SAML SSO authentication for Site24x7 account with Okta

Set up SAML SSO authentication for my Site24x7 account with Okta

Integrate SAML with Okta to enable single sign-on (SSO), streamline user access management, and leverage Okta as a trusted identity provider (IdP) for Zoho.
Prerequisites: You need to have the Identity Provider Single Sign-On URL and X.509 Certificate from Okta. 

How to configure SAML-based SSO

To configure SAML-based SSO, follow the steps below:
  1. Sign in to accounts.zoho.com.
  2. In the left menu, navigate to Organization > SAML Authentication. If you can't find Organization, click View more
  3. On the next page, click Download Metadata.
  4. Open the downloaded metadata file using a text editor.
  5. From the metadata file, copy and save the Entity ID and ACS URL.
  6. Sign in to your Okta admin console.
  7. In the left menu, navigate to Applications > Applications.
  8. Click Create App Integration, select SAML 2.0, then click Next.
  9. Enter a name for the app in the App Name field, then click Next.
  10. Paste the copied ACS URL in the Single sign on URL field and the copied Entity ID in the Audience URI (SP Entity ID) field.
  11. In the Name ID Format field, select EmailAddress and click Next.
  12. On the next page, select I'm an Okta customer adding an internal app, then click Finish.
  13. On the next page, go to the Sign On tab.
  14. Scroll down and click View SAML setup instructions to see the IdP information. 
  15. Copy the Identity Provider Single Sign-On URL and download the X.509 Certificate.
  16. Return to the SAML Authentication page at accounts.zoho.com and:
    1. Paste the Identity Provider Single Sign-On URL in the Sign-in URL field.
    2. Upload the certificate in the X.509 Certificate field.
NotesMake sure the certificate is in one of these formats: based-64 coded .cer, .crt, .cert, or .pem.

Accessing SAML

Prerequisite: Before users can sign in to Zoho via Okta, assign them to the newly configured Zoho app following these instructions
You can access SAML by following the steps below:
  1. Log in to your Zoho account and you will be redirected to Okta for verification.
  2. Alternatively, you can directly log in through your Okta account.
  3. Click the SAML app configured for Zoho and you will be redirected to your Zoho account to sign in. 
Notes
Okta supports only SP-initiated single logout (SLO). This means that when users sign out of Zoho, they are automatically logged out of Okta. However, logging out of Okta does not terminate their Zoho session. For more details on how Okta SLO works, click link.

Steps to configure SLO 

Follow the steps given below to configure SLO:
  1. Go to SAML Authentication at accounts.zoho.com, then click Edit.

  2. Copy the Sign-in URL, replace the sso part of the URL with slo, then enter it in the Sign-out URL field. Example:
    1. Sign-in URL: https://zylker.okta.com/app/zylker_app_1/exkewk79Kq4696/sso/saml
    2. Sign-out URL: https://zylker.okta.com/app/zylker_app_1/exkewk79Kq4696/slo/saml
  3. Scroll down and enable Single logout and Generate key pair.
  4. Click Submit after ensuring the X.509 certificate is re-entered, if required.
  5. Click Download in the top-right corner and tick Metadata.
  6. Open the zohometadata.xml file using a browser or text editor. From the metadata file, copy the Single logout URL and the Entity ID.
  7. Go to the General tab and click Edit next to SAML settings.
  8. Click Next to move to Configure SAML.
  9. Click Shown Advanced Settings below the General fields.
  10. Select the check box Allow application to enable Single Logout.
  11. Enter the copied SLO URL in the Single Logout URL field.
  12. Enter the Entity ID in the SP Issuer field.
  13. Click Browse next to Signature Certificate, then browse for and select the previously downloaded logoutcertificate.pem file.
  14. Click Upload Certificate, Next, and finally Finish.
To handle any other errors while signing in using SAML, refer to our troubleshooting tips.


    • Related Articles

    • Validating sender email using DKIM authentication

      What is DKIM? DomainKeys Identified Mail (DKIM) is an advanced authentication method used widely by email service providers to verify the email from the point of its origin by validating the email sender. It allows the email senders to authenticate ...

    • Setting up a website monitor w.r.t content match and HTTP configuration

      Regarding the website defacement (content match) configuration, you can set keyword checks to find the existence and non-existence of keywords in your HTML response. As far as the HTTP configurations are concerned, we support HEAD, GET, and POST ...

    • Troubleshooting false positive alerts in monitoring

      Problem False positive alerts are being generated. Possible cause The monitoring system is down in some locations. The Website monitor might be configured for one location, such as Seattle, but may appear down when accessed from another location, ...

    • Troubleshoot the Unauthorized user (Error 401) when installing Tomcat plugins

      When installing Tomcat plugins, you may encounter the following error: Unauthorized user. Does not have permissions. HTTP Error 401: This error usually occurs when the user accessing the Tomcat Manager application does not have the necessary ...

    • Meaning of the trouble message - "Content Length Modified"

      This alert indicates that the content length of your monitored website has changed compared to the previous check. Even minor textual changes on your website will be reflected as a trouble alert. How it works Under Threshold Configuration, if you ...