Set up custom authentication for Zoho One
Custom authentication enables SAML-based single sign-on (SSO) from your preferred identity provider (such as
Okta or
OneLogin) to Zoho One. Once custom authentication is configured, your users can
sign in without their Zoho One passwords. They will only need to enter their email address in Zoho One's sign in page and will automatically be redirected to your Identity provider (IdP) for authentication. Alternatively, they can also sign in to your IdP first and access Zoho One from there. Custom authentication can be used with any IdP that supports SAML.
To set up custom authentication:
- Sign in to Zoho One , then click Directory in the left navigation menu.
- Go to Security, then click the Custom Authentication tab.
- Click Setup Now.
- Copy the ACS URL. You may need this to configure your IdP.
- Enter the following details obtained from your IdP:
- Sign-in URL: The URL the user will be redirected to when they try to sign in to Zoho.
- Sign-out URL: The URL the user will be redirected to after signing out of Zoho.
- Change Password URL: The URL the user will be redirected to if they try to change their Zoho account's passwords.
Note: Admins will not be redirected to the IdP's Change Password URL, and will be allowed to change their password in Zoho.
- Verification Certificate: The certificate with which Zoho can check the digital signature on the IdP's authentication.
Note: Only base-64 encoded .CER, .CRT, .CERT, or .PEM files will be accepted.
- Click Save, then click Yes, Confirm.
Test the SAML connection
- Go to Zoho One.
- Enter your email address, then click NEXT.
- Click Sign in with SAML. You will be redirected to sign in through the configured IdP.
Related Articles
Custom authentication with miniOrange
Configure SAML with miniOrange Sign in to the miniOrange admin console. Click Apps in the left menu, then click Add Application. Click Create App under SAML/WS-FED. Select Zoho from the apps displayed. You will land in the Basic Settings page. Type ...
Custom authentication with PingOne
Configure SAML with PingOne Go to PingOne. In the Select Account dropdown menu, select PingOne. Enter your email address, then click SIGN ON. Enter your password, then click Sign On. Click the dropdown menu in the left pane under Environments, then ...
Custom authentication with CyberArk
Configure SAML with CyberArk Sign in to the CyberArk admin console. Click Web Apps under Apps in the left pane. Click Add Web Apps, then search for "Zoho". Click Add next to the option Zoho - SAML. Click Yes in the pop-up window that appears, then ...
Custom authentication with PhenixID
Custom authentication with PhenixID enables you and your employees to sign in and access Zoho One using your PhenixID credentials. Prerequisite PhenixID authentication server version 3.0 or higher. Configure a federation scenario in PhenixID To set ...
Custom authentication with OneLogin
Custom authentication with OneLogin enables SAML-based single sign-on (SSO) from OneLogin to Zoho One. With SSO, you and your employees can sign in to OneLogin and access Zoho One directly, without having to sign in to Zoho One. To set up custom ...