Panfactum LogoPanfactum
Infrastructure ModulesAuthentikauthentik_zoho_sso

Authentik SSO with Zoho

authentik_zoho_sso
Stable
Live
Source Code Link

Providers

The following providers are needed by this module:

  • authentik (2024.2.0)

  • kubernetes (2.27.0)

  • random (3.6.0)

  • tls (4.0.5)

Required Inputs

The following input variables are required:

authentik_domain

Description: The domain name of the authentik instance

Type: string

authentik_namespace

Description: The kubernetes namespace where Authentik is deployed

Type: string

media_configmap

Description: The configmap holding the static media that Authentik will use

Type: string

organization_name

Description: The name of your organization

Type: string

zoho_acs_url

Description: The ACS url provided by Zoho when configuring an external identity provider

Type: string

zoho_sign_in_url

Description: The sign-in url provided by Zoho when configuring an external identity provider

Type: string

Optional Inputs

The following input variables are optional (have default values):

allowed_groups

Description: Only members of these groups can access AWS

Type: set(string)

Default: []

ui_description

Description: The description to display in the Authentik web dashboard

Type: string

Default: "Zoho"

ui_group

Description: The section in the Authentik web dashboard that this will appear in

Type: string

Default: "Admin"

zoho_issuer

Description: The issuer provided by Zoho when configuring an external identity provider

Type: string

Default: "zoho.com"

Outputs

The following outputs are exported:

saml_metadata

Description: n/a

Usage

Sign-in URL

For IDP-initiated logins, the zoho_sign_in_url variable must be provided.

This is not found in the Zoho web UI and must be constructed manually.

It is of the form https://accounts.zoho.com/samlauthrequest/<domain>?serviceurl=<zoho_service> where

  • <domain> is a domain that has been verified with Zoho

  • <zoho_service> is the https url of a Zoho service (e.g., https://one.zoho.com)