Zoho

idemeum team -

Capabilities overview

Zoho Office Suite is an Indian web-based online office suite containing word processing, spreadsheets, presentations, databases, note-taking, wikis, web conferencing, customer relationship management, project management, invoicing and other applications.

Zoho pricing page

You will need subscription to Zoho Directory in order to be able to set up Passwordless SSO.
Supported capability Required plan Details
Passwordless SSO Professional plan Medium SSO tax
Account creation with SAML Professional plan SAML JIT (create accounts only)

Prerequisites

To integrate Zoho and idemeum using SAML you will first need to obtain idemeum SAML metadata values. Specifically you will need:

  • Identity Provider SSO URL
  • Public X509 certificate (PEM format)

Instructions for how to obtain these parameters are below.

How to obtain SAML metadata for idemeum
SAML metadata is the data that describes the information needed to communicate between your SaaS application and idemeum in order to enable Single Sign-On. Based on SAML terminology SaaS application is called Service Provider (SP) and idemeum will be Identity Provider (IDP). Typically you will be a…
Docsidemeum team

Passwordless Single Sign-On (SAML)

Configure SSO in Zoho

  • Click Admin panel -> Security -> Custom authentication
  • Click Set up now
Now you will be using SAML metadata values obtained in the prerequisites section
  • Enter Identity Provider SSO URL into Sign-in URL
  • Upload Public X509 certificate (PEM format) into Verification certificate
  • Click Save
  • Take note of ACS URL as you will need that for idemeum configuration

Configure SSO in idemeum

  • Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
  • Click Applications in the left menu
  • Search for Zoho application and click Add App
  • Click SAML at the top navigation menu
  • Enter the ACS URL that you obtained form Zoho configuration into Assertion Consumer Service URL
  • For Audience URI enter the URI based on the geographical location. For the US it is zoho.com (see table below for other regions)
  • For Relay State enter the state based on geographical location. For the US it is https://directory.zoho.com (see table below for other regions)

Here are more details about configuration parameters for various regions.

  • Click Save

Application entitlements

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.

Account creation with SAML JIT

Zoho currently supports account creation with SAML JIT - SAML Just-in-Time provisioning. When new users try to log in with passwordless SSO into Zoho Dashboard, the user account with be automatically created.

SAML JIT supports only account creation (no account deletion or updates).

SAML SSO login flows

Zoho supports IDP Initiated Flow for SSO.

IDP Initiated flow

With this flow users first navigate to idemeum user catalog and then click on Zoho icon to launch application.