients, you'll have to dissociate the clients from the service account to delete.
Edit access permissions
- Sign in to Zoho One, then click
- Go to LDAP, and click Clients tab.
- Click on the required client from the list, click Edit, and then click Save and Next.
- Tick or untick the access permissions checkbox based on your preference.
Edit LDAP client details
- Go to Clients tab, and hover over the required client name.
- Click
, then click Edit.
- Edit the necessary details on the page and click Save and Next.
Deactivate/ Delete LDAP client
- Go to Clients tab, and hover over the required client name.
- Click
, then click Deactivate.
- To delete a client, click Delete. Once deleted, you can no longer retrieve the client's information.
Connect LDAP clients to the Cloud LDAP service
Before
connecting your LDAP client to the Cloud LDAP service, make sure you
have added your client to Zoho One as a LDAP server, configured
access permissions, and optionally generated access credentials.
Depending on the type of client, there are different instructions for connecting them to the LDAP service.
To
begin, open the LDAP client's authentication or directory settings and
enter the necessary details listed below. Alternatively, you can find
them in the Info tab > LDAP > Admin Panel.
Hostname | ldap.zoho.com |
Ports | 389 for LDAP port (StartTLS enabled) 636 for LDAPS port (SSL/TLS enabled) |
Base DN | Your domain in DN format (LDAP client base DN) dc=zohoone, dc=com for zohoone.com |
Username and password | For LDAP clients that require a username and password, use the username and saved password from when you created a service account while adding the LDAP client to Zoho One. |
For
encryption between the client and LDAP server, LDAPS is preferred. But,
if you choose to use LDAP, it is necessary to enable StartTLS for
security purposes.
LDAP-supported operations
Below are some of the supported operations to ensure smooth and safe access to directory information:
1. Request Rate Limit
- Up to 4 Requests Per Second:
- Up to 4 Requests Per Second:
Each
user or application can send a maximum of 4 LDAP requests every second.
Avoid sending too many requests in a short time to prevent connection
issues.
2. Connection Time Limit
- Each Connection Can Stay Open for Up to 1 Minute:
- Each Connection Can Stay Open for Up to 1 Minute:
Any
LDAP connection you make to the service can last a maximum of one
minute before it is closed automatically. This helps keep the system
efficient and stable.
3. Concurrent Connection Limit
- Maximum of 100 Connections at the Same Time:
- Maximum of 100 Connections at the Same Time:
The service supports up to 100 simultaneous connections from all users or apps combined.
4. Supported LDAP Operations
bind: Log in to the directory to prove your identity.
bind: Log in to the directory to prove your identity.
unbind: Log out to close your session cleanly.
search: Look up information stored in the directory (like users, groups, or devices).
extended operations: Includes:
- StartTLS: A way to encrypt the connection, keeping your data safe while it’s sent over the network.
- Who Am I?: Lets you check which user or application you’re currently authenticated as.
Below
are the links to configuration instructions for a few LDAP clients.
Otherwise, you can refer to the documentation of the relevant client.
Certain
LDAP clients, such as Atlassian Jira and SSSD, perform a user lookup to
get more information about a user during user authentication. To make
sure user authentication works correctly for such LDAP clients, you'll
need to turn on Read user information for all organizational units where
Verify user credentials is turned on.
Unified UI
Add LDAP clients
- Sign in to Zoho One, then click Directory in the left menu.
- Go to LDAP in the left panel, if not configured, click Configure LDAP. If already configured, click Add LDAP Client in the Clients tab.
- Under LDAP client name field, enter a name (for example, Printer).
- Under BindDN service account, if not added already, click Add service account. Enter a username for the service account, copy the generated password, and then click Save.You'll need the generated password when connecting your client to the Secure LDAP service, so make sure to save it. Otherwise, you will have to regenerate a new password.
- Now, select from the added accounts and click Save and Next.
Configure access permissions and attributes
The
access permissions page will automatically be displayed once you have
added an LDAP client. It determines how applications interact with your
directory and what data can be accessed. It has two sections:
User Authentication - This setting allows the admins to restrict which users are allowed to authenticate via Cloud LDAP. In other words, only the users with LDAP permissions can authenticate successfully. This operation is read-only, so the application cannot modify the user credentials in Zoho One.
Read User Information - This setting specifies which attributes of the user the LDAP client can access to retrieve user information. You can choose the attributes you want to expose via Attribute mapping in Zoho One.
User Authentication - This setting allows the admins to restrict which users are allowed to authenticate via Cloud LDAP. In other words, only the users with LDAP permissions can authenticate successfully. This operation is read-only, so the application cannot modify the user credentials in Zoho One.
Read User Information - This setting specifies which attributes of the user the LDAP client can access to retrieve user information. You can choose the attributes you want to expose via Attribute mapping in Zoho One.
- To include users that an LDAP client can access to verify the user credentials, tick the checkbox Verify user credentials.
- Tick the checkbox Read user information to select the attributes that the LDAP client can have access to.
- Select one from the available LDAP attributes and click Save and Next.
- To add a custom attribute, go to the Attributes tab, click Manage Attributes.
- Click Add Attribute. Enter an attribute name.
- For Field value, select from the profile fields or enter a hardcoded value. Then, click Add. You can select the custom-added attribute on the permissions page.
Assign members
Once you've added LDAP client and configured permissions for it, you can now assign members to each client.
- In the Summary page, click Assign Members at the bottom page to assign users to the client or click on the required client, click Assign Members.
- Under Choose Users, click to either select users manually or attach file.
- After selecting users, click Assign.
Add a service account
- Under LDAP section, go to Service Accounts tab.
- Click Add Service Account.
- Enter a username for the service account, copy the generated password, and then click Save.
You'll
need the generated password when connecting your client to the Secure
LDAP service, so make sure to save it. Otherwise, you will have to
regenerate a new password.
Delete a service account
- Under LDAP section, go to Service Accounts tab.
- Hover over the required service account, and click Delete.
If the service account is mapped to clients, you'll have to dissociate the clients from the service account to delete.
Edit access permissions
- Sign in to Zoho One, then click Admin Panel in the left menu.
- Go to LDAP, and click Clients tab.
- Click on the required client from the list, click Edit, and then click Save and Next.
- Tick or untick the access permissions checkbox based on your preference.
Edit LDAP client details
- Go to Clients tab, and hover over the required client name.
- Click
- Edit the necessary details on the page and click Save and Next.
Deactivate/ Delete LDAP client
- Go to Clients tab, and hover over the required client name.
- Click
- To delete a client, click Delete. Once deleted, you can no longer retrieve the client's information.
Connect LDAP clients to the Cloud LDAP service
Before
connecting your LDAP client to the Cloud LDAP service, make sure you
have added your client to Zoho One as a LDAP server, configured
access permissions, and optionally generated access credentials.
Depending on the type of client, there are different instructions for connecting them to the LDAP service.
To
begin, open the LDAP client's authentication or directory settings and
enter the necessary details listed below. Alternatively, you can find
them in the Info tab > LDAP > Admin Panel.
Hostname | ldap.zoho.com |
Ports | 389 for LDAP port (StartTLS enabled) 636 for LDAPS port (SSL/TLS enabled) |
Base DN | Your domain in DN format (LDAP client base DN) dc=zohoone, dc=com for zohoone.com |
Username and password | For LDAP clients that require a username and password, use the username and saved password from when you created a service account while adding the LDAP client to Zoho One. |
For
encryption between the client and LDAP server, LDAPS is preferred. But,
if you choose to use LDAP, it is necessary to enable StartTLS for
security purposes.
LDAP-supported operations
Below are some of the supported operations to ensure smooth and safe access to directory information:
1. Request Rate Limit
- Up to 4 Requests Per Second:
- Up to 4 Requests Per Second:
Each
user or application can send a maximum of 4 LDAP requests every second.
Avoid sending too many requests in a short time to prevent connection
issues.
2. Connection Time Limit
- Each Connection Can Stay Open for Up to 1 Minute:
- Each Connection Can Stay Open for Up to 1 Minute:
Any
LDAP connection you make to the service can last a maximum of one
minute before it is closed automatically. This helps keep the system
efficient and stable.
3. Concurrent Connection Limit
- Maximum of 100 Connections at the Same Time:
- Maximum of 100 Connections at the Same Time:
The service supports up to 100 simultaneous connections from all users or apps combined.
4. Supported LDAP Operations
bind: Log in to the directory to prove your identity.
bind: Log in to the directory to prove your identity.
unbind: Log out to close your session cleanly.
search: Look up information stored in the directory (like users, groups, or devices).
extended operations: Includes:
- StartTLS: A way to encrypt the connection, keeping your data safe while it’s sent over the network.
- Who Am I?: Lets you check which user or application you’re currently authenticated as.
Below
are the links to configuration instructions for a few LDAP clients.
Otherwise, you can refer to the documentation of the relevant client.
Certain
LDAP clients, such as Atlassian Jira and SSSD, perform a user lookup to
get more information about a user during user authentication. To make
sure user authentication works correctly for such LDAP clients, you'll
need to turn on Read user information for all organizational units where
Verify user credentials is turned on.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Add clients
Prerequisites Roles required: Organization Owner/Admin To add clients: The steps vary for the User Interface versions supported in Zoho One. Select the UI version you use from the tabs below and proceed with the steps that follow. Spaces UI Unified ...Deactivate/Activate clients
Prerequisites Roles required: Organization Owner/Admin To deactivate and activate client: The steps vary for the User Interface versions supported in Zoho One. Select the UI version you use from the tabs below and proceed with the steps that follow. ...Zoho OneのクラウドLDAP
お知らせ:当社は、お客様により充実したサポート情報を迅速に提供するため、本ページのコンテンツは機械翻訳を用いて日本語に翻訳しています。正確かつ最新のサポート情報をご覧いただくには、本内容の英語版を参照してください。 LDAPとは Zoho OneのCloud LDAPを利用すると、組織はLDAP(Lightweight Directory Access ...Devices in Zoho One - Overview
In Zoho One, devices are classified based on their: Enrollment method Enrollment status Management status Based on enrollment method BYOD devices Bring Your Own Device (BYOD) devices are the personal devices of users that are enrolled in Zoho One ...Zoho One Sync Tool - Overview
Zoho One Sync Tool performs a one-way synchronization from your existing LDAP server to the Zoho One Admin Panel. This enables you to maintain all your user identities in a single place, without having to add, edit, or disable user accounts manually ...
New to Zoho LandingPage?
Zoho LandingPage Resources