Zoho ERP Logo Help Docs

SSO with Microsoft Azure as IdP

Microsoft Azure is a cloud-based identity and access management service that can be configured to provide Single Sign On (SSO) functionality for the customer portal. With this configuration, your customers can sign in to Microsoft Azure and be automatically signed in to the portal using a single set of login credentials.

In this document, let’s look at how you can set up Single Sign On.

Create an Enterprise Application in Microsoft Azure

You must first create an SAML application in Microsoft Azure to configure the SSO with the customer portal. Here’s how you can do it:

  • Log in to your Microsoft Azure account.

  • Click Microsoft Entra ID under Azure Services in the top of the page.

  • In the Default Directory Overview page, Click +Add.

  • Select Enterprise application as the application type.

  • In the Browse Microsoft Entra Gallery page, click +Create your own application.

  • In the popup, enter a name for your application and choose Integrate any other application you don’t find in the gallery (Non-gallery).

Note:

This step allows you to manually add a custom SAML 2.0 application as a connection for Zoho ERP, this ensures that your application is secure and private.

A new enterprise application will be created. You can then start setting up the Single Sign On for the application.

SAML Configuration for Your Application

After you’ve created an application, you must configure the Single Sign On for the application to set up the connection between Zoho ERP and Microsoft Azure.

Prerequisite: ACS URL from Zoho ERP is required to configure the SAML settings in Microsoft Azure. For this, go to Settings > Customer Portal > General > Portal Login > SSO(Single Sign On).

  • Go to the application you created in Microsoft Azure.

  • In the Application’s Overview page, click Get started in the Set up single sign on section.

  • Select SAML as your single sign on method.

  • Navigate to Basic SAML Configuration and click Edit.

  • In the Basic SAML Configuration page, configure the following fields:

    • Identifier (Entity ID): Paste the Portal URL from Zoho ERP to set the default identity provider.

    • Reply URL (Assertion Consumer Service URL): Paste the ACS URL provided by Zoho ERP, Microsoft Azure will deliver the SAML responses after a user signs in.

  • The other fields can be configured with the default selection, as they are already set to values that are compatible with Zoho ERP.

The SAML configuration in Microsoft Azure will be complete.

Configure Portal SSO in Zoho ERP

Once you have configured your SAML application in Microsoft Azure, you must configure the portal SSO in Zoho ERP to complete the set up.

  • Log in to your Zoho ERP organisation.

  • Go to Settings on the top right corner of the page.

  • Click Customer Portal under Setup & Configuration.

  • Switch to the General tab on the top and scroll to Portal Login section.

  • Choose on SSO (Single Sign On) and click Configure in the Portal Login section.

  • Now, go to your application in Microsoft Azure.

  • Select the application that you’ve created.

  • Navigate to Manage on the left side bar and select Single sign on.

  • Copy the Login URL and paste it in the Login URL field in Zoho ERP.

  • Copy the Logout URL and paste it in the Logout URL field in Zoho ERP.

  • Copy the Login URL and paste it in the Reset Password URL field in Zoho ERP.

  • You must paste the Certificate (Base 64) in the Public Key field in Zoho ERP. To do this:

    • Go to SAML Signing Certificate and click Download adjacent to Certificate (Base 64).

    • Open the downloaded certificate with any text editor.

    • Copy the entire contents, including the Begin Certificate and End Certificate.

    • Paste this into the Public Key field in Zoho ERP.

Warning: Ensure you copy the certificate including both -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- , else the SSO configuration will be invalid.

  • Click Save.

The Single Sign On (SSO) between Microsoft Azure and the portal will be set. Your customers can sign in to their Microsoft Azure AD account, and will be automatically signed in to the portal using a single sign on, ensuring a secure and seamless authentication experience.

Test the Configured Single Sign On Set Up

Once the application is set up and the SSO configuration is complete, you can test if the setup is working as expected from your application in Microsoft Azure. Here’s how:

  • Go to your application in Microsoft Azure.

  • Navigate to Single sign on under Manage on the left side bar.

  • Scroll to the Test single sign on with “application name” section.

  • Click Test.

You will be directed to the sign on page where you can test it.

ON THIS PAGE...