Using Zoho Vault to set up SAML Single Sign-on for Zoho Desk Help Center

Using Zoho Vault to set up SAML Single Sign-on for Zoho Desk Help Center

Security Assertion Markup Language (SAML) is a mechanism used for exchanging authentication and authorization data between applications, in particular, an identity provider (IdP) such as OneLogin, Okta, PingIdentity and a service provider (such as Zoho Desk). You can configure SAML-based single sign-on (SSO) for end users so they can access your Help Center without being prompted to enter separate login credentials.
Notes:
  • SAML single sign-on is not available on the Free edition.
  • Only users with Administrator profiles will be able to manage the SAML settings.
  • SAML authentication will only apply to end user accounts and not to your agent accounts.
  • You can set up either remote authentication or SAML for single sign-on, but not both at the same time.
  • End users cannot self-sign up or change their account password on a SAML-enabled Help Center.

How SAML Works

SAML single sign-on authentication involves a service provider, in this case, Zoho Desk, and an identity provider. When you've enabled SAML, end-user management and authentication are handled through your company's identity provider (IDP). An end user who requests access to the Zoho Desk's Help Center will be redirected to your identity provider for authentication. The identity provider authenticates the end user and in return, generates an authentication assertion, which indicates that a user has been authenticated. On receiving the assertion, the end user is redirected back to your Help Center and then signed in seamlessly. Being a single point of authentication that happens with your trusted identity provider, SAML ensures that your end-user credentials are secure within your company's firewall boundary.

Setting up SAML SSO

The third-party identity provider provides the configuration details for the SAML. Note that you must log in with administrator credentials to set up SAML single sign-on in your Zoho Desk.
  1. Click the Setup icon  ) in the top bar.
  2. Click Help Center under the Channels menu.
  3. Select the Help Center in which you want to authenticate users using SAML.
  4. Click User Authentication under the Help Center sub-menu.
  5. On the SAML page, provide the following details:
    • Remote Login URL: Enter the remote login URL of your IdP where Zoho Desk will redirect your end users when they login to the Help Center.
    • Remote Logout URL: Enter the remote logout URL of your IdP that Zoho Desk will redirect your end users when they attempt to log out of the Help Center.
    • Reset Password URL: Enter the reset password URL of your IdP where Zoho Desk will redirect your end users when they try to change their password for the Help Center.
    • Public Key: Upload the Public X.509 certificate in the text format. We will use the public key contained in the certificate to verify that your identity provider has issued all received SAML authentication requests.
    • Algorithm: Select an algorithm between RSA and DSA using which your IdP generated the public keys and certificates.
  6. Click Save.
Before clicking Save, you'll see new fields (like Help Center SAML Request URL, etc.) and values listed. Copy those values over to your identity provider to ensure that your IdP is capable of communication with your SAML-enabled Zoho Desk.

Disabling SAML SSO

You may go back to using Zoho Desk's built-in authentication, or switch to a different identity provider (IdP), by disabling the SAML configuration. Once you disable SAML, end users will need a Zoho Desk account password to log in to your Help Center. Please keep the following implications in mind as you disable SAML for single sign-on:
  • End users who had a password on your Help Center account before enabling SAML single sign-on can use that to log in.
  • End users who signed up for your Help Center after enabling SAML single sign-on will need to reset their password when they log in the next time.

To disable SAML single sign-on:
  1. Click the Setup icon  ) in the top bar.
  2. Click Help Center under the Channels menu.
  3. Select the Help Center in which you want to disable SAML single sign-on.
  4. Click User Authentication under the Help Center sub-menu.
  5. On the SAML page, click Disable in the upper-right corner of the screen.
  6. Click Continue to confirm your action.

Configuring the Identity Provider

Find the provider-specific instructions listed here, or look up instructions with the identity provider you use.

Zoho Vault

This section describes how to configure Zoho Vault to provide SSO for your Zoho Desk Help Center.
  1. Log in to your Zoho Vault account.
  2. Navigate to Apps  >>  Manage Apps.
  3. Click Add Custom App
  4. In the  Application Settings tab,  provide the following details:
    • Application Name: Provide a name for the application. For example, Zoho Desk.
    • Assertion Consumer Service URL -  Paste the value for SAML Response URL that you copied from the SAML page in Zoho Desk.
    • Audience URI (SP Entity ID) - Enter your Zoho Desk Help Center instance URL (it has the pattern https://support.mycompany.com/ ).
  5. Click Next.
  6. You now need to provide the details of Zoho Vault (IdP) to Zoho Desk (SP).
  7. In the  IdP Details  tab, do the following:

    • Copy the Identity Provider Single Sign-On URL and paste it into the Remote Login URL field in Zoho Desk SAML page.
    • Copy the Identity Provider Single Logout URL and paste it into the Remote Logout URL field in Zoho Desk SAML page.
    • Copy the Identity Provider Issuer and paste it into the Reset Password URL field in Zoho Desk SAML page.
    • Copy the Identity Provider Certificate and save it to a .txt file. Then upload the file into the Public Key field in Zoho Desk SAML page.
  8. Click Next.
  9. In the  Manage App Access tab, select the list of users to whom you wish to give access to the SAML-enabled Help Center.
  10. Click Save.


    • Related Articles

    • Zoho Desk : Insert HTML in Desk Templates

      For a professional look, insert pre-built HTML code to your Zoho Desk Templates. Pre-requisites: Administrator Access to Zoho Desk Pre-built HTML code as required Process: In Zoho Desk, go to the settings cog and open the Settings menu: Go to ...

    • Zoho Desk : Customizing Help Desk Layouts

      Layouts control the organization of fields and related sections on the module page of a department. Each department can have its own layout that consists of both default and custom fields. They also determine which fields are visible, read-only, and ...

    • Zoho Desk : Creating and Using SLAs

      A Service Level Agreement, or SLA, is the standard of service that you agreed to deliver to your customers. The service agreement will represent the response times and the resolution times offered by your agents. Typically an SLA will contain the ...

    • Zoho Projects to Zoho Desk Integration

      Zoho Desk integration with Zoho Projects allows you to submit tickets as issues from within Zoho Desk. Before you begin: Subscribe to the Enterprise edition of Zoho Projects and Zoho Desk. Activate the Zoho Issue Tracker under Setup in Zoho Desk. ...

    • Adding and Managing your Zoho Desk Users

      Adding and Managing your Zoho Desk Users Agents are the persons who handle tickets and work with customer problems. They perform a wide array of actions like responding to customers, editing ticket details, closing tickets, moving tickets between ...