Enabling and managing SAML

Enabling and managing SAML

Feature availability


Overview
In Zoho CommunitySpaces, SAML (Security Assertion Markup Language) allows you to use one set of login credentials to access other Zoho Services.
In simpler terms, instead of remembering unique password for each service, you can authenticate with a trusted identity provider (IDP), who will verify your login each time. It then allows you to access multiple services with a single login credential. Additionally, SAML helps with Single Sign-On, reducing the need to manage more than one passwords.


Who can enable SAML in the community?

Only hosts can enable SAML in the community for security.

How to enable SAML in the community

Prerequisites for SAML configuration.
  • Login URL
  • Logout URL
  • Entity ID
  • Default Relay 
  • Verification certificate.
Notes

We've explained this configuration using Zoho Vault as IDP. If you already have an IDP, you can use that.


To enable SAML,

  1. Go to https://vault.zoho.com/ and log in to Zoho Vault.
  2. Click Apps from the left menu.



  3. You need to create a custom app, so click the search bar and type anything. In the search results page, click Create Custom App.



  4. Enter your application name.
  5. Go to your community Settings -> Single Sign-On -> SAML, and click Configure.



  6. Copy the Entity ID, ACS URL, SP logout URL, and Default Relay URL.



  7. Get back to Zoho Vault and paste the copied entities as follows.

    ACS URL -> Assertion consumer service URL
    SP logout URL -> Logout URL
    Audience URI -> Entity id
    Default Relay State -> Default Relay State



  8. Click Next.
  9. Copy the Login URL, Logout URL (if you've enabled auto SAML  logout), and Certificate. [Copy the certificate and save it as a .cert, .crt, .cer, and .pem. file in your device]



  10. Go to your Community and paste the copied items as follows.

    Login URL -> Login URL
    Logout URL -> Logout URL

  11. In Verification Certificate, click Upload and upload the certificate you saved earlier.



  12. Choose your Auto User Provisioning preference and click Save.



  13. In the pop-up, click Save.


Notes

You must grant user access in Zoho Vault.

 

To grant access,

  1. Get back to where you left in Zoho Vault.
  2. Click Grant User Access.



  3. In the extending menu, select the user you want to grant access, and click Grant Access.



  4. Click Done.

 

Managing the SAML configuration

Once SAML is configured, you can disable it anytime you want. During that time, community members have to use their traditional login method.

To disable SAML,
  1. Go to your community Settings -> Single Sign-On -> SAML.
  2. Use the toggle option to disable the feature.

 
If you want to reconfigure the feature using a new idP, you can simply edit the existing configuration.
To edit the configuration:
  1. Go to your community Settings -> Single Sign-On -> SAML.
  2. Click Edit Configuration, make necessary changes, and click Save.



To delete SAML,
  1. Click the trash icon in the configuration page.



  2. In the pop-up, click Delete configuration.


Notes
Deleting will permanently remove all data linked to this configuration. If you don’t want that, you can disable it instead.

We hope this guide is useful for you! For queries or feedback, contact us at support@zohocommunityspaces.com. We're happy to help you!