Set up custom authentication for Zoho One

Set up custom authentication for Zoho One

Custom authentication enables SAML-based single sign-on (SSO) from your preferred identity provider (such as Okta or OneLogin) to Zoho One. Once custom authentication is configured, your users can sign in without their Zoho One passwords. They will only need to enter their email address in Zoho One's sign in page and will automatically be redirected to your Identity provider (IdP) for authentication. Alternatively, they can also sign in to your IdP first and access Zoho One from there. Custom authentication can be used with any IdP that supports SAML.

To set up custom authentication:
  1. Sign in to Zoho One , then click Directory in the left navigation menu.
  2. Go to Security, then click the Custom Authentication tab.
  3. Click Setup Now.
  4. Copy the ACS URL. You may need this to configure your IdP.

  5. Enter the following details obtained from your IdP:
    1. Sign-in URL: The URL the user will be redirected to when they try to sign in to Zoho.
    2. Sign-out URL: The URL the user will be redirected to after signing out of Zoho.
    3. Change Password URL: The URL the user will be redirected to if they try to change their Zoho account's passwords.
    4. Note: Admins will not be redirected to the IdP's Change Password URL, and will be allowed to change their password in Zoho. 
    5. Verification Certificate: The certificate with which Zoho can check the digital signature on the IdP's authentication.
    6. Note: Only base-64 encoded .CER, .CRT, .CERT, or .PEM files will be accepted. 
  6. Click Save, then click Yes, Confirm.

Test the SAML connection 

  1. Go to Zoho One.
  2. Enter your email address, then click NEXT.
  3. Click Sign in with SAML. You will be redirected to sign in through the configured IdP.
To set up custom authentication with a specific IdP, go through our detailed help guide.

    • Related Articles

    • Custom authentication with miniOrange

       Configure SAML with miniOrange  Sign in to the miniOrange admin console. Click Apps in the left menu, then click Add Application. Click Create App under SAML/WS-FED. Select Zoho from the apps displayed. You will land in the Basic Settings page. Type ...
    • Custom authentication with PingOne

      Configure SAML with PingOne  Go to PingOne. In the Select Account dropdown menu, select PingOne. Enter your email address, then click SIGN ON. Enter your password, then click Sign On. Click the dropdown menu in the left pane under Environments, then ...
    • Custom authentication with CyberArk

      Configure SAML with CyberArk  Sign in to the CyberArk admin console. Click Web Apps under Apps in the left pane. Click Add Web Apps, then search for "Zoho". Click Add next to the option Zoho - SAML. Click Yes in the pop-up window that appears, then ...
    • Custom authentication with PhenixID

      Custom authentication with PhenixID enables you and your employees to sign in and access Zoho One using your PhenixID credentials. Prerequisite PhenixID authentication server version 3.0 or higher. Configure a federation scenario in PhenixID To set ...
    • Custom authentication with OneLogin

      Custom authentication with OneLogin enables SAML-based single sign-on (SSO) from OneLogin to Zoho One. With SSO, you and your employees can sign in to OneLogin and access Zoho One directly, without having to sign in to Zoho One. To set up custom ...