Single Sign-On Configuration using SAML
Zoho Vault provides the option for IT administrators to integrate the service with any federated single sign-on solutions, such as Okta or OneLogin, that supports SAML 2.0. With this option, enterprises can offer seamless login experience to end-users, simplify user management with automated provisioning and de-provisioning of user accounts, and step up their enterprise security to the next level.
How it works
- Administrators configure single sign-on for Zoho Vault in solutions like Okta or OneLogin by providing its details and setting access permissions for users.
- Users log in to Okta (or) any other solution and click on Zoho Vault icon from the Apps page.
- Users will be automatically logged in to Zoho Vault, skipping the login screen altogether.
- Exchange of authentication details will take place in the background between Zoho Vault and the single sign-on solution.
- In this process, Zoho Vault will act as the service provider (SP) and the single sign-on solution will act as the identity provider (IdP).
You can configure single sign-on for Zoho Vault with any identity provider that supports SAML 2.0. In this document, we provide instructions for integrating Zoho Vault with the most popular single sign-on solution, Okta.
Steps to add Zoho Vault as an application in Okta:
- Step 1: Domain configuration and importing users into Zoho Vault
- Step 2: Adding Zoho Vault as an application on the Okta dashboard
- Step 3: Configuring Okta details in Zoho Vault
- Step 4: Assigning Zoho Vault to users in Okta
Note: Only super admins can configure single sign-on.
- The identity provider must support SAML 2.0
Step 1: Domain Configuration and importing users into Zoho Vault
- Navigate to Admin >> AD/LDAP Integration >> Add & Verify domain.
- Click Add Domain and enter your domain name.
- Verify the domain you have added. There are two methods to verify your domain: CNAME & HTML file method.
- Choose the verification method and follow the instructions there to verify your domain.
You can import users into Zoho Vault by following the instructions mentioned in Step-2 of this document.
Step 2: Adding Zoho Vault as an application on the Okta dashboard
- Log in to your Okta with admin privilege.
- Click the Applications tab.
- Click Add Application.
- Click Create New App.
- In the pop up window, set Platform as Web and Sign on method as SAML 2.0 and click Create.
- Enter the application name (Zoho Vault) as prompted under General Settings. You can also upload a logo and click Next.
- In the second step, you need to provide the service provider (Zoho Vault) details to Okta.
- Single Sign On URL: https://accounts.zoho.com/samlresponse/<verified_domain_name>
- Audience URI (SP Entity ID):zoho.com
- Default RelayState: aHR0cHM6Ly92YXVsdC56b2hvLmNvbV9fSUFNX19ab2hvVmF1bHQ=
- Name ID format: EmailAddress
- Application username: Email
- Click Next after providing the above details.
- Select I'm an Okta customer adding an internal app radio button and click Finish.
On successful addition, the application details will be displayed as shown in the image below. Click on Sign On and then select View Setup instructions. A new tab will open containing the details required to configure SAML 2.0 in Zoho Vault, which is discussed in the next step.
Step 3: Configuring Okta details in Zoho Vault
- Navigate to Admin >> AD/LDAP Integration >> SAML Configuration tab in Zoho Vault GUI, and enter your identity provider details.
- After entering all the details, click Save & Enable
Step 4: Assigning Zoho Vault to users in Okta
- Navigate to Applications >> Assign Applications.
- Under People, select the desired users and confirm assignments.