Azure AD integration with Zoho Vault

(Available in Enterprise Edition only)

Zoho Vault provides an option for IT administrators to integrate with Microsoft's Azure Active Directory for easy collaboration and user management. With this integration, there are two primary benefits:

  • It provides centralized user management from the Azure AD portal and control over who can access Zoho Vault.
  • Users can access Zoho Vault with their existing Azure AD credentials.

This integration involves three steps:

  1. Add Zoho from the Azure gallery
  2. Configure Azure AD Single Sign-on
  3. Assign Users

Note:Only the Super Admin(s) can enable Azure AD Single Sign-on for their organizations.

Prerequisites

  • A valid Azure subscription
  • A Zoho Vault account with Enterprise Edition license
  • Completion of the first step of Domain Configuration, as shown here.

Adding Zoho from the Azure gallery

  1. Go to the Azure portal. 

  2. Click the Azure Active Directory icon on the left navigation panel.
  3. Navigate to Enterprise applications and select All applications.

  4. Click the Add Application button at the top of the dialog box. 

  5. In the search box, type Zoho.

  6. In the results panel, select Zoho and click the Add button.

Configuring Azure AD Single Sign-on

  1. In the Azure portal, click Single Sign-on in the Zoho application integration page.

     

  2. In the Single Sign-on dialog box, set Mode as SAML-based Sign-on.

     

  3. In the Zoho Domain and URLs section, enter  "https://accounts.zoho.com/samlresponse/your-verified-domain" in the Sign-on URL field.

    Note: Replace <your-verified-domain> with your actual verified domain URL)

  4. Enable the Show advanced URL settings check box and enter the details:
    • Identifier: zoho.com
    • Relay State: aHR0cHM6Ly92YXVsdC56b2hvLmNvbV9fSUFNX19ab2hvVmF1bHQ=
  5. Click Certificate (Base64) in the SAML Signing Certification section and save the certificate file on your computer. 

  6. Click Save.

  7. In the Zoho Configuration section, click Configure Zoho to open Configure sign-on window.

  8. Copy the Sign-out URL, Change Password URL, SAML Single Sign-On Service URL, and other details from the Quick Reference section.
  9. In a different web browser window, log into your Zoho Vault account as the super admin.
  10. Navigate to Admin and select AD/LDAP Integration , then  click the SAML Configuration tab.

  11. In the SAML Configuration tab, select Enter IdP details manually and perform the following steps:
    • Copy the Remote Login URL value from the Azure portal, and then paste it in the Login URL textbox.
    • Copy the Remote Logout URL value from the Azure portal, and then paste it in the Logout URL textbox.
    • Select the downloaded certificate (extension must be ".cer").
    • Select RSA for the algorithm.
    • Click Save & Enable. 

Assigning Users

  1. In the Azure portal, open the Applications view.
  2. Navigate to the Directory view and select Enterprise applications, then click All applications.

  3. In the applications list, select Zoho.

  4. Click Users and groups in the left-side menu.

  5. Click Add.

     

     

  6. Select Users and groups from the Add Assignment dialog.
  7. Select users from the list.
  8. Click Assign from the Add Assignment dialog. 

Once you complete the above steps, Azure AD Single Sign-on will be configured and activated for Zoho Vault. After this, your users will need to follow the steps below to log into Zoho Vault.

  • Go to the Zoho Vault login page.
  • Go to the Sign in with Active Directory Credentials section at the bottom of the signin page.

  • Enter the name of your domain.

  • Click Go.

Users will be redirected to the identity provider's (Azure's) web page for authentication. They will need to enter their Azure credentials here. When the authentication succeeds, they'll be redirected to the Zoho Vault website, which will allow access to the user.