Admins can allow users to access multiple cloud applications that support SAML 2.0 configuration right from their account, using single sign-on (SSO) with Zoho Vault. This helps admins enhance their organization's security and simplify user management.
Zoho Vault uses the secure, industry-standard Security Assertion Markup Language (SAML) to make this possible. Zoho Vault currently supports SSO for hundreds of pre-defined, popular applications. Admins can also manually configure SSO for any service provider that supports SAML 2.0, and add them as custom apps.
- Configuring SSO for applications
- Editing the SSO configuration
- Bulk configuration
Configuring Single sign-on for applications
Administrators configure SSO for various applications in Zoho Vault by providing the service provider (application) details and defining the list of Zoho Vault users that can access the applications. Zoho Vault acts as the identity provider (IdP), while the corresponding application acts as the service provider (SP). Users access these applications from the Apps page of their Zoho Vault account, and are directly logged in to their applications, eliminating manual authentication altogether. Follow the steps below to configure Single Sign-On for any application.
- Step 1: Adding the application details
- Step 2: Configuring SAML
- Step 3: Mapping users with the application
Prerequisites
- The application must support SAML 2.0
- The application (service provider) you wish to configure Single Sign-On for should have help documentation that covers SAML-specific information
Adding the application details
- Click Apps, then select Manage Apps.
- Click Add Supported App to instantly configure an app already supported by Zoho Vault. Select Add Custom App to custom configure an application that supports SAML 2.0 with Zoho Vault.
- Upload the SP details using a metadata file, or manually provide the required details described in the Application Settings section below.
- Click Next.
- Application Name - The name of the application.
- Description (Optional) - A short description of the application.
- Default RelayState (Optional) - The URL of the page users will land on after they log in.
- Logo (Optional) - The application's logo.
- Assertion Consumer Service URL - The address where the SAML response will be posted to.
- Single Sign-on URL -The Single Sign-On URL of the service provider (the application's login URL).
- Single Logout URL - The web address where users will be redirected after they log out.
- Audience URI (SP Entity ID) - The Entity ID (Issuer) of your application (SP). You cannot add more than one application with the same Entity ID.
- Certificate - The application's public key certificate to verify the digital signatures.
- Upload SP Metadata File - A file that contains information about the service provider.
- Attribute - Information about users (supports first name, full name, email, and last name)
Configuring SAML
Configure the details of Zoho Vault (IdP) in the application (SP) to set up SSO with the application. You can either copy the required details manually, or download them as a metadata file to upload in the application's setup page. The terminologies you come across in the IdP details screen are explained below.
- Identity Provider Single Sign-On URL - Zoho Vault's login URL, where all user login requests will be redirected
- Identity Provider Single Logout URL: Zoho Vault's logout URL, where all user logout requests will be redirected
- Identity Provider Issuer: Zoho Vault's Issuer
- Identity Provider Certificate: Zoho Vault's public key certificate
- Download Metadata: Optional metadata file to be used if you don't want to configure the IdP details manually
Click Next after configuring the IdP details in the application.
Mapping users with the application
Select the users that can access the application from the next screen.
- Search for and select the list of users that require access to the application.
- Click Save.
Users will now be able to view and log in to the applications they have access to, from the Apps page.
Steps to edit the Single Sign-on Configuration
- Click the Apps tab, then select Manage Apps.
- Click the Edit or Delete icon, depending on your needs.
Bulk Configuration
You can configure single sign-on for multiple apps using More Actions. Read the table below for a list of bulk operations available in Zoho Vault. All bulk operations will be recorded under the Audit tab.
Grant / revoke user access
| Grant or revoke access to multiple apps for users.
- Select your preferred list of applications from Manage apps.
- Select More Actions, click Grant User Access or Revoke User Access, then select the users to grant or revoke the access to apps accordingly.
- Click Save.
|
Enable / disable access to applications
| Select multiple apps and enable or disable access for the entire organization.
- Select your preferred list of applications from Manage apps, then click More Actions.
- Select Enable apps or Disable apps to enable or disable the access to these applications accordingly.
|
| Delete multiple apps from your account.
- Select the applications from Manage apps, click More Actions, then click Delete.
|