SAML Integration with Okta
Okta is a secure identity cloud that links all apps, logins and devices into one unified fabric. You must obtain the login URL, logout URL, and the certificate and submit it at Zoho. Site24x7 is a service by Zoho, and use Zoho Accounts for Single Sign-On (SSO).
Using the pre-configured Zoho App
1. Log in to your Okta account.
2. Click Admin in the top-right corner.
3. Click Add Applications under Shortcuts.
4. Search for Zoho SAML.
5. Click Add.
6. Enter your domain name or ZOID and click Done.
7. Navigate to the Sign On tab.
8. Click View Setup Instructions.
9. You can view the Login URL/SignOn URL and the Logout URL/SignOut URL on this page.
11. Click the link if you want to download the X.509 certificate.
12. Configure Single Sign-On URL and Entity ID URLs in Zoho Accounts, as listed below.
- The credentials which customers use for logging into Zoho Accounts before the integration, will not work after configuring SAML.
- All users who can log in to OKTA, will not get access to Site24x7. Rather, they should be invited by Super Admin or Admin, as only a Super Admin or Admin can determine the user roles.
Configure SAML in Zoho Accounts
You'll need Super Admin access to your Org account before you configure SAML with Site24x7.
2. Under the Preferences tab click SAML Authentication.
3. Click Setup Now
4. Enter the required details:
- Login URL: The IdP URL where the user gets redirected to for authentication at IdP.
- Logout URL: The IdP URL where the user gets redirected to after logging out of Zoho.
Note: Tick the checkbox if you need a logout request/response sent to your IdP.
- Change Password URL: The IdP URL that the user will be redirected to in case they want to change their account's password.
- PublicKey: The certificate with which Zoho can check the digital signature on the SAML assertion response.
Note: Make sure the key is a base-64 encoded .cer, .crt, .cert, or .pem file. We don't accept any other format for the
- Algorithm: The algorithm with which the PublicKey is generated.
- Just In Time Provisioning: Check
this tick-box if you want a user from your IdP to be added to Zoho impromptu. We will add them to Zoho after validating the SAML Response
and their domain.
- Zoho Service: Select Site24x7 service from the drop-down among different Zoho services so users will land on the service after their login is verified.
5. Click Add.
Note: If you chose to send a logout request/response to your IdP, you must upload the logout certificate at your IdP.
6. You can enable or disable SAML for your organization by using the status drop-down menu.
7. Click Download
to download the metadata file. The metadata file contains information you need to provide to your IdP.
- Entity ID: Zoho.com is the entity which issues the SAML Request
- Certificate: You can find this in the ‹ds: X509Certificate› tag in the metadata file. This certificate is used to verify the Logout Request or Logout Response sent from Zoho.
Note: You will receive this only if you have ticked the Logout response checkbox.
- Logout URL: Find the tag ‹md: SingleLogoutService› in the metadata file. This is your required Logout Endpoint to be configured at the IDP.
- Assertion Consumer Service URL: This URL can be found in the Location element under the tag ‹md: AssertionConsumerService›. This is the URL endpoint where the IdP must send the SAML response to.
Note: Zoho only supports email address Name ID format, as specified in the metadata file.