Enable SSO for Zoho One

Purpose

Zoho One offers single sign-on via SAML integration with Practice Protect. This provides a seamless login experience to the Zoho One platform using IdP-initiated SSO.

Practice Protect will configure this on your behalf. Please send us an email at support@practiceprotect.com

Prerequisites

• This feature is available only in the Standard and Professional plans of Zoho Subscriptions.
• Active Zoho One account with administrator rights for your organization (Note: this can be your account so you don’t have to pay and create for another license account)
• Admin Access to Practice Protect
• Username/Email for staff should match the login names in Practice Protect.

Instructions

1. Login to your Practice Protect and switch to Admin portal (e.g., mydomain.id.cyberark.cloud)
2. On Core Services, Click on Roles > Add Roles. Create a role and set the name field to Zoho SSO Users. Then Save.
3. With the created role, click on Members > Add. Add each user that will have access to the app. Then Save.
4. From the Apps & Widgets, go to Web Apps section. Then, choose Add Web Apps on the top right corner.
5. Search for Zoho – SAML then next to it click Add. Click Yes to confirm.
6. On the Settings, set your primary domain in the Zoho Domain field (e.g. mydomain.com)
7. Set the Name to Zoho SSO then select Save.
8. Select Trust > Identity Provider Configuration and select Metadata. On the Signing Certificate, click Download. This certificate file will be use later.
9. Copy the Login URL and temporarily save it in Notepad. Click Save.
10. Login to Zoho One with an Admin Account. Go to Settings > Directory > Security. From the Custom Authentication tab, click Add Identity Provider.
11. Follow the below configuration setup.
    • Display Name: Practice Protect SSO
    • Used By: Choose All members
    • Configuration > SSO Protocol: Select SAML
    • Sign-in URL: Paste Login URL from Step 9
    • Change Password URL: Paste your Practice Protect Login URL (ex. https://mydomain.practiceprotect.app)
    • Verification Certificate: Upload the certificate downloaded from Step 8
      Note: You can exclude specific users from this integration by ticking the Exclude groups from using this IdP option.
      Before doing so, make sure you’ve created a group in Zoho and added the relevant members. This group will be excluded from the SSO integration.
12. From the Configuration section, copy the ACS URL. This will be used in Zoho app added in Practice Protect.
13. Click Save. On Add IdP warning prompt, hit Add. Important! This will enable SSO Integration. Organization owner can still sign in using their Zoho One login details.
14. Return to Practice Protect > Web Apps > Zoho SSO app. Select Trust > Service Provider Configuration > Manual Configuration. 
15. Enter the SP Entity ID / SP Issuer / Audience based on your country location
    • United States – https//zoho.com
    • Australia – https://zoho.com.au
16. paste the URL  copied from Step 12 to Assertion Consumer Service (ACS) URL field. Hit Save.
17. Proceed to SAML Response > Custom Logic. Replace line 3 with the below:

    var samlACS = “pastetheACSURLfromStep12”;

    
18. (Optional) If you wish to redirect users on a different landing page. Add the below:

    var homepage = “putyourlandingURLhere”;
    setRelayState(homepage);

    
19. Click Save.
20. On Permissions section, click Add. Select the role created from Step 2 (e.g. Zoho SSO Users)
21. You can now use the Zoho SSO tile on your Practice Protect User Portal to sign in to it automatically. SSO integration is now completed.