Custom Authentication - Microsoft Entra ID | Admin Guide - Zoho One

Custom Authentication with Microsoft Entra ID

Custom authentication with Microsoft Entra ID enables SAML-based single sign-on (SSO) from Microsoft Entra ID to Zoho One. With SSO, you and your employees can sign in to Microsoft Entra ID and access Zoho One directly, without having to sign in to Zoho One. This help article outlines the steps for configuring custom authentication in Zoho One using Microsoft Entra ID as the Identity Provider (IdP). 

In Zoho One: Add Microsoft Entra ID as an IdP 

The steps to add Microsoft Entra ID as an IdP in Zoho One vary between the two User Interface versions supported in Zoho One. Select the UI version you use from the tabs below and proceed with the steps that follow. 

Spaces UI
Unified UI
Spaces UI
  1. Sign in to Zoho One, then click  in the top-right corner.
  2. Click Security, then open the Identity Providers tab.
  3. Click Add Identity Provider.
  4. Enter the IdP name, and select SAML as the SSO protocol.
  5. Copy the Assertion Consumer Services URL and the Issuer to your clipboard.

  6. Using the tokens copied in the previous step, add Zoho One as an app in your Microsoft Entra ID instance
  7. Enter the Login URL copied from Microsoft Entra ID under Sign-in URL and Logout URL under the Sign-out URL.
  8. Upload the Base64 certificate from Microsoft Entra ID under the X509 certificate field.
  9. Click Add. You have added Microsoft Entra ID as an Identity provider in Zoho One.
Unified UI
  1. Sign in to Zoho One, then click Directory in the left menu.
  2. Click Security, then open the Identity Providers tab.
  3. Click Add Identity Provider.
  4. Enter the IdP name, and select SAML as the SSO protocol.
  5. Copy the Assertion Consumer Services URL and the Issuer to your clipboard.

  6. Using the tokens copied in the previous step, add Zoho One as an app in your Microsoft Entra ID instance
  7. Enter the Login URL copied from Microsoft Entra ID under Sign-in URL and Logout URL under the Sign-out URL.
  8. Upload the Base64 certificate from Microsoft Entra ID under the X509 certificate field.
  9. Click Add. You have added Microsoft Entra ID as an Identity provider in Zoho One.

In Microsoft Entra ID: Add Zoho One as an enterprise application

  1. Sign in to Microsoft Entra admin center.
  2. Click Entra ID in the left navigation menu, then click Enterprise apps.
  3. Click New application and type 'Zoho One' under the Search application box.
  4. Select Zoho One, then click Create.

    Zoho One app will be added, and you will be redirected to its Overview tab.
  5. Click Get started under Set up single sign on, then click SAML.
  6. Click Edit against Basic SAML Configuration.
  7. Click Add identifier and enter the Issuer copied from Zoho One.
  8. Click Add reply URL and enter the ACS URL copied from Zoho One.
  9. Click Save, then click  on the top-right corner.

  10. Under SAML certificates, click Download against Certificate (Base64).
  11. Under Set up Zoho One, copy the Login URL and Logout URL to your clipboard.

  12. Resume from Step 6 under adding Microsoft Entra ID as an IdP in Zoho One and complete the configuration.