CONFIGURING ZOHO SAML WITH OKTA:
Using Security Assertion Markup Language (SAML), a user can use their Okta credentials to sign into Zoho Applications via Single Sign-On (SSO).
How does it work?
- The user (email@example.com) navigates to Zoho’s login page and begins to log in.
- Zoho generates a SAML request and redirects the user to the Okta Single Sign-On URL endpoint with the request embedded.
- Once the user is redirected to Okta they’ll need to enter their Okta credentials, unless they had already authenticated into Okta in a previous session within the same browser.In either case, the user will be redirected back to Zoho's Assertion Consumer Service (ACS) URL with an embedded SAML response from Okta.
- At a minimum, the response will:
a. Indicate that it is indeed from Okta and hasn’t been altered, and contain a digital signature proving such. This signature will be verified by Zoho using a public key from Okta
that was previously uploaded to Zoho Accounts as a certificate.
b. Indicate that the user has authenticated successfully into Okta.
c. Indicate who the user is via the NameID, a standard attribute used in SAML assertions.Note - Zoho only supports Email address Name ID format as mentioned in the metadata.
Standard Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- After the assertion is successfully parsed by Zoho’s ACS, the user will then be sent to the Zoho’s default relay state, which is usually the same page they’d wind up if they’d simply logged into the Zoho with a username and password. Since we host several different services, the default relay state will help dictate which specific service to send them to (for example, directly to Zoho CRM instead of Zoho's main landing page).
Add Zoho Custom App in Okta:
Before you proceed, you need to have an administrator account with Okta. To know about creating anOkta Admin Account, you can refer to this documentation.
You can now start with the configuration steps to add Zoho custom app with Okta.
- In the window which opens, you can search for Zoho SAML.
- Select the Zoho SAML application and click on the Add button.
- This will open the General Settings page for you
- Enter your Domain Name. You can get it from Zoho's SAML endpoint URL. Learn More.
For example, if your SAML endpoint URL is https://accounts.zoho.com/samlresponse/zylker.org Then enter the word “zylker.org” alone as your Domain Name.
- You can check the required Application Visibility options and then click on Done.
- Your Zoho SAML custom app is successfully configured in Okta now.
Add Okta Users to Zoho SAML App:
You can seamlessly add your Okta users to your Zoho Account with a few simple steps.
- You can select any number of users to be added to the Zoho SAML App.
- The users added above will then be able to sign into Zoho using their Okta credentials if the users are in the SAML configured Org at Zoho.