Roles required: Organization admin, Organization owner
What is Zoho Directory Identity Connect?
Zoho Directory Identity Connect is an on-premises agent that connects your organization's Active Directory to Zoho One. It enables automated synchronization of users, groups, and directory attributes from your on-premises directory to Zoho One, reducing the need for manual user management.
The Identity Connect Agent runs within your network and communicates securely with Zoho One to keep directory data up to date based on the sync rules you define, such as organizational units, attributes, and filters.
The Identity Connect Agent establishes only agent-initiated outbound connections to communicate with Zoho One. No inbound internet-facing firewall rules are required.
The
agent runs continuously on your Windows machine to maintain
synchronization as long as network connectivity is available. A
configuration interface (tray app) is also installed for administrators
to manage configurations.
What does Password Sync Agent add?
Identity
Connect also supports an optional Password Sync Agent, which can be
installed on selected Domain Controllers to capture password changes in
Active Directory and sync them to Zoho One in near real time. This allows users to continue signing in to Zoho services using their Active Directory credentials.
Source of truth
When Identity Connect is enabled, Active Directory remains the primary source of truth for user discovery and lifecycle, and Zoho One reflects changes based on directory state and sync rules.
How this guide is organized
This
integration is a multi-step set-up. Rather than one long walkthrough,
the steps are split into focused articles below; follow them in order
for a first-time setup, or jump directly to the one matching your
current task.
| S. No. | Article | Use this when you need to... |
1 | | Confirm your environment, account, and network/firewall setup before installing anything |
2 | | Download and install the core agent on your Windows machine |
3 | | Connect to LDAP, choose OUs, map fields, and define sync criteria |
4 | | Enable real-time AD password sync on selected Domain Controllers (optional)
|
5 | | Control notifications, status sync, scheduling, and how user lifecycle changes (disable/delete/OU moves) are handled; also includes the final sync review and user selection step that completes setup |
6 | | Check agent status or resolve a Disconnected status / installation failure |
If you plan to enable password sync, review the Password Sync Agent prerequisites before
you begin; they include requirements (Domain Admin rights, WinRM, SMB)
that are easier to satisfy if planned for upfront rather than discovered
mid-setup.