Set up SSO for Site24x7 with SAML-based authentication
What is SSO?
Before explaining what single sign-on (SSO) is, we must go through how traditional authentication works:
- A service will present the user with a login page where they must submit a set of login credentials (i.e., a username and password). Some services might ask for more authentication information, such as a one-time password.
- The credentials submitted by the user are validated against the ones present in the database of the service.
Traditional authentication is quite intuitive; everything is managed within the service, providing a simple way for users to authenticate themselves. However, if a user needs to access multiple applications with a different set of login credentials for each application, it quickly becomes cumbersome for the user. They must remember multiple credentials and comply with different password policies.
SSO is a feature that lets you access Site24x7 as well as third-party applications with a single submission of user credentials. Users aren't required to remember an array of usernames and passwords for all applications to which they need access. Site24x7 is a service by ManageEngine, a division of Zoho, and uses Zoho Accounts for SSO using Security Assertion Markup Language (SAML).
In an enterprise environment, SSO enables organizations to centrally control access to applications, allowing or blocking usage from a single identity provider. This eliminates the need to configure access policies individually within each application.
What is SAML?
SAML, developed by the Security Services Technical Committee of OASIS, is an XML-based framework for exchanging user authentication, entitlement, and attribute information. SAML is a derivative of XML. The purpose of SAML is to enable SSO for web applications across various domains and services.
Using SAML, a user can use third-party access management services, like Okta, AD Federation Services, Azure, and OneLogin, to sign in to Site24x7 via SSO. To configure and use SAML authentication for your organization, you need to provide SAML URLs and the public key provided by the SAML or identity provider (IdP) service you have chosen. However, you must be the Super Admin of the account to set up SSO via SAML. Follow the steps below to set up SSO for accessing Site24x7 with SAML-based authentication:
- Inside your access management app, select predefined Zoho SAML or create any custom SAML application. Also, obtain the Login URL and Logout URL for your configuration needs.
- You'll be redirected to the Zoho Accounts page where you will be asked to configure the Single Sign-On URL and Entity ID URLs for Zoho Accounts.
- Navigate to Preferences > Settings > SAML Authentication > Setup Now.
- Fill in the configuration details for SAML provided by the third-party IdP or a SAML-supported system like AD. The parameters required for SAML configuration include the following:
- Login URL: Enter the IdP URL where the user gets redirected to for authentication at the IdP.
- Logout URL: Enter the IdP URL where the user gets redirected to after logging out of any Zoho service.
- Change Password URL: Enter the IdP URL that the user will be redirected to in case they want to change their account's password.
- PublicKey: Provide the certificate with which Zoho Accounts can check the digital signature on the SAML assertion response.
- Algorithm: Select the algorithm with which the PublicKey is generated.
- Just In Time Provisioning: Click this check box to automatically create a user in Zoho Accounts when they log in via your IdP. The user will be added after the SAML response and their domain are validated.
- Zoho Service: Select Site24x7 from the drop-down menu and click the Add button.
- Status: You can enable or disable SAML for your organization by using the drop-down menu.
- Metadata: Click Download to download the metadata file. The metadata file contains information you need to provide to your IdP.
Click the check box if you need a logout request or response sent to your IdP.
Make sure the key is a Base64-encoded CER, CRT, CERT, or PEM file. We don't accept any other format for the certificate.
An Org Super Admin will only be able to log in using Zoho Accounts credentials (a Zoho Accounts password) for security and recovery reasons. They will have the permission to manage the SAML authentication of all other users in the Org and they can exclude any user from SSO logins. However, the users cannot have both a Zoho Accounts password and SSO access at the same time.
Related Articles
Set up SAML SSO authentication for my Site24x7 account with Okta
Integrate SAML with Okta to enable single sign-on (SSO), streamline user access management, and leverage Okta as a trusted identity provider (IdP) for Zoho. Prerequisites: You need to have the Identity Provider Single Sign-On URL and X.509 ...Configuring SAML SSO between Site24x7 MSP and Microsoft Entra ID
What is SAML authentication? Security Assertion Markup Language (SAML) is a secure authentication method that allows users to log in to multiple applications using a single set of credentials. With SAML, users sign in once through a trusted identity ...Trend-based alerting using the EWMA algorithm
While configuring AppLogs alerts, you have to choose if your alert should be count-based or trend-based. For trend-based alerts, to calculate the average values, Site24x7 uses the Exponentially Weighted Moving Average (EWMA) algorithm to identify ...How to set the PHP path during agent installation?
This is only applicable to the agent versions 4.2 and above. For Linux Step 1: Download the installation script. wget -O InstallAgentPHP.sh https://staticdownloads.site24x7.com/apminsight/agents/AgentPHP/linux/InstallAgentPHP.sh Step 2: Set your PHP ...How to set thresholds and get alerted based on the number of DOWN locations?
By configuring the proper thresholds for your web application, you can decide when to get alerted for a DOWN monitor. Let's say you have a web application that you monitor from our three global locations and your downtime rule is set as three ...