Azure AD Single Sign-On

(Available in Enterprise Edition only)

Zoho Vault provides an option for IT administrators to easily integrate with Microsoft's Azure Active Directory for better collaboration and effective user management. This integration not only enables admins to leverage their existing identity management investments but can also help their users enjoy the single sign-on experience, remote access, dual layers of protection, real-time monitoring and enhanced security.

This integration process involves three steps as described below.

  • Step-1: Enabling Azure AD Single Sign-on for Zoho Vault
  • Step-2: Configuring Single Sign-On
  • Step-3: Assigning Users

Note: Only Super Admin(s) can enable Azure AD Single Sign-On for their organizations.

Prerequisites

  • A valid Azure subscription
  • A Zoho Vault account
  • Complete the "Step-1: Domain Configuration" as mentioned in this help document.

Step-1: Enabling Azure AD Single Sign-On for Zoho Vault

  • Go to Azure Management Portal. In the left-hand side navigation pane, click "Active Directory."

  • From the Directory list, select the directory to which you wish to enable the integration.
  • To open the applications view, in the directory view, click "Applications" in the top menu.

  • Click "Add" at the bottom of the page.

  • On the What do you want to do dialog, click "Add an application from the gallery."

  • In the search box, type "Zoho."
  • In the results pane, select "Zoho", enter the Display Name as "Zoho Vault" and then click "Complete" to add the application.

Step-2: Configuring Single Sign-On

  • In the Azure AD portal, on the Zoho Vault application integration page, click "Configure single sign-on."

  • On the How would you like users to sign on to Zoho page, select "Windows Azure Single Sign-On", and then click "Next."

  • On the Configure App URL page, in the Zoho Vault Sign-On URL text box, type the URL "https://www.vault.zoho.com", and then click "Next."

  • On the Configure single sign-on at Zoho Vault page, click "Download Certificate", and save the certificate file on your computer.

  • In a different web browser window, log into your Zoho Vault account (as super admin).

  • Navigate to Admin -> AD/LDAP Integration  -> click the"SAML Configuration" tab.

In the SAML Configuration tab, perform the following steps:

  • Copy the Remote Login URL value from the Azure portal, and then paste it in the Login URL textbox.
  • Copy the Remote Logout URL value from the Azure portal, and then paste it in the Logout URL textbox.
  • Browse and select the downloaded certificate (extension must be ".cer").
  • Select "RSA" for algorithm. (or) Set "RSA" as Algorithm.
  • Click "Submit."

On the Azure AD portal, select the single sign-on configuration confirmation, and then click Complete.

Step-3: Assigning Users

To allow your users to log in to Zoho Vault using their Azure AD credentials, you need to first assign users to the Zoho app. You can do that by following the below instructions:

  • In the Azure AD portal, on the Zoho application integration page, click "Assign users."

  • Select your users, click "Assign", and then click "Yes" to confirm your assignment. Now, users will be redirected to Microsoft login page when they try to access Zoho Vault, and they can supply their Azure credentials to login.

Once you complete all the above steps, Azure AD Single Sign-On will be configured and activated for Zoho Vault. Thereafter, your users need to follow the below steps to log into Zoho Vault.

  • Go to Zoho Vault login page
  • Go to "Sign in with Active Directory Credentials" section at the bottom of the sign in page
  • Enter the name of your domain
  • Click 'Go.'

Users will be redirected to the identity provider's (Azure) web page for authentication. They will have to enter their Azure credentials here, and once the authentication succeeds, they will be redirected to the Zoho Vault website, which will allow access to the user.