Integrate Zoho One

Zoho One offers a customizable system of integrated software for sales, marketing, support. accounting, operations, and HR (see https://www.zoho.com/one/). You can protect access to Zoho One by integrating Zoho One with Identity as a Service. Once integrated, users can use single sign-on to log in to their Zoho One account through Identity as a Service.

Note: This integration was tested using Identity as a Service version 5.15 and Zoho One Release January 2021. Other versions of Zoho One may require integration and configuration steps that differ from those documented in this procedure. For other versions of Zoho One, this integration guide may be used as an initial approach for integrating Zoho One. In the event of other issues, contact support@entrust.com for assistance.

To integrate Zoho One with Identity as a Service, you must do the following:

Step 1: Copy the SAML Configurations from Identity as a Service

Copy the SAML Configuration from Identity as a Service

1. Log into your Identity as a Service administrator account.

2. Click > Security > Applications. The Applications Lists page appears.

3. Under SAML Cloud Integrations, click SAML Configuration. The SAML Configuration dialog box appears.

This dialog box contains information you need to configure your SAML application for Identity as a Service authentication.

4. Do one of the following:

● Leave this dialog box open to reference later in this procedure.

● Copy the Entity ID, Single Sign-on URL, and Single Logout URL to a text file and save it to reference later in this procedure.

Note: Depending on the integration you are performing, you may not need all three of these SAML configuration values.

Step 2: Export the SAML signing certificate from Identity as a Service

Export a SAML signing certificate

1. Log in to your Identity as a Service administrator account.

1. Click > Security > Applications. The Applications List page appears.

2. Under SAML Cloud Integrations, click SAML Signing Certificates. The SAML Signing Certificates page appears.

3. Click next to the certificate to export the certificate you want to import into your SAML service provider application. The Export Certificate dialog box appears.

a. If the certificate has been issued by a CA, do one of the following:

– Click Certificate to export the self-signed certificate.

– Click Root CA Certificate to export a certificate issued from a CA.

– Click Certificate Chain to export the SAML signing certificate and its CA certificates.

b. Click Export.

Step 3: Add Identity as a Service to Zoho One as an Identity Provider

Add Identity as a Service to Zoho One as an Identity Provider

1. Log in to your Zoho One administration portal as an user with administrative rights. The My Apps page appears.

2. Click Admin Panel. The Dashboard page appears.

3. Click Security. The Security Policies page appears.

4. Click the Custom Authentication tab. The Setup Custom Authentication page appears.

5. Toggle Enable SSO to On.

6. In the Sign-in URL field, paste the Single Sign-On URL you copied in Step 1: Copy the SAML Configurations from Identity as a Service.

7. In the Sign-out URL field, paste the Single Logout URL you copied in Step 1: Copy the SAML Configurations from Identity as a Service.

8. Under Verification Certificate, click Browse and browse to upload the certificate you downloaded in Step 2: Copy the SAML Signing Certificate from Identity as a Service.

9. Click Save.

Step 4: Download the Zoho One metadata file

1. Open a web browser and go to your Zoho account at https://accounts.zoho.com/.

2. Log in as a user with administrative rights. The Zoho login page appears.

3. Enter your email address and then click Sign In. The Accounts page appears.

4. In the menu page, select Organization to expand the menu option.

5. Select SAML Authentication. the SAML Authentication page appears.

6. Click Download Metadata to download the zohometadata.xml file.

Step 5: Add Zoho One to Identity as a Service

Add Zoho One as an application to Identity as a Service

1. Log into your Identity as a Service administrator account.

2. Click > Security > Applications. The Applications Lists page appears.

3. Click Add. The Select an Application Template page appears.

4. Do one of the following:

● Select SAML Cloud Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.

- or -

● In the Search bar, enter a search option to filter for the application you want to add to IDaaS.

5. Click Zoho One. The Add Zoho One page appears.

6. Enter an Application Name.

7. Enter an Application Description.

8. Optional. Add a custom application logo.

a. Click next to Application Logo. The Upload Logo dialog box appears.

b. Click to select an image file to upload.

c. Browse to select your file and click Open. The Upload Logo dialog box reappears showing your selected image.

d. If required, resize your image.

e. Click OK.

9. Select the Authentication Flow that appears to users during login.

10. Click Next. The General page appears.

11. Click to the Upload Metadata XML and browse to the location of the metadata file you downloaded in Step 3: Download the Zoho One metadata file. The Metadata Configuration dialog box appears.

a. If required, click Merge with existing values to merge new values with existing values for Alternative Assertion Consumer Services URLs and SAML attribute names.

b. Click Save.

12. Optional. Enter the SAML Username Parameter Name used to identity the user ID being requested for authentication. The user ID can then be passed as a parameter, for example, Username=jdoe. Alternately, if the SAML username is NameID, the SAML Request XML NameID element value is used to the identify the IDaaS userID.

13. Enter the SAML Session Timeout to the time when the SAML Assertion times out. The maximum is 720 minutes.

14. Enter the Max Authentication Age (seconds) to set the maximum amount of time that can elapse before a user is required to reauthenticate during a new login attempt. This applies for both SP-initiated and IDP-initiated login. Set this field to -1 to disable this feature.

15. From the SAML NameID Attribute drop-down list, select Email.

16. From the SAML NameID Encoding Format drop-down list, select Email.

17. From the SAML Signing Certificate the drop-down list, select the signing certificate.

18. Select Sign Complete SAML Response.

19. Deselect Enable Go Back Button if you do not want users to be able to go back to the Zoho One login page to log in.

20. Select Show Default Assertion Consumer URL Service in the My Profile. When selected, the Default Assertion Consumer URL appears in a user's My Profile page in addition to relay states and Alternative Assertion Consumer URLs.

21. Optional. Add Alternative Assertion Consumer Service URLs, as follows:

a. Click Add.

b. Enter a Name.

c. Enter a URL Value.

d. Select Show in My Profile to display the Alternative Consumer Service URL in a user's My profile page.

e. Optional. Add an Application Logo.

f. Click Add.

g. Repeat these steps to add more Alternative Assertion Consumer Service URLs.

22. Include the following user attributes in the SAML assertion, as follows:

Add a name SAML attribute:

a. Under SAML Attributes, click Add. The SAML Attributes dialog box appears.

b. In the Name field enter:

Name

c. Click Add next to Value(s).

d. In the Values field type < and select <First Name>, add a space and then type <L and select <Last Name>. The value should appear as follows:

e. Click Add.

23. Click Submit.