SAML Authentication

SAML - Security Assertion Markup Language, developed by the Security Services Technical Committee of "The Organization for the Advancement of Structured Information Standards" (OASIS), is an XML-based framework for exchanging user authentication, entitlement, and attribute information. SAML is a derivative of XML. The purpose of SAML is to enable Single Sign-On for web applications across various domains and services.

SAML based Authentication for Zoho

The organization's setup in Zoho can configure and use SAML for the authentication mechanisms. The organization administrator can configure SAML using the SAML URLs and the public key provided by the SAML service they have chosen. The administrator also needs to configure the 'custom URL' for their domain users to log in. 

When a user accesses the custom URL, the user will be redirected to the configured SAML URL for the login and validation. The IDentity Provider (IDP), returns back SAML response specific to the user after login validation. The SAML response will be decoded based on the certificate file uploaded in Zoho. 

If the response indicates successful authentication, the user session is initiated in Zoho. 

SAML Registration Process:

  1. Add and verify your domain
  2. Create users and Email accounts
  3. Configure Custom URL for your domain 
  4. Configure the SAML Authentication in Admin Console

SAML Configuration

The configuration details for the SAML are provided by the third party Identity provider (IDP) or a SAML supported system like Active Directory. 

The parameters required for SAML configuration include:

Login URL: All the Organization users will be re-directed for custom authentication.

Logout URL: The URL has to be re-directed when users are signed-out from Zoho services under SSO.

Change password URL: Identity Providers' password reset URL, which will be called when the user tries to reset the password in Zoho.

Public key: Key used to decode the response message sent by the Identity Provider. Save the Key in a text file and upload it to configure the SAML for the organization.

Login process

Once you have set up the SAML process, with the details provided by the SAML provider, you need to log in using your custom URL for authentication. This will redirect your authentication to your provider automatically.

To log in to your webmail:

  1. Launch your custom URL (mail.yourdomain.com)
  2. This will be redirected to the SAML login page, provided in the configuration. 
  3. The authentication will be validated by the identity provider. 
  4. The Identity provider will provide an encrypted response to Zoho. 
  5. The response will be decoded and will the user will be authenticated if the response returned is 'Success'. 

Note:

When setting up your Zoho Mail account as an IMAP or POP account in any other email client, such as Gmail, Outlook, etc., you should use the Application Specific Password generated for your Zoho account to authenticate the email clients and grant them access to your emails.

PREVIOUS

UP NEXT