SAML Single Sign-On (SSO) in Zoho Desk (SP) | TYPO3 – Zoho Desk SSO Login

Zoho Desk SAML Single Sign-On (SSO) with TYPO3 as SAML IdP . TYPO3 SAML IdP extenstion gives you the ability to use your TYPO3 credentials to login into Zoho Desk (SP). Here we will go through a step-by-step guide to configure SSO between Zoho Desk as SP (Service Provider) and TYPO3 as IDP (Identity Provider).

Pre-requisites: Download and Installation

1. Installing SAML IDP extension in TYPO3

• Download the zip file of the SAML IDP extension from TYPO3 marketplace
• Go to your TYPO3 backend, and click on Extensions section at the left side of your screen.
• Upload the zip file, as represented in the below image or you can unzip the plugin zip into 'Typo3 root folder/typo3conf/ext' directory.

• Now search for the "miniOrange SAML IDP" in Installed extensions section and activate the extension by clicking on activate button.

• After installation, click on the newly installed extension "miniOrange SAML IDP extension" for TYPO3 SSO and login with your registered miniOrange credentials.
• After entering username and password you will require license key to proceed further if you are a premium customer. (You will get this key from the miniOrange team. After entering license key, you can activate the license and proceed further.)
• If you are not a premium customer you can direcly login submitting miniOrange credentials.
• After successful login, you can see the details related to your account.
• Now you are ready to configure your Service Provider. But, it's important to integrate frontend first.

2. Integrate extension with TYPO3

• Now you have to design your frontend by left clicking on the Home tab then click on New Subpage

• You need to add STANDARD page within the HOME page.
• Enter the Standard Page name as: FESAML.

• Click on FESAML Page and click on Add content. Go to plugins and add FESAML Plugin.

• Navigate to plugin tab and select FESAML plugin. Add website users in Record Storage Page and save the settings.

• If you need to make changes in URL segment, which will also be your initial SSO URL, right click on FESAML page, select edit and click on "toggle URL" button to set URL according to your way.

• Also, you must create at least one group as TYPO3 doesn’t allow to create users unless there’s one usergroup at least.
• To create group go to list tab from the left panel, click on Website users folder and hit the "+" button at the top of the screen.

• Now select Websiteuser group ? from the list.

• Insert Group Name in group title section and click on Save button at the top. User group will be created.

• You can also create a SSO button on login page. Click on Home, proceed to the +Content option.

• Switch to Special elements tab and select Plain HTML.

• Here what you will be doing is, you are adding SSO login button, URL in the button section will be of FESAML Standard Page.
• The code snippet to do so is mentioned in the given image. Enter the code and hit the Save button at the top.

• Now you can configure plugin in the backend.

Steps to configure Zoho Desk SAML Single Sign-on ( SSO ) Login into TYPO3

1. Configure TYPO3 as Identity Provider

• In the miniOrage SAML Identity Provider extension, go to SP Settings tab of the extension.
• Provide the required settings (i.e. Service provider name, SP Entity ID/Issuer, ACS URL, Relaystate) find to your Service Provider Zoho Desk and click on Save button to save your configuration.

2. Configure Zoho Desk as SP

• Log in to Zoho Accounts as an administrative user at Zoho.

• Navigate to Zoho Desk dashboard.
• Now click on Setting icon () in the top bar.

• Under the Channels menu, select Help Center.
• Choose the Help Center where you want to use SAML to authenticate users .

• Under the Help Center sub-menu, select User Authentication .

• Provide the following information on the SAML page:
  • Remote Login URL: Enter the remote login URL of TYPO3 IDP where Zoho Desk will redirect your end users when they login to the Help Center. (i.e SAML Login URL from Identity provider tab in TYPO3 IDP plugin)
  • Remote Logout URL: Enter the remote logout URL of TYPO3 IDP that Zoho Desk will redirect your end users when they attempt to log out of the Help Center. (i.e SAML Login URL from Identity provider tab in TYPO3 IDP plugin)
  • Reset Password URL: Enter the reset password URL of TYPO3 IDP where Zoho Desk will redirect your end users when they try to change their password for the Help Center.(i.e IDP-EntityID / Issuer from Identity provider tab in TYPO3 IDP extension)
  • Public Key: Upload the Public X.509 certificate in the .txt or .pem format. We will use the public key contained in the certificate to verify that TYPO3 Identity Provider has issued all received SAML authentication requests. (X.509 Certificate from Identity provider tab in TYPO3 IDP plugin)
  • Algorithm: Select an algorithm between RSA and DSA using which your TYPO3 IDP generated the public keys and certificates.
• Click on Save button.

• Before clicking Save, you'll see new fields (like Help Center SAML Request URL, etc.) and values listed. Copy those values over to TYPO3 as identity provider to ensure that TYPO3 IDP is capable of communication with your SAML-enabled Zoho Desk.

3. SSO Testing

• Open a new browser or private incognito window and enter your Zoho Desk URL, which will redirect you to the TYPO3 login screen.
• Enter your TYPO3 credentials and click the log in button.
• If you are redirected to your Zoho Desk start page and successfully logged in, your configuration is correct.

Additional Resources

• What is Single Sign-On (SSO)?
• What is SAML?
• TYPO3 SAML Single Sign-On (SSO)
• TYPO3 OAuth Client Single Sign-On (SSO)
• Frequently Asked Questions (FAQs)

If you are looking for anything which you cannot find, please drop us an email on info@xecurify.com