1. In PingOne, go to Connections > Applications and click the + icon.

    Screen capture of PingOne application list.
  2. On the New Application page, click Advanced Configuration, and on the SAML line, click Configure.

    Screen capture of PingOne new application advanced configuration.
  3. On the Create App Profile page, enter:
    • Application Name (Required)
    • Description (Optional)
    • Icon (Optional)

      Screen capture of PingOne Create App Profile section with Zoho information filled in.
  4. Click Save and Continue.
  5. On the Configure SAML Connection page, in the Provide App Metadata section, select Manually Enter.

    Screen capture of PingOne SAML connection configuration section with the Manually Enter radio button selected and highlighted in red.
  6. On a separate browser tab, sign on to your Zoho Directory admin account (directory.zoho.com) and go to Security > Custom Authentication, select Setup Now, and note the ACS URL value.

    Screen capture of Zoho security settings with the ACS URL highlighted in red.
  7. Copy the ACS URL value from the previous step, go to your PingOne SSO browser tab, and paste it into the ACS URLS field.

    Screen capture of PingOne configure SAML connection page with the Zoho ACS URLS field highlighted in red.
  8. Input the service provider (SP) data:
    1. Enter the ENTITY ID in PingOne.
      Note:

      This configuration example uses https://directory.zoho.com. See the following table for instructions on which Entity ID to use based on your location.

      Zoho Directory account DC Identifier (Entity ID) Relay state

      US

      zoho.com

      https://directory.zoho.com

      EU

      zoho.eu

      https://directory.zoho.eu

      IN

      zoho.in

      https://directory.zoho.in

      AU

      zoho.com.au

      https://directory.zoho.com.au

      CN

      zoho.com.cn

      https://directory.zoho.com.cn

    2. Update the SUBJECT NAMEID FORMAT to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
    3. In the Assertion Validity Duration (In Seconds) field, enter a value, for example 3600.

      Screen capture of PingOne SP data with values for Zoho entity ID, subject nameID format, and assertion validity highlighted in red.
    4. In the Signing Key, click Download Signing Certificate and select X509 PEM (.crt) for the format.

      You'll need the signing certificate later.


      Screen capture of PingOne signing certificate download button and C509 PEM (.crt) highlighted in red.
  9. On the Attribute Mapping tab, in the SAML Attributes section, map the Outgoing Value for saml_subject to Email Address.
    Note:

    This is the only required attribute for a successful connection.


    Screen capture of PingOne Attribute Mapping section with the Email Address outgoing value highlighted in red.
  10. Click Save and Close.
  11. On the Applications page, next to Zoho Directory, click the toggle to enable the connection.

    Screen capture of Zoho Directory added to PingOne with the toggle highlighted in red.
  12. On the Configuration tab, in the Configuration Details section, note the Single Logout Service and Single SignOn Service values.

    You'll need these to complete the next step.


    Screen capture of Zoho Directory in PingOne with the single logout service and single signon service URLs highlighted in red.
  13. In Zoho, on the Custom Authentication page, paste the Single SignOn Service value from PingOne into the Sign-in URL.
  14. Optional: Paste the Single Logout Service value from PingOne into the Sign-out URL field.

    Screen capture of Zoho Sign-in URL and Sign-out URL highlighted in red.
  15. Optional: If required, enter your site’s password change URL in the Change Password URL field.
  16. In the Verification Certificate section, click Browse and upload the X509 certificate that you downloaded previously.

    Screen capture of Zoho verification certificate.
  17. Click Save to save the connection and complete the set up.
  18. Before testing the integration, you must create and assign identities in PingOne.

    If you’ve already assigned identities and groups in PingOne, start at step 19.

    1. In PingOne, go to Identities Groups and click the + icon next to Groups.
    2. On the Create New Group page, enter values for the following:
      • Group Name (Required)
      • Description (Optional)
      • Population (Optional)
    3. Click Finish & Save.

      Screen capture of PingOne Groups section.
    4. To add identities to the group, on the Identities tab, go to Users > + Add User.