Sync Active Directory Users to Zoho One with Identity Connect - Overview

Integrate Your Active Directory with Zoho Directory Identity Connect - Overview

Roles required: Organization admin, Organization owner

What is Zoho Directory Identity Connect?

Zoho Directory Identity Connect is an on-premises agent that connects your organization's Active Directory to Zoho One. It enables automated synchronization of users, groups, and directory attributes from your on-premises directory to Zoho One, reducing the need for manual user management.
The Identity Connect Agent runs within your network and communicates securely with Zoho One to keep directory data up to date based on the sync rules you define, such as organizational units, attributes, and filters.
The Identity Connect Agent establishes only agent-initiated outbound connections to communicate with Zoho One. No inbound internet-facing firewall rules are required.
The agent runs continuously on your Windows machine to maintain synchronization as long as network connectivity is available. A configuration interface (tray app) is also installed for administrators to manage configurations.

What does Password Sync Agent add?

Identity Connect also supports an optional Password Sync Agent, which can be installed on selected Domain Controllers to capture password changes in Active Directory and sync them to Zoho One in near real time. This allows users to continue signing in to Zoho services using their Active Directory credentials.

Source of truth

When Identity Connect is enabled, Active Directory remains the primary source of truth for user discovery and lifecycle, and Zoho One reflects changes based on directory state and sync rules.

How this guide is organized

This integration is a multi-step set-up. Rather than one long walkthrough, the steps are split into focused articles below; follow them in order for a first-time setup, or jump directly to the one matching your current task.
S. No.Article
Use this when you need to...
1
Confirm your environment, account, and network/firewall setup before installing anything
2
Download and install the core agent on your Windows machine
3
Connect to LDAP, choose OUs, map fields, and define sync criteria
4
Enable real-time AD password sync on selected Domain Controllers (optional)
5
Control notifications, status sync, scheduling, and how user lifecycle changes (disable/delete/OU moves) are handled; also includes the final sync review and user selection step that completes setup
6
Check agent status or resolve a Disconnected status / installation failure
NotesIf you plan to enable password sync, review the Password Sync Agent prerequisites before you begin; they include requirements (Domain Admin rights, WinRM, SMB) that are easier to satisfy if planned for upfront rather than discovered mid-setup.