Custom authentication with PhenixID

Custom authentication with PhenixID

Custom authentication with PhenixID enables you and your employees to sign in and access Zoho One using your PhenixID credentials.

Prerequisite

  1. PhenixID authentication server version 3.0 or higher.

Configure a federation scenario in PhenixID

To set up custom authentication with PhenixID, you need to configure an authentication scenario in PhenixID as follows:
  1. Sign in to PhenixID Configuration Manager.
  2. Click SCENARIOS at the top, then click FEDERATION.
    Creating scenarios in the FEDERATION tab
  3. Create an authentication scenario available in your version with the following values:
    Field
    Value
    SEARCH FILTER
    mail={{request.username}}
    USER IDENTIFIER ATTRIBUTE
    mail
  4. Once created, select the scenario from the left menu, then go to the EXECUTION FLOW tab.
    Selecting the created scenario from the left menu
  5. Click Find userid & issue SAML assertion, then click AssertionProvider.
  6. Under MISCELLANEOUS, click Add to create a new field.
  7. Enter nameIdFormat in the left field, and urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress in the right field.
    Adding a miscellaneous field
  8. Click Save.
  9. Switch to the IDENTITY PROVIDER tab.
  10. In the POST SLO URL field, enter the SLO url in the following format:
    https://{host name}.phenixid.net/saml/authenticate/logout
    Note: The {host name} represents the name of your domain. For example, if the URL of your PhenixID account is https://zylker.phenixid.net/, your host name would be "zylker".
  11. Click Save.
  12. Note down the POST SSO URL and the POST SLO URL.
    Exporting the IdP metadata
  13. Click View SAML Metadata to open the Identity Provider(IdP) metadata file.
  14. Export and save the certificate metadata by creating a .cert file.

Configure PhenixID with Zoho One

A. Using the URLs and the certificate, set up SAML in Zoho One . When setting up SAML,
  1. Enter the POST SSO URL under Sign-in URL and Change Password URL.
  2. Enter the POST SLO URL under Sign-out URL.
  3. Upload the .cert file under Verification Certificate.
B. You need an SP metadata file to set up Zoho One as Service Provider (SP) in PhenixID. You can get the SP metadata file from your Zoho account:
  1. Sign in to Zoho Accounts.
  2. Click Organization in the left menu, then click SAML Authentication.
  3. Click Download Metadata to download the zohometadata.xml file (SP metadata).
C. Configure Zoho One as SP in PhenixID using the following steps:
  1. Return to the FEDERATION tab in PhenixID Configuration Manager.
  2. From the left menu, click   next to SAML metadata upload.
  3. Enter a name for the new scenario, add a short description (if needed), then click Next.
  4. Under METADATA UPLOAD, upload the SP metadata file (zohometadata.xml).
  5. Click Verify and show, then click OK.
  6. Click Next, then click Create.
  7. Test the configuration by signing out of your Zoho account, and then signing in. If the configuration is successful, you will be redirected to PhenixID for authentication.


    • Related Articles

    • Custom authentication with PingOne

      Configure SAML with PingOne  Go to PingOne. In the Select Account dropdown menu, select PingOne. Enter your email address, then click SIGN ON. Enter your password, then click Sign On. Click the dropdown menu in the left pane under Environments, then ...
    • Custom authentication with miniOrange

       Configure SAML with miniOrange  Sign in to the miniOrange admin console. Click Apps in the left menu, then click Add Application. Click Create App under SAML/WS-FED. Select Zoho from the apps displayed. You will land in the Basic Settings page. Type ...
    • Custom authentication with OneLogin

      Custom authentication with OneLogin enables SAML-based single sign-on (SSO) from OneLogin to Zoho One. With SSO, you and your employees can sign in to OneLogin and access Zoho One directly, without having to sign in to Zoho One. To set up custom ...
    • Custom authentication with Google

      Custom authentication with Google enables SAML-based single sign-on (SSO) from Google to Zoho One. With SSO, you and your employees can sign in to Google and access Zoho One directly, without having to sign in to Zoho One. To set up custom ...
    • Custom authentication with JumpCloud

      Custom authentication with JumpCloud enables SAML-based single sign-on (SSO) from JumpCloud to Zoho One. With SSO, you and your employees can sign in to JumpCloud and access Zoho One directly, without having to sign in to Zoho One. To set up custom ...