Integrate Your Directory with Zoho Directory Identity Connect
Download and install the Identity Connect Agent on a machine that meets the following requirements:
- Supported platforms: 64-bit Windows Server 2008 or later / Windows 10 or later
- LDAP user credentials with read access to your directory
- The agent must be installed on a machine within the same network as your LDAP server (preferably a Domain Controller)
- Download the Agent
- Sign in to Zoho One. Click Admin Panel from the left menu.
- Go to the Directory Stores tab. Click Add Directory.
- Find Active Directory and click Add.
- In the Download Agent screen:
- Review the prerequisites.
- Copy the Installation Key displayed there.
- Click Download Agent and wait for the download to complete.
- Install the Agent
- Execute the downloaded file ZohoDirectory_LDAPConnect.msi to start installation.
- Paste the Installation Key. Upon successful validation, you'll be taken automatically to the setup wizard where you can complete the rest of the installation steps.
- On the Welcome screen, choose your language.
- Read the software license agreement carefully and then accept the terms (mandatory). Click Continue.
Note: Clicking the URL doesn't auto-redirect you to the page in some legacy systems, so click 🔗 to copy the URL and then paste it in your browser to read up. - Open the provided Login URL from a browser.
- Sign in to your Zoho One admin account if you haven't already.
- Enter the Verification Code shown in the installer.
- Upon successfully signing in, a confirmation screen with your Zoho account email and display name appears. Click Continue.Possible error cases that appear at this step:ErrorFixThe verification code is time-bound and will become invalid after the expiry time (5 minutes)Click Retry to generate a new code, using which you can sign in and proceed to configuring your LDAP settings.Sometimes, the agent may not be able to contact the Zoho server due to network issue.Click Retry. If the error persists, write to support@zohodirectory.com
- Configure Sync in Zoho One
Once the agent is installed, complete the sync setup in Zoho One. - Configure LDAP Connection Details
This is a crucial step where the agent is allowed to connect with Active Directory to fetch data of users and groups for sync. - Enter your directory info: Domain Name, Domain Controllers, User's Distinguished Name (DN), Password. Make sure they're all valid.
- Enable SSL for a secure connection:
- SSL is recommended, as it safeguards sensitive directory data during transmission.
- To use SSL:
- Your Domain Controller must have a valid SSL certificate issued to its domain.
- Also, you must use the fully qualified domain name (FQDN) in the field dedicated for entering DC names (e.g., ldap-server-1.zylker.com). Using only the hostname will cause SSL failure.
- Click Next to review the LDAP configurations. If you face the error LDAP server goes unreachable, click Retry to attempt the connection again and also make sure that there's no connectivity issue between the agent machine and LDAP server.
- Complete Installation
- Click Install to finish setting up the agent. Once finished, the agent will start running in the background as a tray app. Find the agent icon
in your system tray.
- From the tray app, you can:
- Change ownership - Switch the Zoho One admin account linked to the agent in case the original admin leaves your organization or loses LDAP access.
- Change LDAP settings - Modify your LDAP server details here. After making changes, click Update to save them.
- Go back to the Zoho One Admin Panel to complete the remaining set-up.
- Configure Sync Options
- Select Organizational Units (OUs)
- From the Admin Panel, navigate to Active Directory.
- Choose which OUs you want to sync to Zoho One.
- Select object types to include:
- ➤ Users
- ➤ Groups
- ➤ Security Groups
- ➤ Custom LDAP Query - Enter a valid LDAP query and click Save to sync based on specific LDAP attributes.
- Review the picked OUs:
- Edit or remove any of those existing OU preferences.
- To add more OUs, click Add OUs.
- When done, click Add and Continue.
- Map Zoho One fields with your LDAP fields
This is important for making sure user data is correctly transferred. - Toggle between User Mapping and Group Mapping.
- Fields will be auto-suggested, but you can manually map them.
- Use the tabs to filter by All Fields, Mapped, or Unmapped fields. For example, you can map the Zoho One "Last name" field to your LDAP "Surname" attribute.
- For custom attributes:
- Click Edit next to one of the default attributes displayed.
- Select Custom AD attribute.
- Enter a name for the attribute and save it.
- Define Sync Criteria
On the SET SYNC CRITERIA screen, specify which users or groups should be included in the sync.Switch to the Groups tab if needed. - Select import type: Based on criteria / All users
- If using criteria: Define Field, Relationship, and Value. Click Save and Next.
- Configure Sync Settings
- Password Sync Agent (Separate installation)
The main Identity Connect Agent, when coupled with your Active Directory details, allows you to deploy multiple Password Sync Agents (one per DC) to instantly capture any password change made on these DCs and securely sync those changes to Zoho One. To enable: - Enable the toggle to sync the user passwords securely from Active Directory to Zoho One.
- Domain Name is auto-filled based on the info you entered for the Identity Connect Agent installation.
- Now, select the DCs where password sync is needed and make sure all of them meet the exclusive requirements to house this agent.
- Select if you want to auto-restart the DCs after installation. Regardless of this choice, the password sync agent takes effect only after a DC restart.Note: If installation fails, the installer will only display Installation failed. Most usual causes are when one or more of the prerequisites are not available: The provided account doesn't have LDAP admin rights (and/or) WinRM is not enabled on the DC.
- User Sync Settings
Configure automated rules for user account handling based on changes in Active Directory.Setting
What it is for
Options
Password Notifications
Decide how new users get their initial passwords
Send email OTP to user - The new user will receive an email directly to their registered email address containing an OTP.
Send email OTP to admin - Admin will receive the OTP or setup info, which they should then forward to the user manually.
Don't notify - No automatic notifications are sent. An admin should manually notify the user and provide them with their login credentials through some other medium on their own.
Status Sync
Choose how to reflect a user's AD account status changes in Zoho One.
Reflect - If disabled in AD, Zoho One account also gets disabled (and re-enabled if restored).
Do nothing -Ignore AD status changes.
If Do nothing is selected, the system will not manage user status anymore. The When User Leaves Selected OU setting will be disabled and unavailable, as it requires Status Sync to be enabled. Learn more about this interactive behaviour illustrated after the table.Mail Notifications
Choose whether you want to send notifications to synced users.
Send - Sends emails to newly synced users and resend invite links to pending users.
Don't send - No mail notifications are sent to users.
When User Leaves Selected OU
Define what should happen in Zoho One when a user is moved out of a selected/synced AD OU.
Disable - The user's Zoho account is auto-disabled.
Do nothing - The user's Zoho account remains active but will no longer be included in the future sync operations.
Important note: There's this crucial interaction between Setting 2 & Setting 4. The When User Leaves Selected OU setting depends on Status Sync. The former is only available if the latter is set to Reflect in Zoho One. If you choose to Ignore status changes, the system cannot manage user status based on OU membership. Therefore, Setting 4 will be disabled altogether.Let's assume there's a user named Dexter in AD and let's see how he's affected during sync with these two settings:Status Sync
When User Move Out of Selected OU
Action done on user (in AD)
Result (in Zoho One)
Reflect in Zoho One
Disable in Zoho One
Dexter is removed from OU but still active in AD
Dexter's Zoho account is disabled (OU rule applies)
Do nothing
(field gets disabled with Do nothing selected)
Dexter is removed from OU
Dexter's Zoho account remains active but is no longer synced (because Status Sync setting is ignoring status changes, and OU-based handling is off)
- Schedule Sync
Set frequency (Daily/Weekly/Monthly) and time of sync. Click Save and Next. - Review and Finalize Sync
- Review and select users from the imported list to add to Zoho One. This screen helps you with filters:
- New Users - Users found in your directory but not yet in Zoho One.
- Users to Update - Existing Zoho One users whose info will be updated from your directory in the next sync.
- Marked for Activation/Disable - Users who will be activated or disabled based on their status in your directory. Pay attention to this category of users before syncing in order to avoid unintended modifications to their access levels.
- Ignored - Users who do not meet the defined sync criteria.
- Click Add and Continue.
- Review the summary and click Finish to complete the set-up. Once installed on multiple DCs, the Password Sync Agents work together under the same Identity Connect configuration, keeping all password updates in sync without extra manual steps.
At this point, you're through with the Identity Connect setup. The system will now automatically sync your AD users and groups to Zoho One based on the rules you have defined.Besides, you get to view the detailed status of both the Identity Connect Agent and the Password Sync Agent in the following formats:
Identity Connect Agent
Domain controller(s): The DCs the agent is configured to sync with.
Agent version: The current version of the agent.
Device name: The name of the machine where the agent is installed.
Status: Connected / Disconnected.
Last sync: The timestamp of the last successful sync.
Password Sync Agent
This section lists each Domain Controller and its password sync status. All agents listed here belong to the same Identity Connect set-up, making it easier to monitor multiple DCs from one place.
Status: Connected / Disconnected. Restart the DCs that are "Disconnected"
Installation status: Installation initiated / Installation complete / Installation failed / Uninstallation initiated / Uninstallation complete / Uninstallation failed.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Sync from Active Directory/LDAP server
Note: Before you install the Zoho One sync tool, ensure that you meet the system requirements. Sign in to Zoho One , then click Directory in the left menu. Go to Directory Stores. Under Active Directory, click Add. Click Download. Install the ...Directory Stores - Overview
What is Directory Stores? If you are using other directory services and finding it difficult to manage all your users there, you can delegate few users/apps and manage them from Zoho One. To use Directory Stores, you will have to perform the ...Add JumpCloud to Zoho One
Prerequisites: Roles required in Zoho One: Organization Owner Organization Admin Roles required in JumpCloud: Admin Plan dependency in Zoho One: Free plan Using SCIM Using API Using SCIM In Zoho One: Sign in to Zoho One , then click Directory in the ...Zoho One Sync Tool - Overview
Zoho One Sync Tool performs a one-way synchronization from your existing LDAP server to the Zoho One Admin Panel. This enables you to maintain all your user identities in a single place, without having to add, edit, or disable user accounts manually ...Add Okta to Zoho One
Prerequisites: Roles required in Zoho One to perform this action: Organization Owner Organization Admin Custom authentication with Okta Roles required in Okta: Admin Plan required in Zoho One: Free plan Professional plan (if you want to add multiple ...
New to Zoho LandingPage?
Zoho LandingPage Resources