mirror of
https://github.com/goauthentik/authentik.git
synced 2026-06-17 19:09:11 +03:00
website/integrations: Zoho: cleanup (#22701)
* website/integrations: Zoho: cleanup Refresh the Zoho SAML guide to match the current integration template and documented Zoho/authentik flows. Agent-thread: https://sdko.org/internal/threads/019e6b52-1f5f-7892-9ffd-229f764096a7 A7k-product: product A7k-product-repo: 2 Co-authored-by: Agent <agent@svc.sdko.net> * Update website/integrations/platforms/zoho/index.mdx Co-authored-by: Dewi Roberts <dewi@goauthentik.io> Signed-off-by: Dominic R <dominic@goauthentik.io> * Update website/integrations/platforms/zoho/index.mdx Co-authored-by: Dewi Roberts <dewi@goauthentik.io> Signed-off-by: Dominic R <dominic@goauthentik.io> --------- Signed-off-by: Dominic R <dominic@goauthentik.io> Co-authored-by: Agent <agent@svc.sdko.net> Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
This commit is contained in:
Dominic R
GitHub
@@ -6,7 +6,7 @@ support_level: community
|
||||
|
||||
## What is Zoho?
|
||||
|
||||
> Zoho Corporation is an Indian multinational technology company that makes computer software and web-based business tools. It is best known for the online office suite offering Zoho Office Suite.
|
||||
> Zoho provides a suite of cloud applications for business operations, including email, collaboration, CRM, finance, HR, and analytics tools.
|
||||
>
|
||||
> -- https://www.zoho.com
|
||||
|
||||
@@ -15,26 +15,26 @@ support_level: community
|
||||
The following placeholders are used in this guide:
|
||||
|
||||
- `authentik.company` is the FQDN of the authentik installation.
|
||||
- `accounts.zoho.com` is the Zoho Accounts URL for your organization's data center.
|
||||
|
||||
:::info
|
||||
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
IdP initiated login does not work with Zoho. This is due to Zoho's non-standard requirement to set the format of the SAML `NameID` response which is currently not possible with authentik.
|
||||
:::
|
||||
Use the Zoho Accounts URL that matches your organization's data center:
|
||||
|
||||
- United States: `https://accounts.zoho.com`
|
||||
- Australia: `https://accounts.zoho.com.au`
|
||||
- Europe: `https://accounts.zoho.eu`
|
||||
- India: `https://accounts.zoho.in`
|
||||
- China: `https://accounts.zoho.com.cn`
|
||||
- Japan: `https://accounts.zoho.jp`
|
||||
- Canada: `https://accounts.zohocloud.ca`
|
||||
- Saudi Arabia: `https://accounts.zoho.sa`
|
||||
|
||||
## Download Zoho metadata file
|
||||
|
||||
1. Log in to Zoho Accounts as an administrator via one of the following links:
|
||||
- United States: https://accounts.zoho.com
|
||||
- Australia: https://accounts.zoho.com.au
|
||||
- European Union: https://accounts.zoho.eu
|
||||
- India: https://accounts.zoho.in
|
||||
- China: https://accounts.zoho.com.cn
|
||||
- Japan: https://accounts.zoho.jp
|
||||
- Canada: https://accounts.zohocloud.ca
|
||||
|
||||
1. Log in to Zoho Accounts as an administrator at the Zoho Accounts URL for your data center.
|
||||
2. Navigate to **Organization** > **SAML Authentication**.
|
||||
3. Click **Download Metadata**. You will require this Zoho metadata file in the next section.
|
||||
|
||||
@@ -42,33 +42,22 @@ IdP initiated login does not work with Zoho. This is due to Zoho's non-standard
|
||||
|
||||
To support the integration of Zoho with authentik, you need to create an application/provider pair in authentik.
|
||||
|
||||
### Create provider
|
||||
### Create an application and provider
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Provider** and click **Create**.
|
||||
2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard.
|
||||
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
|
||||
- **Choose a Provider type**: select **SAML Provider from Metadata** as the provider type.
|
||||
- **Configure the Provider**:
|
||||
- Provide a descriptive name.
|
||||
- Select the authorization and invalidation flows to use for this provider.
|
||||
- For **Metadata**, select the Zoho metadata file that was downloaded in the previous section.
|
||||
|
||||
3. Click **Finish** to save the new provider.
|
||||
4. Select the **Edit** icon of the newly created Zoho provider, and configure the following settings:
|
||||
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization and invalidation flows to use for this provider, and the following required configuration:
|
||||
- **Metadata**: select the Zoho metadata file that you downloaded in the previous section.
|
||||
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page.
|
||||
3. Click **Submit** to save the new application and provider.
|
||||
4. Navigate to **Applications** > **Providers** and click the **Edit** icon of the Zoho provider.
|
||||
5. Configure the following settings:
|
||||
- Under **Advanced protocol settings**:
|
||||
- Select an available **Signing certificate**.
|
||||
- Select an available **Signing Certificate**.
|
||||
- Set **NameID Property Mapping** to `authentik default SAML Mapping: Email`.
|
||||
|
||||
5. Click **Update** to save the changes.
|
||||
|
||||
### Create application
|
||||
|
||||
1. Log in to authentik as an administrator and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Application** and click **Create**.
|
||||
- **Configure the Application**:
|
||||
- Provide a descriptive name and slug.
|
||||
- For **Provider**, select the Zoho provider created in the previous section.
|
||||
- Under **UI Settings**, set **Launch URL** to `https://www.zoho.com/login.html`.
|
||||
3. Click **Finish** to save the new application.
|
||||
6. Click **Update**.
|
||||
|
||||
### Download authentik metadata file
|
||||
|
||||
@@ -78,28 +67,27 @@ To support the integration of Zoho with authentik, you need to create an applica
|
||||
|
||||
## Zoho configuration
|
||||
|
||||
1. Log in to Zoho Accounts as an administrator via one of the following links:
|
||||
- United States: https://accounts.zoho.com
|
||||
- Australia: https://accounts.zoho.com.au
|
||||
- European Union: https://accounts.zoho.eu
|
||||
- India: https://accounts.zoho.in
|
||||
- China: https://accounts.zoho.com.cn
|
||||
- Japan: https://accounts.zoho.jp
|
||||
- Canada: https://accounts.zohocloud.ca
|
||||
|
||||
1. Log in to Zoho Accounts as an administrator using your Zoho Accounts URL.
|
||||
2. Navigate to **Organization** > **SAML Authentication**, and under **SAML Authentication** select **Set up Now**.
|
||||
3. Click **Upload Metadata** and upload your authentik metadata file.
|
||||
4. Set **Name Identifier** to `Email Address`.
|
||||
4. In **Zoho Service**, select the Zoho service that users should open after IdP-initiated sign-in from authentik.
|
||||
5. Click **Submit**.
|
||||
|
||||
:::info
|
||||
Accounts must be manually provisioned in Zoho before logging in via authentik SSO.
|
||||
:::info User provisioning
|
||||
If you do not enable Zoho's Just-in-Time provisioning, users must already exist in your Zoho organization before they can sign in with authentik.
|
||||
|
||||
If you enable Just-in-Time provisioning, Zoho validates the SAML response and the user's domain before adding the user. Domain verification and user-field mapping in Zoho are outside the scope of this guide.
|
||||
:::
|
||||
|
||||
## Configuration verification
|
||||
|
||||
To confirm that authentik is properly configured with Zoho, log out and go to the [Zoho login page](https://www.zoho.com/login.html), and click **SIGN IN**. Enter the email address of an account that is provisioned in both Zoho and authentik and click **Next**, and then select **Sign in using SAML - SAML**. You should be redirected to authentik, where you'll be prompted to authenticate. Once authenticated, you should then be redirected to the Zoho dashboard.
|
||||
To confirm that authentik is properly configured with Zoho, open the Zoho integration from the authentik Application Dashboard. You should be redirected to Zoho and signed in to the Zoho service you selected during the Zoho configuration.
|
||||
|
||||
You can also test the SP-initiated flow by opening the Zoho sign-in page for your data center, entering the email address of an account that exists in both Zoho and authentik, and selecting the SAML sign-in option when prompted. You should be redirected to authentik to authenticate, then back to Zoho.
|
||||
|
||||
## Resources
|
||||
|
||||
- [Zoho Help - Configure SAML in Zoho Accounts](https://help.zoho.com/portal/en/kb/accounts/manage-your-organization/saml/articles/configure-saml-in-zoho-accounts#Configure_SAML_in_your_IdP_using_Zohos_Metadata)
|
||||
- [Zoho Help - SAML terminology](https://help.zoho.com/portal/en/kb/accounts/manage-your-organization/saml/articles/saml-terminologies)
|
||||
- [Zoho Help - Data center for Zoho Account](https://help.zoho.com/portal/en/kb/accounts/manage-your-zoho-account/articles/data-center-for-zoho-account)
|
||||
- [Zoho China Help - Configure SAML in Zoho Accounts](https://www.zoho.com.cn/accounts/help/saml/configure-zoho-accounts.html)
|
||||
|
||||
Reference in New Issue
Block a user