Zoho
Capabilities overview
Zoho Office Suite is an Indian web-based online office suite containing word processing, spreadsheets, presentations, databases, note-taking, wikis, web conferencing, customer relationship management, project management, invoicing and other applications.
Supported capability | Required plan | Details |
---|---|---|
Passwordless SSO | Professional plan | Medium SSO tax |
Account creation with SAML | Professional plan | SAML JIT (create accounts only) |
Prerequisites
To integrate Zoho and idemeum using SAML you will first need to obtain idemeum SAML metadata values. Specifically you will need:
- Identity Provider SSO URL
- Public X509 certificate (PEM format)
Instructions for how to obtain these parameters are below.
Passwordless Single Sign-On (SAML)
Configure SSO in Zoho
- Access Zoho directory at directory.zoho.com
- Click Admin panel -> Security -> Custom authentication
- Click Set up now
Now you will be using SAML metadata values obtained in the prerequisites section
- Enter Identity Provider SSO URL into Sign-in URL
- Upload Public X509 certificate (PEM format) into Verification certificate
- Click Save
- Take note of ACS URL as you will need that for idemeum configuration
Configure SSO in idemeum
- Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
- Click Applications in the left menu
- Search for Zoho application and click Add App
- Click SAML at the top navigation menu
- Enter the ACS URL that you obtained form Zoho configuration into Assertion Consumer Service URL
- For Audience URI enter the URI based on the geographical location. For the US it is zoho.com (see table below for other regions)
- For Relay State enter the state based on geographical location. For the US it is https://directory.zoho.com (see table below for other regions)
Here are more details about configuration parameters for various regions.
- Click Save
Application entitlements
Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.
Account creation with SAML JIT
Zoho currently supports account creation with SAML JIT - SAML Just-in-Time provisioning. When new users try to log in with passwordless SSO into Zoho Dashboard, the user account with be automatically created.
SAML JIT supports only account creation (no account deletion or updates).
SAML SSO login flows
Zoho supports IDP Initiated Flow for SSO.
IDP Initiated flow
With this flow users first navigate to idemeum user catalog and then click on Zoho icon to launch application.