Enable SSO for Zoho

Overview

This guide explains how to configure Zaperon Single Sign-On (SSO) for Zoho applications. After setup, users can log in to Zoho services without entering passwords.

Zaperon SSO uses the SAML 2.0 authentication protocol, an industry-standard method for secure identity verification between an Identity Provider (Zaperon) and a Service Provider (Zoho). Once configured, Zaperon becomes the authentication authority for Zoho logins.

Benefits:

Passwordless access to Zoho applications
Centralized identity verification — only authorized users can log in
Device posture verification — access is allowed only from approved and compliant devices
Improved security with reduced risk of credential theft
Simplified user management for administrators

Zaperon validates the user’s identity and security posture before granting access to Zoho, ensuring that only trusted users on authorized devices can use the applications.

When Should You Enable Zoho SSO?

Enable Zoho SSO if:

You want users to sign in using a single corporate identity.
You use Zaperon as your primary access and authentication layer.
You want to enforce MFA, device posture, or access policies before Google Workspace access.
You need centralized visibility and control over user authentication.

Zoho SSO is recommended for organizations using Zoho Workplace or Zoho Directory.

Prerequisites

To enable Single Sign-on for Zoho Apps, SAML Authentication configuration to be done in Zoho Accounts.

Before configuring Zoho SSO, ensure that you have:

Administrator access to Zoho Admin Console
Administrator permissions in your application
A verified domain in Zoho
Access to configure SAML or OIDC settings
Your application’s Entity ID and ACS (Assertion Consumer Service) URL
Redirect URI and client credentials (for OIDC, if applicable)

Steps to Enable SSO for Zoho

Note: The steps below remain unchanged and should be followed exactly as listed in your configuration guide.

A. Configuration in Zoho Account

A.1. Login to Zoho Account. Go to Organization > SAML Authentication to add SAML settings. Click on Download Metadata and open the file.

A.2. Right click on the downloaded metadata file and open with notepad or any other text editor, then copy Entity ID and ACS URL from the downloaded metadata. These will be used to add Zoho application in Zaperon. Refer to section B.3.

B. Add Application in Zaperon

B.1. In the Admin Dashboard, click Application > Add Application.

B.2. Search for Zoho in application catalogue and select the app.

B.3. Enter details in SAML settings and click Next.

B.4 . In Attribute Mapping tab, select in SAML Attribute Format value as Email Address and User Attribute value as Business Email for Name ID SAML Attribute and click Next. A new custom attribute can be created by clicking on Add Custom Attributes button.

B.5. In Event Tracking tab, click Add Resource to enable tracking of different events of applications. For more details on event tracking Refer to this section. and click Submit.

B.6. A Single Sign-on Configuration popup will appear. Copy Sign-in URL, Sign-out URL and download certificate. These will be used to configure SAML in Zoho Accounts. Follow instructions in section A.3.

B.7. You will see Zoho app has been added in the applications table.

C. Get Metadata from Zoho

C.1. Click on Setup Now and click Submit after entering all the details.

D. Enable partial SSO in Zoho

D.1. Login to your Zoho Directory and click Admin Panel in sidebar.

D.2. Click Groups in sidebar and then click Add Group.

D.3. Enter group name and then click Continue.

D.4. Add members/users you want to exclude from SSO and then click Create Group.

D.5. Click on Security in sidebar > click on Routing Policies tab and then click + Add Policy.

D.6. Enter policy name and assign group and then click on Next.

D.7. Enable Indenty provider toggle and then click Next. Enable Password toggle If you want to add those users who are not in SAML.

D.8. Finally click Add to save.

Testing & Validation

After completing the configuration:

Assign a test user to the Zoho SSO application
Initiate login from your application or Zoho portal
Confirm the user is redirected to Zoho and successfully authenticated
Verify that the user profile is created or mapped correctly
Ensure required attributes such as email and name are received

Successful authentication confirms that Zoho SSO is working as expected.

Manage Application

Once an application is added in Zaperon, you can manage it throughout its lifecycle without reconfiguring the integration.

Use the following options to update settings, control access, or remove the application when it is no longer required:

→ Refer to Edit an Application.

→ Refer to Enable application event tracking.

→ Refer to Delete an Application.

Summary

Enabling SSO for Google Workspace with Zaperon simplifies authentication, strengthens security, and provides centralized access control without impacting user productivity. By combining SAML-based SSO with Zaperon’s policy enforcement and visibility, organizations gain a scalable and secure authentication framework for Google Workspace.

Google Sites

Report abuse