Zoho Directory in Orchestly

Zoho Directory in Orchestly

What is Active Directory? 

Active Directory (AD) by Microsoft is a domain management system for centralized networks. Using AD, you can add users, define their privilege, store and manage information, and authorize and authenticate user accounts. 

What is Zoho Directory? 

Zoho Directory (ZD) is a centralized user directory that initiates synchronization of user accounts and passwords stored in your AD account. This way, all the user data can be organized and maintained in a common directory.
 

Note:
  1. Only the administrator can perform the synchronization between AD and ZD. 
  2. As it is a one-way synchronization, the data in your LDAP server never gets altered. 
  3. ZD initiates a scheduled synchronization and is always secure. 

Access Privilege


Only the organization's administrator can perform synchronization using Zoho Directory. 
Admin and Service Admin users will be able to access Zoho Directory.

How does it work? 

ZD uses Lightweight Directory Access Protocol (LDAP)  for synchronizing user data. A query is sent via LDAP to your Zoho account to compare the user data in AD and ZD accounts. A sync is initiated to balance the user accounts in Zoho with that of AD.
  

General requirements   

  1. An Orchestly account.
  2. Domain name of your company.

System requirements 

  1. Before installing Zoho Directory, there are a few system requirements to be met:
  2. Browser - Internet Explorer 9 or above.
  3. Operating System - Windows 7 or above.
  4. Microsoft C++ Runtime redistributable 2010 or higher.
  5. .NET Framework 4.0 and above. If a higher version is installed, make sure that .NET Framework 4.0 is also installed in PDC and the local system.
  6. Administrative privilege for the entire domain. We recommend a network connection to your Zoho domain with no proxy or firewall.
  7. A minimum of 512 MB RAM is required. If your company has more than 10k employees, a RAM of 1GB or higher will help in a faster sync.

Initializing Zoho Directory 

Associate account and users  

  1. Navigate to   and select  Users from the left panel.
  2. Navigate to the  Zoho   Directory tab and click  Sync .
    1. Zoho Directory (directory.zoho.com) will open in a new tab.



  3. Click  Get   Started .
  4. To associate your account and users with ZD, click  Yes ,  Associate 
    1. Once your account is associated, a success message will be displayed.
  5. Click  Manage   Application  to manage users in your organization.  


SAML Authentication

SAML (Security Assertion Markup Language) allows users to log in using a single sign-on setup. 
 
To configure SAML authentication: 
  1. In the Zoho Directory page, select  Organization from the left panel.
  2. Click the  Setup button.
  3. Configure the details and click  Save 



Verify your domain 

Before installing ZD, you will have to add and verify the domain name of your company. 
  1. In the Zoho Directory page, select  Domains from the left panel.
  2. Click the  Add   Domain button.
  3. Enter the domain name of your company.
  4. You can verify your domain using TXT or CNAME methods. Follow the mentioned steps and click the  Verify button to initialize verification. 


Download the tool 

Once the domain is verified, you can download the Zoho Directory Sync tool. 

In the Zoho Directory window:
  1. Select  Active   Directory from the left panel.
  2. Click  Download .


The Zoho Directory sync file named  ZohoDirectorySync.msi will be downloaded.
 
Once the download is complete, run the application and follow the steps mentioned in the installation wizard to install the tool to your machine.

Steps to install Zoho Directory

1.  Installation 

Once the sync tool is installed, a Welcome window will be displayed. Click  Next to proceed.



2.  Zoho Settings 

  1. Click the  Authorize with Zoho button.



  2. The new window will be redirected to accounts.zoho.com, where an OAuth token will be generated. This token can be used to handle further requests.
Upon successful login, the admin and organization details will be displayed in the tool. 




Note:
  1. Only users with permission to use Admin Console (Admin user) will be able to install the tool.
  2. If there is an error connecting with the server, you may have to authorize using proxy settings.
  3. The current admin of the organization will have ownership and authorization privilege of Zoho Directory Sync. To change admin privileges, the current admin will have to  Re-Authorize the ownership to the new admin.

3.  LDAP Credentials 

  1. Fill in the domain details and click  Add .
    1. Domain Controller names must be comma-separated and fully qualified.
  2. A list of domains will be displayed. 
    1. You can include your domain by clicking the  Add   Domain  button. 


4.  Sync Preferences 

Synchronization rules can be set here. This section spans further into four different sub sections.  

4.1  Filter OUs/Users 

  1. Click  Add OU's  to add organizational units. 
  2. Fill in the details and click  Submit .
    1. You can choose single or multiple DNs to apply the query. 



4.2  Exclusion Rules 

You can add rules based on criteria here. This rule will be taken into account when synchronization takes place.
  1. Click  Add Rule .
  2. Fill in the details and click  Submit .

4.3  Attribute Definition 

You can select attributes here. The synchronization will take place based on the configured attributes.
To edit an attribute:
  1. Hover over an attribute and click  .
  2. Make the required changes and click  Save .

4.4  Sync Settings  

Sync settings allow you to configure the action to be done when accounts are deleted or disabled from the LDAP server. Enter the details and click  Save .




5.  Directory Sync 

Directory sync allows you to choose users or groups that needs to be included in the sync.
  1. Users to update: Users updated in the LDAP server are listed here. Click to  Sync  the attributes with ZD.
  2. Users to create: New users from LDAP results are listed here. Choose the users to be added to ZD, then click  Sync .
  3. Users to disable: Users not available in the LDAP results are listed here.

  1. Groups to update: Groups updated in the LDAP server are listed here. Click to  Sync the attributes with ZD.
  2. Groups to create: New users from LDAP results are listed here. Choose the users to be added to ZD, then click  Sync .
  3. Groups to disable: Groups not available in the LDAP results are listed here.


6.  Password Sync 

Password Sync allows end-users to have a single identity, subject to a single password policy, across various systems and applications. 
 

Requirements :
  1. The Password Sync tool must be installed on all the domain controllers in a domain including the primary domain controller.
  2. The domain controllers must have been a Full installation instead of a Server Core installation.
  3. The domain controllers must have the Microsoft .NET Framework 2.0 or 3.5 profile installed. Even if you have a higher version, please make sure you have .NET Framework 2.0 or 3.5 is also installed.
  4. Make sure the Message Queuing service is enabled and running before starting the installation of the password sync tool.

If users were added before installing the Password Sync agent, default passwords will be given to them. Users can initially log in using the default password, which can be changed later. 
 
Once the Password Sync agent is installed, the passwords of the newly added users will be synchronized with the Active Directory. However, the passwords of the existing users will not be read. 
 
All user passwords can be synced only if the users change their account passwords. The new passwords get synced with the Active Directory.

7.  Schedule Sync 

You can set the frequency in which the sync must be scheduled. The sync will be triggered automatically in the configured sync interval. 



8.  Reports 

Reports list the history of all the synchronizations. Status of every synchronization can be viewed here. In case a sync fails, you can retry the action. 



9. Settings 

You can customize proxy settings here.



Troubleshooting 

  1. Zoho Directory supports only one account for each user. Even if a user is a part of multiple organizations in Orchestly, user data in the directory can hold only a single organization's details. 
  2. Orchestly service for an organization in ZD can be handled only by a single user (preferably Admin). Once a user is a part of an Orchestly service in ZD, they will be linked with the current Orchestly organization. For users part of multiple organizations, an error will be encountered if more than one Admin tries to sync the user's data. 

    • Related Articles

    • Orchestly for Zoho Cliq

      Zoho Cliq is a team communication application that simplifies collaboration and promotes organized conversations in the workplace. Benefits of the Extension By integrating Zoho Cliq with Orchestly, users can create new jobs and work on them ...

    • Zoho Sign for Orchestly

      Zoho Sign lets you add electronic signatures to your business documents. You can either sign the documents yourself or send it out to others for signatures. Requirement: User must have accounts in both Zoho Sign and Orchestly.  Business Scenarios ...

    • What is Zoho Directory?

      Zoho Directory (ZD) is a centralized user directory that synchronizes user accounts and passwords stored in your Microsoft's Active Directory (AD) account. Once you configure Orchestly with ZD, all the user data stored in your organization will be ...

    • Orchestly extension guide

      Orchestly allows users to develop customized solutions for different business requirements. These extensions are then hosted on Zoho Marketplace where the users can install and use it.  Overview Orchestly uses ZET (Zoho Extension Toolkit) framework ...

    • Overview of Orchestly

      Every business runs on hundreds of processes, and even with technology improving every day, most of those operations are still performed manually. Take the case of Helen, the head designer at her company. Helen and her team handle brochure, UI ...