SAML SSO authentication for Site24x7 account with Okta

Set up SAML SSO authentication for my Site24x7 account with Okta

SAML Integration with Okta

Okta is a secure identity cloud that links all apps, logins and devices into one unified fabric. You must obtain the login URL, logout URL, and the certificate and submit it at Zoho. Site24x7 is a service by Zoho, and use Zoho Accounts for Single Sign-On (SSO).

Using the pre-configured Zoho App

1.  Log in to your Okta account.
2. Click Admin in the top-right corner. 
3. Click Add Applications under Shortcuts. 
4. Search for Zoho SAML.
5. Click Add.
    
6. Enter your domain name or ZOID and click Done. 
7.  Navigate to the Sign On tab.
8. Click View Setup Instructions. 
     
9.  You can view the Login URL/SignOn URL and the Logout URL/SignOut URL on this page.

10.  You have to configure the Relay State URL in such a way that it should be redirected after logging in to "https://www.site24x7.com/app/client".
11.  Click the link if you want to download the X.509 certificate.
12.  Configure Single Sign-On URL and Entity ID URLs in Zoho Accounts, as listed below.


Note:
  1. The credentials which customers use for logging into Zoho Accounts before the integration, will not work after configuring SAML.
  2.  All users who can log in to OKTA, will not get access to Site24x7. Rather, they should be invited by Super Admin or Admin, as only a Super Admin or  Admin can determine the user roles.

Configure SAML in Zoho Accounts

You'll need Super Admin access to your Org account before you configure SAML with Site24x7.

1.  Log in to your Org Admin account.
2. Under the  Preferences tab click  SAML Authentication.
3. Click  Setup Now
4. Enter the required details:
  • Login URL:  The IdP URL where the user gets redirected to for authentication at IdP.
  • Logout URL: The IdP URL where the user gets redirected to after logging out of Zoho.

    Note
    : Tick the checkbox if you need a logout request/response sent to your IdP.

  • Change Password URL: The IdP URL that the user will be redirected to in case they want to change their account's password.
  • PublicKey: The certificate with which Zoho can check the digital signature on the SAML assertion response.

    Note
    : Make sure the key is a base-64 encoded .cer, .crt, .cert, or .pem file. We don't accept any other format for the certificate.

  • Algorithm: The algorithm with which the PublicKey is generated.
  • Just In Time Provisioning: Check this tick-box if you want a user from your IdP to be added to Zoho impromptu. We will add them to Zoho after validating the SAML Response and their domain.
  • Zoho Service: Select Site24x7 service from the drop-down among different Zoho services so users will land on the service after their login is verified.

5. Click Add.

Note: If you chose to send a logout request/response to your IdP, you must upload the logout certificate at your IdP.
6. You can enable or disable SAML for your organization by using the status drop-down menu.
7. Click Download to download the metadata file. The metadata file contains information you need to provide to your IdP.


  • Entity ID: Zoho.com is the entity which issues the SAML Request
  • Certificate: You can find this in the ‹ds: X509Certificate› tag in the metadata file. This certificate is used to verify the Logout Request or Logout Response sent from Zoho.

    Note
    : You will receive this only if you have ticked the Logout response checkbox.

  • Logout URL: Find the tag ‹md: SingleLogoutService› in the metadata file. This is your required Logout Endpoint to be configured at the IDP.
  • Assertion Consumer Service URL: This URL can be found in the Location element under the tag ‹md: AssertionConsumerService›. This is the URL endpoint where the IdP must send the SAML response to.

    Note
    : Zoho only supports email address Name ID format, as specified in the metadata file.
    urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress


    • Related Articles

    • Set thresholds for plugins

      As soon as a plugin monitor is added in your Site24x7 account, a default threshold and availability profile will be created. But no threshold limit value will be set, unlike for a server monitor. The user can then go to Admin > Configuration Profile ...
    • Secure my Site24x7 account using Two Factor Authentication

      The Two Factor Authentication is a 2 step verification process before you are authorized to log in to your Site24x7 account. It thus adds an additional layer of security to your Site24x7 login process. At the organization level, Login to your ...
    • What to do if I create a new Site24x7 account by mistake even though my organization has an existing account?

      When your organization already holds an existing  account in Site24x7 and you create a new one by mistake, you can follow these steps: Terminate your Site24x7 account. Terminate your newly created organization. Request your admin to add you as a user ...
    • Validating sender email using DKIM authentication

      What is DKIM? DomainKeys Identified Mail (DKIM) is an advanced authentication method used widely by email service providers to verify the email from the point of its origin by validating the email sender. It allows the email senders to authenticate ...
    • Set up a password expiry policy

      Zoho Single Sign on lets you set a password policy for a more secure login to your Site24x7 account. Setting a password policy lets you,  define how often the password for your organization users needs to be reset define how complex your password ...