This documentation has been tested and approved by Kelvin Zero's team

This documentation provides a step-by-step guide to setting up MPAS as the CIAM passwordless authentication method for your customers. This integration enhances security and improves user experience for your customers.

Once completed, your customers will be redirected to MPAS to authenticate themselves and log into your Help Center.

Depending on your use case, you can set it up for the users to be auto-provisioned (if you use a separate CIAM) or to be done manually.

In order to complete this integration you need to be sure that you are fitting with the prerequisite below : 

Zoho One Account: Admin access

MPAS access: SSO metadata

Domain Verification: Your domain must be verified in Zoho One for SSO configuration.

- On your default dashboard, go on the top right corner close to your profile button and click on the "Gear" 

- Select the application "Desk"

- In the category "Channels" select "Help Center"

- Enter your domain and select "User authentication" on the left

- Now you can choose between SAML and JWT. for the rest of the guide we are going to choose SAML

- to complete this field you need to find the metadata provided by MPAS.

From this point, go on your MPAS Dashboard and complete the different field with the metadata provided by Zoho One

- Select you deployment, and then click on "Admin console"

- Click on "Clients" and click on "Create Client"

- Now you need to complete each field with the right information based on Zoho One and MPAS.

1. Client type - Choose SAML
   
2. Client ID - Check on Zoho One, it is the Entity ID - portal.kzero.com
   
3. Name - zoho
   
4. Description
   
5. Always display in UI - Turn On 

- Click on Next and complete the different fields

1. Home URL - https://ca.auth.kzero.com/realms/global/protocol/saml/clients/zoho
   
2. Valid redirect URIs - based on the link provided by Zoho One
   
3. Valid post logout redirect URIs - https://ca.auth.kzero.com/realms/global/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fdesk.zoho.com%2Fportal%2Fdeccanpl%2F
   
4. IDP-Initiated SSO URL name - zoho 
   

- Complete then next fields accordingly to the next screenshot

- Go on the "Keys" section : 

- Go on the "Advanced" section

Assertion Consumer Service POST Binding URL - Paste the redirect URI

- Finally you need to copy the certificate x509, Paste it on a note and create a file .txt (You will need it on Zoho One) 

- Go back to Zoho One complete the fields and "Save"