Custom authentication with ADFS
Custom authentication with ADFS enables SAML-based single sign-on
(SSO) from ADFS to Zoho One. With SSO, you and your employees can sign
in to ADFS and access Zoho One directly, without having to sign
in to Zoho One.
To set up custom authentication with ADFS:
A. Obtain the Sign-in URL, Sign-out URL, and the certificate from ADFS:
- Sign in to ADFS 3.0 server and open the Management Console.
- Right-click Service in the left-pane menu, then choose Edit Federation Service Properties.
- Under General, ensure that your DNS entries and certificate names are correct.
- Using your Federation Service name, use a browser and go to "https://{federationservicename}.com/federationMetaData/2007-06/FederationMetaData.xml".
- The Sign-in URL and Sign-out URL are present in the XML file as SingleSignOnService and SingleLogoutService tags respectively.
- Export the Token-Signing certificate:
- Right-click Certificate in the left-pane menu and click View Certificate.
- Click the Details tab.
- Click Copy to File, then click Next.
- Make sure No, do not export the private key is selected, then click Next.
- Select Base-64 encoded X.509 (.cer), then click Next.
- Choose where to save the file and name it.
- Click Next.
- Select Finish.
- Submit this data to Zoho to set up SAML in Zoho One.
B. Add a Relying Party Trust:
- Under Trust Relationships in the left-pane menu, right-click Relying Party Trusts, then click Add Relying Party Trust.
- In Select Data Source, select Enter Data about the relying party manually.
- In Specify Display Name, enter "zoho.com" as the Display Name.
- In Choose Profile, select AD FS profile.
- Click Next.
- In Configure URL, check the Enable support for the SAML 2.0 WebSSO protocol.
- Enter the ACS URL. You can find the ACS URL in Zoho One's Custom Authentication page. Copy and paste it in the respective IdP to complete the configuration.
- In Configure Identifiers, choose one.zoho.com as the Relying Party Trust Identifier.
- In Configure Multi-factor Authentication now, choose I do not want to configure multi-factor authentication settings for this relying party trust at this time .
- In Choose Issuance Authorization Rules, select Permit all users to access this relying party.
- Click Close.
C. Create claim rules:
You can create claim rules once the relying party trust is created. By default, the Claims Rule editor opens once you create a trust.
- Click Add Rule to create a new rule.
- In Choose Rule Type, select Send LDAP Attributes as Claims in the dropdown menu.
- Click Next.
- In Configure Claim Rule:
- Enter a Claim rule name.
- Choose Active directory under Attribute Store.
- Choose E-Mail Addresses under LDAP Attribute.
- Choose E-Mail Address under Claim Type.
- Click Finish.
- Create another claim rule and select the Transform an Incoming Claim template.
- In Configure Claim Rule:
- Enter a Claim rule name
- Choose E-Mail Address under Incoming claim type.
- Choose Name ID under Outgoing claim type.
- Choose Email under Outgoing Name ID format.
- Select Pass through all claim value.
- Click Finish.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Custom authentication with PingOne
Configure SAML with PingOne Go to PingOne. In the Select Account dropdown menu, select PingOne. Enter your email address, then click SIGN ON. Enter your password, then click Sign On. Click the dropdown menu in the left pane under Environments, then ...Custom authentication with miniOrange
Configure SAML with miniOrange Sign in to the miniOrange admin console. Click Apps in the left menu, then click Add Application. In the Choose Application Type page, click SAML/WS-FED. In the displayed list of apps, search and select Zoho. You will ...Custom authentication with OneLogin
Custom authentication with OneLogin enables SAML-based single sign-on (SSO) from OneLogin to Zoho One. With SSO, you and your employees can sign in to OneLogin and access Zoho One directly, without having to sign in to Zoho One. To set up custom ...Custom authentication with JumpCloud
Custom authentication with JumpCloud enables SAML-based single sign-on (SSO) from JumpCloud to Zoho One. With SSO, you and your employees can sign in to JumpCloud and access Zoho One directly, without having to sign in to Zoho One. To set up custom ...Custom authentication with Okta
Custom authentication with Okta enables SAML-based single sign-on (SSO) from Okta to Zoho One. With SSO, you and your employees can sign in to Okta and access Zoho One directly, without having to sign in to Zoho One. To set up custom authentication ...
New to Zoho LandingPage?
Zoho LandingPage Resources