SAML - Security Assertion Markup Language, developed by the Security Services Technical Committee of "Organization for the Advancement of Structured Information Standards" (OASIS), is an XML-based framework for exchanging user authentication, entitlement, and attribute information. SAML is a derivative of XML. The purpose of SAML is to enable Single Sign-On for web applications across various domains and services.
SAML based Authentication for Zoho
The organizations setup in Zoho can configure and use SAML for authentication mechanism. The organization administrator can configure SAML using the SAML URLs and the public key provided by the SAML service they have chosen. The administrator also needs to configure the 'custom URL' for their domain users to login.
When a user access the custom URL, the user will be redirected to the configured SAML URL for the login and validation. The IDentity Provider (IDP), returns back SAML response specific to the user after login validation. The SAML response will be decoded based on the certificate file uploaded in Zoho.
If the response indicates successful authentication, the user session is initiated in Zoho.
SAML Registration Process:
- Add and verify your domain
- Create users and Email accounts
- Configure Custom URL for your domain
- Configure the SAML Authentication in Admin Console
The configuration details for the SAML are provided by the third party Identity provider (IDP) or a SAML supported system like Active Directory.
The parameters required for SAML configuration includes:
Login URL: All the Organization users will be re-directed for custom authentication.
Logout URL: The URL has to be re-directed when users are signed-out from Zoho services under SSO.
Change password URL: Identity Providers' password reset URL, which will be called when the user tries to reset the password in Zoho.
Public key: Key used to decode the response message sent by the Identity provider. Save the Key in a text file and upload it to configure the SAML for the organization.
Once you have set up the SAML process, with the details provided by the SAML provider, you need to login using your custom URL for authentication. This will redirect your authentication to your provider automatically.
- Launch your custom URL (mail.yourdomain.com)
- This will be redirected to the SAML login page, provided in the configuration.
- The authentication will be validated by the identitiy provider.
- The Identity provider will provide an encrypted response to Zoho.
- The response will be decoded and will the user will be authenticated if the response returned is 'Success'.