SAML SSO authentication for Site24x7 account with Okta

Set up SAML SSO authentication for my Site24x7 account with Okta

Integrate SAML with Okta to enable single sign-on (SSO), streamline user access management, and leverage Okta as a trusted identity provider (IdP) for Zoho.
Prerequisites: You need to have the Identity Provider Single Sign-On URL and X.509 Certificate from Okta. 

How to configure SAML-based SSO

To configure SAML-based SSO, follow the steps below:
  1. Sign in to accounts.zoho.com.
  2. In the left menu, navigate to Organization > SAML Authentication. If you can't find Organization, click View more
  3. On the next page, click Download Metadata.
  4. Open the downloaded metadata file using a text editor.
  5. From the metadata file, copy and save the Entity ID and ACS URL.
  6. Sign in to your Okta admin console.
  7. In the left menu, navigate to Applications > Applications.
  8. Click Create App Integration, select SAML 2.0, then click Next.
  9. Enter a name for the app in the App Name field, then click Next.
  10. Paste the copied ACS URL in the Single sign on URL field and the copied Entity ID in the Audience URI (SP Entity ID) field.
  11. In the Name ID Format field, select EmailAddress and click Next.
  12. On the next page, select I'm an Okta customer adding an internal app, then click Finish.
  13. On the next page, go to the Sign On tab.
  14. Scroll down and click View SAML setup instructions to see the IdP information. 
  15. Copy the Identity Provider Single Sign-On URL and download the X.509 Certificate.
  16. Return to the SAML Authentication page at accounts.zoho.com and:
    1. Paste the Identity Provider Single Sign-On URL in the Sign-in URL field.
    2. Upload the certificate in the X.509 Certificate field.
NotesMake sure the certificate is in one of these formats: based-64 coded .cer, .crt, .cert, or .pem.

Accessing SAML

Prerequisite: Before users can sign in to Zoho via Okta, assign them to the newly configured Zoho app following these instructions
You can access SAML by following the steps below:
  1. Log in to your Zoho account and you will be redirected to Okta for verification.
  2. Alternatively, you can directly log in through your Okta account.
  3. Click the SAML app configured for Zoho and you will be redirected to your Zoho account to sign in. 
Notes
Okta supports only SP-initiated single logout (SLO). This means that when users sign out of Zoho, they are automatically logged out of Okta. However, logging out of Okta does not terminate their Zoho session. For more details on how Okta SLO works, click link.

Steps to configure SLO 

Follow the steps given below to configure SLO:
  1. Go to SAML Authentication at accounts.zoho.com, then click Edit.

  2. Copy the Sign-in URL, replace the sso part of the URL with slo, then enter it in the Sign-out URL field. Example:
    1. Sign-in URL: https://zylker.okta.com/app/zylker_app_1/exkewk79Kq4696/sso/saml
    2. Sign-out URL: https://zylker.okta.com/app/zylker_app_1/exkewk79Kq4696/slo/saml
  3. Scroll down and enable Single logout and Generate key pair.
  4. Click Submit after ensuring the X.509 certificate is re-entered, if required.
  5. Click Download in the top-right corner and tick Metadata.
  6. Open the zohometadata.xml file using a browser or text editor. From the metadata file, copy the Single logout URL and the Entity ID.
  7. Go to the General tab and click Edit next to SAML settings.
  8. Click Next to move to Configure SAML.
  9. Click Shown Advanced Settings below the General fields.
  10. Select the check box Allow application to enable Single Logout.
  11. Enter the copied SLO URL in the Single Logout URL field.
  12. Enter the Entity ID in the SP Issuer field.
  13. Click Browse next to Signature Certificate, then browse for and select the previously downloaded logoutcertificate.pem file.
  14. Click Upload Certificate, Next, and finally Finish.
To handle any other errors while signing in using SAML, refer to our troubleshooting tips.


    • Related Articles

    • Enhancing customer account security with multi-factor authentication for MSPs

      MSPs can enhance the security of their customers' accounts by enabling multi-factor authentication (MFA), which generates time-sensitive one-time passwords (OTPs) that refresh every 30 seconds. This provides an additional layer of protection against ...

    • How to set the PHP path during agent installation?

      This is only applicable to the agent versions 4.2 and above. For Linux Step 1: Download the installation script. wget -O InstallAgentPHP.sh https://staticdownloads.site24x7.com/apminsight/agents/AgentPHP/linux/InstallAgentPHP.sh Step 2: Set your PHP ...

    • Set thresholds for plugins

      As soon as a plugin monitor is added in your Site24x7 account, a default threshold and availability profile will be created. But no threshold limit value will be set, unlike for a server monitor. The user can then go to Admin > Configuration Profile ...

    • Secure my Site24x7 account using Two Factor Authentication

      The Two Factor Authentication is a 2 step verification process before you are authorized to log in to your Site24x7 account. It thus adds an additional layer of security to your Site24x7 login process. At the organization level, Login to your ...

    • Validating sender email using DKIM authentication

      What is DKIM? DomainKeys Identified Mail (DKIM) is an advanced authentication method used widely by email service providers to verify the email from the point of its origin by validating the email sender. It allows the email senders to authenticate ...