Add IdP

Add IdP

The steps to add IdP vary for the User Interface versions supported in Zoho One. Select the UI version you use from the tabs below and proceed with the steps that follow.
Spaces UI
Unified UI
Spaces UI
  1. Sign in to Zoho One, then click  on the top-right corner.
  2. Go to the Security tab, then go to Identity Providers.
  3. Click Add IdP.
  4. Enter the name of your IdP in the Display Name field.
  5. Select the SSO Protocol. You will not be able to change it later.
  6. Copy the ACS URL. You will need it to configure SSO at your IdP.
  7. Copy the Entity ID. You will need it to verify that the assertion is from Zoho at your IdP.
  8. Enter the Sign-in URL. This is the URL the user will be redirected to when they try to sign in to Zoho. Change the method only if needed.
  9. Copy the Sign-out URL. This is the URL the user will be redirected to after signing out of Zoho. Change the method only if needed.
  10. If you select SAML as the SSO Protocol, enter the following details obtained from your IdP:
    1. Name ID Format: This specifies the format of the name ID in the assertion sent from your IdP. Change it only if the IdPs specifies you to.
    2. Sign SAML Requests: Not all IdPs support request signing. Check with your IdP before enabling.
    3. Verification Certificate: The certificate with which Zoho can check the digital signature on the IdP's authentication response.
  11. If you select JWT, select a signing algorithm.
    1. HS256: The HS256 signing algorithm makes use of a secret key shared between the IdP and Zoho Directory to generate a hashing function, which serves as the signature.
      1. Generate a Secret Key. You will need it to configure SSO at your IdP.
    2. RS256: The RS256, on the other hand, makes use of a public/private key pair. The IdP has a private key which generates a signature, and the user validates the signature using the public key.
      1. Browse and add the Verification Certificate that you downloaded from the IdP.
  12. Enter the Sign-in parameters and Sign-out parameters if needed.
  13. Click Add.
Unified UI
  1. Sign in to Zoho One, then click Directory in the left menu.
  2. Go to the Security tab, then go to Identity Providers.
  3. Click Add IdP.
  4. Enter the name of your IdP in the Display Name field.
  5. Select the SSO Protocol. You will not be able to change it later.
  6. Copy the ACS URL. You will need it to configure SSO at your IdP.
  7. Copy the Entity ID. You will need it to verify that the assertion is from Zoho at your IdP.
  8. Enter the Sign-in URL. This is the URL the user will be redirected to when they try to sign in to Zoho. Change the method only if needed.
  9. Copy the Sign-out URL. This is the URL the user will be redirected to after signing out of Zoho. Change the method only if needed.
  10. If you select SAML as the SSO Protocol, enter the following details obtained from your IdP:
    1. Name ID Format: This specifies the format of the name ID in the assertion sent from your IdP. Change it only if the IdPs specifies you to.
    2. Sign SAML Requests: Not all IdPs support request signing. Check with your IdP before enabling.
    3. Verification Certificate: The certificate with which Zoho can check the digital signature on the IdP's authentication response.
  11. If you select JWT, select a signing algorithm.
    1. HS256: The HS256 signing algorithm makes use of a secret key shared between the IdP and Zoho Directory to generate a hashing function, which serves as the signature.
      1. Generate a Secret Key. You will need it to configure SSO at your IdP.
    2. RS256: The RS256, on the other hand, makes use of a public/private key pair. The IdP has a private key which generates a signature, and the user validates the signature using the public key.
      1. Browse and add the Verification Certificate that you downloaded from the IdP.
  12. Enter the Sign-in parameters and Sign-out parameters if needed.
  13. Click Add.