Custom Authentication - PingOne | Admin Guide - Zoho One

Custom authentication with PingOne

Configure SAML with PingOne 

  1. Go to PingOne.
  2. In the Select Account dropdown menu, select PingOne.
  3. Enter your email address, then click SIGN ON.
  4. Enter your password, then click Sign On.
  5. Click the dropdown menu in the left pane under Environments, then click Administrators.
  6. Click  in the left pane, then click  next to Applications.
  7. Click ADVANCED CONFIGURATION under SELECT AN APPLICATION TYPE.
  8. Click Configure next to SAML.
  9. Enter "Zoho One" in the APPLICATION NAME field.
  10. Enter a description and upload an icon, if needed.
  11. Click Next, then select Manually Enter.
  12. Enter the ACS URL in the ACS URLS field.
    Note: You can find the ACS URL in Zoho One's Custom Authentication page. Copy and paste it in the respective IdP to complete the configuration.
  13. Click Download Signing Certificate under SIGNING KEY.
  14. Select the X509 PEM (.crt) format to be downloaded.
  15. Enter the ENTITY ID from the following table based on the Data Center (DC) your Zoho One account is present in.

    Data Center
    Corresponding Entity ID
    United States (US)
    zoho.com
    Europe (EU)
    zoho.eu
    India (IN)
    zoho.in
    China (CN)
    zoho.com.cn
    Australia (AU)
    zoho.com.au
    Japan (JP)
    one.zoho.com

  16. Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress under SUBJECT NAMEID FORMAT.
  17. Enter a time duration in seconds (say, 3600) in the ASSERTION VALIDITY DURATION (SECONDS) field.
    Note: Assertion Validity Duration is how long a SAML assertion is valid for before it expires. 
  18. Click Save and Continue.
  19. Select Email Address under PINGONE USER ATTRIBUTE.
  20. Click Save and Close. You will be redirected to the Applications page.
  21. Click the Configuration tab.
  22. Copy the SINGLE LOGOUT SERVICE URL and the SINGLE SIGNON SERVICE URL, then use the information to set up SAML in Zoho One.
    1. Paste the SINGLE SIGNON SERVICE URL in the Sign-in URL field.
    2. Paste the SINGLE LOGOUT SERVICE URL in the Sign-out URL field.
    3. Browse and upload the X509 PEM (.crt) in the Verification Certificate field.
  23. Go back to the Applications page in PingOne and slide the toggle bar next to Zoho One to enable user access.

Test the SAML connection 

  1. Go to Zoho One.
  2. Enter your email address, then click NEXT.
  3. Click Sign in another way.
  4. Click Sign in with SAML. You will be redirected to sign in through PingOne.