Single Sign-On (SSO) Integration for Okta and OneLogin | Zoho Vault

Single Sign-On for Okta and OneLogin

Admins can integrate Zoho Vault with popular federated identity services that support SAML 2.0, such as Okta or OneLogin. Users of Okta and OneLogin can easily access Zoho Vault with just a single click. This enables enterprises to offer a seamless login experience for all users, simplify user management and solidify their enterprise security.


Prerequisites:


When you're done with the prerequisites, add Zoho Vault as an application in:

  1. Okta
  2. OneLogin

Okta Integration
The integration follows three main steps:

  • Adding Zoho Vault in Okta
  • Configuring Okta details in Zoho Vault
  • Assigning Zoho Vault to users in Okta


Adding Zoho Vault in Okta (IdP)

  1. Log in to your Okta account with admin privileges.
  2. Select Applications from the Applications tab.



  3. Click Add Application.



  4. Click Create New App.
  5. Set Platform as Web and Sign on method as SAML 2.0, then click Create.



  6. Enter the application name as Zoho Vault under General Settings, then click Next.



  7. Enter the service provider (Zoho Vault) details in Okta as described below, then click Next.

Note: Replace <YOUR-ORG-ID> with your unique ORG ID. 

  • Logout URL - https://accounts.zoho.com/logout/samlsp/<YOUR_ORG_ID>
  • Audience URI (SP Entity ID): zoho.com 
  • Default RelayState: aHR0cHM6Ly92YXVsdC56b2hvLmNvbV9fSUFNX19ab2hvVmF1bHQ=
  • Name ID format: EmailAddress
  • Application username: Email



  1. Select I'm an Okta customer adding an internal app, then click Finish.



  2. Select Sign On, then click View Setup instructions. A new tab will open, containing the details required to configure SAML 2.0 in Zoho Vault.



Configuring Okta details in Zoho Vault

  1. Log in to your Zoho Vault account, then select Settings.
  2. Select AD/LDAP Integration from the Integrations section, then click SAML Configuration
  3. Enter the identity provider details accordingly.
  4. To automatically create new Zoho accounts when users authenticate with Zoho Vault through Okta, enable Just in time provisioning.
  5. Click Save and Enable



Assigning Zoho Vault to users in Okta

  1. Select Applications, then click Assign Applications in Okta. 



  2. Under People, select the desired users and confirm assignments.



This completes the setup. Your users can now access Zoho Vault directly from Okta.


OneLogin Integration:
The integration follows two main steps:

  • Adding Zoho Vault in OneLogin
  • Configuring OneLogin details in Zoho Vault


Adding Zoho Vault in OneLogin

  1. Log in to your OneLogin account as an admin.
  2. Select Applications, then click Add app.



  3. Search for SAML test connector, then select SAML test connector (advanced).



  4. Set the Display name as Zoho Vault, then click Save.



  5. Select Configuration from the side panel, then enter zoho.com under the Audience field.
  6. Enter the following details in the corresponding fields.
    RelayState - aHR0cHM6Ly92YXVsdC56b2hvLmNvbV9fSUFNX19ab2hvVmF1bHQ=

Recepient - https://accounts.zoho.com/signin/samlsp/<YOUR_ORG_ID>

ACS (Consumenr) URL Validator - https://accounts.zoho.com/signin/samlsp/<YOUR_ORG_ID>

ACS (Consumenr) URL - https://accounts.zoho.com/signin/samlsp/<YOUR_ORG_ID>
Logout URL - https://accounts.zoho.com/logout/samlsp/<YOUR_ORG_ID>



Note: 

  • Replace zoho.com with zoho.eu | zoho.in | zoho.com.cn | zoho.com.au to match your corresponding domain.
  • Replace <YOUR-ORG-ID> with your unique ORG ID. 
  1. Select More actions, then click SAML Metadata to download the metadata file. You will have to upload it to Zoho Vault later.
  2. Click Save.
  3. Select SSO from the side panel and make a note of these details to later add to Zoho Vault.



  4. Manage access to Zoho Vault and user privileges from the AccessUsers, and Privileges tabs in the side panel, respectively.
  5. Click Save.


Configuring OneLogin details in Zoho Vault

  1. Log in to your Zoho Vault account, then select Settings.
  2. Select AD/LDAP Integration from the Integrations section, then click SAML Configuration.
  3. Enter the identity provider details you made a note of in step 9.
  4. To automatically create new Zoho accounts when users authenticate with Zoho Vault through OneLogin, enable Just in time provisioning.
  5. Click Save and Enable



This completes the setup. Your users can now access Zoho Vault directly from OneLogin.