SSO for Cloud Apps

Single Sign-On for Cloud Apps 

(Available in Enterprise Edition only)

With Zoho vault, IT administrators can simplify password management for their users using a highly reliable Single Sign-On mechanism. Once configured, users can utilize their Zoho Vault account to access all their applications. While users enjoy the Single Sign-On experience, administrators can simplify the process of user management, monitor user activities in real-time, and enhance security multifold within the organization.

How it works:

  • Administrators configure Single Sign-On for various applications in Zoho Vault by providing the details of all the applications and setting access permissions for users. 
  • Users log into Zoho Vault and click on any of the applications from the Apps  page.
  • Users are automatically logged into the application without entering password, skipping the login screen altogether
  • The entire authentication process takes place automatically in the backend without any interruption to the users.
  • In this process, Zoho Vault is technically the identity provider (IdP) and the respective applications acts as the service provider (SP).

Zoho Vault leverages the most secure and widely-used industry-standard, Security Assertion Markup Language (SAML), for this SSO configuration. So, Single Sign-On can be readily integrated with any service provider that supports SAML 2.0. Zoho Vault SAML supports a growing list of popular applications at present. If you use an application that supports SAML 2.0 that we don't already support out-of-the-box, you can add them manually with our custom option.

To configure Single Sign-On for any application, you should complete the three steps as mentioned below:

  • Step 1: Add the application and provide its details
  • Step 2: Configure SAML
  • Step 3: Map users and the application 

Note: Only super admins can configure Single Sign-On for their users.

Prerequisites

  • The application must support SAML 2.0
  • The application (service provider) you wish to configure Single Sign-On should have help documentation that covers SAML-specific information

Step 1: Add the application and provide its details

  1. Navigate to Apps -> Manage Apps
  2. Click Add Supported App or Add Custom App
  • Zoho Vault SAML supports a growing list of popular applications at present which you can activate from the Add Supported App option. For each application, you can find the step-by-step instructions in this section of our help documentation. 
  • If you use an application that supports SAML 2.0 but is not supported by us out-of-the-box, you can add them manually using our Add Custom App option. 
  1. In the Application Settings tab, you can either upload the SP details using a metadata file or provide the required details manually. These details will generate the XML needed for the application's  SAML request.

  • Application Name - Provide a name for the application.
  • Description (Optional) - Add the application's description here, if needed.
  • Default RelayState (Optional) - Add the URL of the specific page users should land on after the login authentication process.
  • Logo (Optional) - Add the logo of the application, if needed.
  • Assertion Consumer Service URL -  The address where the SAML response should be posted to.
  • Single Sign-on URL - Provide the Single Sign-On URL of the service provider, i.e., the application's login URL.
  • Single Logout URL - The web address where users will be redirected after the logout. 
  • Audience URI (SP Entity ID) - Provide the Entity ID(Issuer) of your application (SP)here. You cannot add more than one application with the same Entity ID.
  • Certificate - Provide the application's public key certificate to verify the digital signatures. Browse to select the certificate and upload.
  • Logo (Optional) - Add the logo of the application, if needed.
  • Upload SP Metadata File - A file that contains information about the service provider.
  • Attribute - Information about users (supports - first name, full name, email, last name)

After providing all the details in the Application Settings tab, click the Next button.

Step 2: Configure SAML

To complete the federated Single Sign-On configuration with the application, you need to provide the details of Zoho Vault (IdP) to the application (SP). You can copy the required details for the configuration from here or download it as a metadata file.

  • Identity Provider Single Sign-On URL - Zoho Vault's login URL, where all user login requests will be redirected
  • Identity Provider Single Logout URL: Zoho Vault's logout URL, where all user logout requests will be redirected
  • Identity Provider Issuer: Zoho Vault's Issuer 
  • Identity Provider Certificate: Zoho Vault's public key certificate
  • Download Metadata: Optional metadata file to be used if you don't want to configure the IdP details manually

After providing all the details in the IdP Details tab, click the Next button.

Step 3: Map users and the application

To allow users to access the application using Single Sign-On, you first need to map them in Zoho Vault. This process comes in handy during user onboarding and termination . You can do that by following the below instructions:

  1. Select the list of users to whom you wish to give access to the application with SSO enabled and click the -> button.
  2. Click the Save button.

Once you complete this Single Sign-On configuration process, users will be able to see the list of their assigned application in the Apps page. They just need to click the application's icon to log them in without entering a password.

Steps to edit the Single Sign-on Configuration

  1. Navigate to Apps -> Manage Apps
  2. From here, you can view the list of applications configured with Single Sign-On along with their name, URI, and description. 
  3. Click the More Actions icon to edit the configuration anytime.
  4. You can also delete the configuration using the Delete icon.

Bulk Configuration:

You can also configure single sign-on for multiple apps in bulk using the More Actions button. Read the table below for a list of bulk operations available in Zoho Vault.

Grant User Access

Option to select multiple apps and grant user access to those apps.

  1. In the Manage Apps page, select the required apps that you wish to grant user access to and click More Actions > Grant User Access.
  2. Select users who will have single sign-on access for the selected applications.
  3. Click Save.
Revoke User Access

Option to select multiple apps and revoke user access to those apps.

  1. In the Manage Apps page, select the required apps to which you wish to revoke user access and click More Actions > Revoke User Access.
  2. Select the users that you want to revoke permissions for on the selected apps.
  3. Click Save.
Enable Apps

Option to select multiple apps that are already mapped to users and enable them for access across the company.

  1. In the Manage Apps page, select the apps that you want to enable and click More Actions.
  2. Click Enable Apps. 
Disable Apps

Option to select multiple apps that are already mapped to users and disable them for access across the company.

  1. In the Manage Apps page, select the apps that you want to disable and click More Actions
  2. Click Disable Apps.
Delete Apps

Option to select multiple apps and delete them from the Apps list.

  1. In the Manage Apps page, select the apps that you want to delete and click More Actions. 
  2. Click Delete.

All the bulk operations will be recorded in the audit trails and can be traced back for forensic purposes. 

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: support@zohovault.com