Overview

AuthX integrates with Security Assertion Markup Language (SAML) to add two-factor authentication to Zoho login. This SAML integration works for different web services

System Requirements

AuthX Authentication for server operating systems.

Server

• Windows Server 2012

• Windows Server 2012 R2

• Windows Server 2016

• Windows Server 2019

AuthX Factor Support

AuthX for SAML support these factor types for 2FA:

• Push

• TOTP

• Face

• Pin

• Phone SMS

• Phone Call

• Email

• Fingerprint

• RFID

• Hardware Token

Configuration Steps on AuthX & Zoho

Pre-Requisite

1. Make sure to have an AuthX account, you can signup here https://admin.authx.com/signup

2. Make sure to have an Zoho account, you can signup here Zoho Accounts

   1. The email id which we are using while account creation should be an Active user (same email ID) in AuthX portal, Zoho Login & OKTA portal

AuthX Admin portal – Zoho application creation steps

1. Login to AuthX Admin portal.

2. Navigate to the Applications tab

3. Click Protect Application and select Protect for Zoho

4. Provide your inputs on the Application Name, Access Management Options, Domain Name, Cookies Expiry

   

   1. Application name – Random characters allowed

   2. Access Management Options

      1. SSO with AuthX Identity

         1. Login using AuthX Registered Email address and password followed by the authentication factor enrolled for the user

      2. SSO with 3rd party Identity Provider

         1. Login using configured 3rd party SAML identity provider

      3. SSO with MFA for 3rd Party Identity Provider

         1. Login using configured 3rd party SAML identity provider followed by authentication factor enrolled for the user in AuthX

      4. Passwordless SSO with AuthX Identity

         1. Use any of the enrolled authentication factor in AuthX to access the application

   3. Domain Name

      1. Input your domain details here

   4. Cookies Expiry

      1. Select any options listed here

         1. One time

            1. On every login, user to provide the Username & Password while login

         2. 8 hours

            1. Every 8 hours, user to provide the Username & Password while login

         3. One day

            1. Every 24 hours, user to provide the Username & Password while login

         4. Max (7days)

            1. 7 days once, user to provide the Username & Password while login

   5. Save the application

Zoho Configuration

1. Login to Google Admin account, Zoho Accounts using admin credentials

2. Select Organization from the menu , Choose SAML authentication Tab and Edit the SAML authentication

   

3. On SAML authentication Edit following window opens.

   

4. For Signin page URL, Change passwordURL, Signout page URL & X.509 Certificate details, do the following

   1. Copy paste the Signin URL and Signout URL from AuthX Admin portal mentioned in AuthX Admin portal – Zoho application creation steps → Step 4 (Note- Signin URL itself is used for Change password URL)

      

   2. Go to AuthX Admin Portal-> Settings-> Certificate Management and download the certificate

      

5. Select Zoho Service as Zoho One, tick Do you need a sign out response and later click on Configure

   

6. Logout from Zoho Admin account

SAML as IDP – Zoho (SSO with AuthX Identity)

1. Pre-requisite – Make sure your logged out from AuthX Admin and Zoho Admin account

2. Login to AuthX User portal mentioned in Configuration Steps on AuthX & Zoho ->Pre-Requisite → Step 2 a

3. Navigate to Applications → Auth Applications tab

   

4. Launch the Zoho application from here

5. A new tab opens up SAML login

   

6. Login with the user portal credentials here (Mentioned in Launch the Zoho Application-> Step 2 a)

   

7. Use any of the Auth factors to successfully login

   

8. User redirected to Zoho accounts

   

SAML as SP – Zoho (SSO with AuthX Identity)

1. Go to Zoho Accounts

   

2. Login with the Zoho user (Mentioned in Configuration Steps on AuthX & Zoho → Pre-Requisite) and select Sign In another way

   

3. Later choose Sign In with SAML

   

4. Redirects to SAML Login

5. Use the AuthX User portal credentials mentioned in Configuration Steps on AuthX & Zoho ->Pre-Requisite → Step 2 a

   

6. Use any of the Auth factors to successfully login

   

7. User redirected to Zoho accounts dashboard

   

SAML as IDP – Zoho (SSO with 3rd party Identity Provider OKTA)

Application & Okta setup updates

Identity Provider creation

1. Login to AuthX admin portal

2. Navigate to Identity Provider

   

3. Select Add Identity provider

4. Fill in the mandatory details (Mentioned below in OKTA Identity Provider Setup Step 6)

   

5. Set the application status to Active

6. Save the application

OKTA Identity Provider setup

1. Go to https://dev-74176585.okta.com/login/login.htm

2. Login as an Okta Admin account

   

3. Navigate to Applications and select Applications

4. Select AuthX SAML

   

5. Choose Sign On Tab and select View Setup Instructions

   

6. Copy paste the following details in above mentioned Identity provider creation-> Step 4

   1. Identity Provider Single Signon URL,

   2. Logout URL

   3. Identity provider Issuer

   4. Download Certificate

OKTA – AuthX Identity Provider Configuration

1. After the Identity provider application is saved, go to Okta login and navigate to Applications

2. Select Applications and select AuthX SAML

3. Choose General Tab and edit the SAML Settings

   

4. On the General Settings, click Next

   

5. On the Configure SAML page, fill these details “Single sign on URL, Single Logout URL, Audience URI (SP Entity ID), SP Issuer & Signature Certificate” from AuthX Admin portal. Follow the below steps,

   1. Login to AuthX Admin Portal → Identity Provider → Edit the OKTA application (which was created in Identity Provider creation → Step 4)

   2. Click on Download Metadata

      

   3. Open the downloaded metadata file in Notepad and copy paste the Signin & Signout URL in above mentioned Configure SAML → Step 5

      

6. No go back to Configure SAML step and paste the following details,

   1. Single Sign in URL

      

   2. Single Logout URL (Click Show Advanced Settings)

      

   3. Audience URI (SP Entity ID) and SP Issuer field – Update the respective AuthX company hostname

      

   4. Signature Certificate

      1. Go to AuthX Admin portal

      2. Navigate to Settings-> Certificate Management

      3. Download the certificate & upload it here and click on Next

         

   5. Click Finish on the Feedback

   6. Logout from OKTA admin account

Zoho application updates in AuthX admin portal

1. Login to AuthX Admin portal and navigate to Applications

2. Edit Zoho application

3. In the Access Management options, choose ‘’SSO with 3rd party identity provider’’

4. Select the Gateway

   

5. Save the application

6. Logout from AuthX Admin portal

Launch Zoho application as IDP

1. Pre-requisite – Make sure your logged out from AuthX Admin, Zoho portal & Okta Admin account portal

2. Now Login to AuthX User portal with user credentials mentioned in Configuration Steps on AuthX & Zoho ->Pre-Requisite → Step 2 a

3. Navigate after successful login, it redirects to Okta login

   

4. Now input the OKTA user credentials and sign in

5. Redirects to AuthX user Confirm Identity page

   

6. Use any of the Auth factors to successfully login

7. User redirected to AuthX user portal-> Applications page

8. Now go to Auth Applications tab and launch Zoho application

   

9. A new tab opens up SAML login

   

10. Login with the user portal credentials here (Mentioned in Launch the Zoho Application-> Step 2 a)

11. Use any of the Auth factors to successfully login

    

12. User redirected to Zoho dashboard

    

SAML as SP – Zoho (SSO with 3rd party Identity Provider OKTA)

1. Go to Zoho Accounts

   

2. Login with the Zoho user (Mentioned in Configuration Steps on AuthX & Zoho → Pre-Requisite) and select Sign In another way

   

3. Later choose Sign In with SAML

   

4. Login with the Zoho user (Mentioned in Configuration Steps on AuthX & Zoho → Pre-Requisite)

5. Redirects to Okta login

   

6. Now input the OKTA user credentials and sign in

7. Use the AuthX User portal credentials mentioned in Configuration Steps on AuthX & Zoho ->Pre-Requisite → Step 2 a

   

8. User redirected to Zoho accounts dashboard

   

SAML as IDP & SP – Zoho (SSO with MFA for 3rd party Identity Provider OKTA)

1. Follow the steps mentioned in https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2846753311/SAML+Configuration+for+Zoho#SAML-as-IDP—Zoho-(SSO-with-3rd-party-Identity-Provider-OKTA) and https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2846753311/SAML+Configuration+for+Zoho#SAML-as-SP—Zoho-(SSO-with-3rd-party-Identity-Provider-OKTA)

2. On Zoho login, after the User credentials input additionally it will ask for AuthX Confirm Identity

SAML as IDP & SP – Passwordless SSO with AuthX Identity

1. Follow the steps mentioned in https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2846753311/SAML+Configuration+for+Zoho#SAML-as-IDP—Zoho-(SSO-with-AuthX-Identity) and https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2846753311/SAML+Configuration+for+Zoho#SAML-as-SP—Zoho-(SSO-with-AuthX-Identity)

2. On Zoho login, after the Email address input it will skip the Password option & redirect to Zoho accounts dashboard