• Home
• App Integrations
• Single Sign-On Integrations
• Zoho Single Sign-On

Configure Zoho as SAML IDP for SSO

---

miniOrange Identity Broker service solution enables cross protocol authentication. You can configure Zoho as an IDP for Single Sign-On (SSO) into your applications/websites. Here, Zoho will act as an Identity Provider (IDP) and miniOrange will act as a broker.

We offer a pre-built solution for integrating with Zoho, making it easier and quick to implement. Our team can also help you set up Zoho as SAML IDP to login into your applications.

Prerequisite:

• To get started you need to have an active Zoho account with administrator rights for your organization.
• Go to miniOrange Admin console and navigate to Identity Providers in the left navigation menu. Then, click on Add Identity Provider button.



• In Choose Identity Provider, select SAML from the dropdown.



• Search for Zoho in the list. If you don’t find it, search for SAML Provider and set up your application there.



• Now click on the Click here link to get miniOrange metadata as shown in Screen below.



• For SP -INITIATED SSO section, select Show Metadata Details.



• Keep ACS URL, Single Logout URL and Entity ID or Issuer which you will require in Zoho console in Step 1.



• To setup branding, go to the Customization section from the left navigation bar.
• In Basic Settings, set the Organization Name of your choice.
• Click Save. Once that is set, the branded login URL would be of the format https://<custom_domain>.xecurify.com/moas/login

Steps to setup Zoho as an IDP and miniOrange as a Service Provider (SP) for SSO login

1. Configure miniOrange as Service Provider (SP) in Zoho

• Login to your Zoho domain as an Account Administrator.
• Go to the Applications tab from the left navigation bar.
• Click on Add application button on the top right corner.



• On the top right corner, click on Create Custom App.



• Enter Display Name.
• From SSO Mode, select SAML from the dropdown.



• Enter the SP metadata details that you saved from miniOrange:

Sign-In URL	Paste the SSO Login URL that you copied from the miniOrange SP metadata section
Sign-Out URL	Paste the SSO Logout URL that you copied from the miniOrange SP metadata section
Assertion Consumer Service URL	Paste the ACS URL that you copied from the miniOrange SP metadata section
Issuer	Paste the EntityID that you copied from the miniOrange SP metadata section

• Click on the Done button. miniOrange is successfully saved as a SP in Zoho.



• Now click on the application that you created. Go to the Single Sign-On tab >> Identity Provider Details. Click on the Download IDP Metadata. This you will require while configuring Zoho as an IDP in the miniOrange console.

2. Configure Zoho as Identity Provider (IDP) in miniOrange

• Go to miniOrange Admin console and navigate to Identity Providers in the left navigation menu. Then, click on Add Identity Provider button.



• In Choose Identity Provider, select SAML from the dropdown.



• Search for SAML Provider.



• Click on Import IDP metadata.



• Enter Zoho as IDP name. Browse and upload the file downloaded from Zoho.
• Click on Import.



• As shown in the below screen the IDP Entity ID, SAML SSO Login URL and x.509 Certificate will be filled from the Metadata file we just imported.



• Click Save.
• Enable the toggle button Enable for Enduser Login.



• Click on Save.

3. Test SSO Configuration

Test SSO login to your miniOrange account with Zoho IDP:

Using SP-Initiated Login

• Go to your miniOrange branded login URL. Here you will be either asked to enter the username or click on the SSO link (Login with Zoho) which will redirect you to the Zoho IdP Sign-On Page.



• Enter your miniOrange login credentials and login. You will be automatically logged in to your miniOrange dashboard.




Using IDP Initiated Login

• For IDP-initiated login, you need to have IDP-initiated metadata values from the miniOrange. For this, go back to the miniOrange dashboard >> Identity Providers >> Select Metadata against your IDP.



• Click on Show Metadata details in FOR IDP - INITIATED SSO section and copy the ACS URL. This you will require in Zoho console.



• Go back to the Zoho admin console and then Applications tab from the left navigation bar.
• Click on the application that you created (In our case: miniOrange), to verify the SSO configuration.
• Click on Single Sign-On tab >> Service Provider.
• Paste the ACS URL in the Assertion Consumer Service URL field that you copied from the miniOrange in the previous step and save the settings.



• Go to the User Home from the left navigation bar and click on miniOrange app.



• You will be successfully logged into the miniOrange dashboard.

Not able to configure or test SSO?

Contact us or email us at idpsupport@xecurify.com and we'll help you setting it up in no time.

Configure Attribute Mapping

• Go to Identity Providers.
• Click the three dots in the Actions menu, and select Attribute Mapping against the Identity Provider (IDP) you configured.

• Attribute Type - USER
• Attribute Type - EXTERNAL

Maps information, such as email and username, during Just-In-Time (JIT) user creation. Email and Username attributes are necessary to create the user profile.

• Click on the + Add Attribute button to add the attribute fields.



• Check the attributes in the Test Connection window from the previous step. Choose any attribute names you want to send to your application under Attribute Name sent to SP.
• Enter the values of the attributes coming from IdP into the Attribute Name from IdP field on the Xecurify side.

EXTERNAL mappings help alter incoming attribute names before sending them to apps, ensuring that the data is in the correct format.

• Click on the + Add Attribute button to add the attribute fields.



• Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
• Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.

External References

• Sign in to your Zoho account
• Zoho SAML SSO: Configure Zoho as SP in miniOrange
• Zoho Marketplace home page
• Two-Factor Authentication for Zoho
• Zoho CRM Single Sign-on (SSO)
• Know the difference between SP Initiated SSO vs. IdP Initiated SSO