Accessing Zoho via ADFS using SAML

Accessing Zoho via ADFS using SAML

Active Directory Federation Services( ADFS ) is a Single Sign On solution created by Microsoft. ADFS manages authentication through a proxy service hosted between Active Directory (AD) and the target application. You must obtain the login URL, logout URL and the certificate from ADFS.
  1. Log in to the ADFS 3.0 server and open the management console.
  2. Right-click Service in the left-pane menu and choose Edit Federation Service Properties.
  3. Under General, make sure that your DNS entries and certificate names are correct.
  4. Using your Federation Service name, use a browser and go to
    The login URL and logout URL are present in the XML file as SingleSignOnService and SingleLogoutService tags
  5. Export the Token-Signing certificate:
    1. Right-click Certificate in the left-pane menu and click View Certificate.

    2. Select the Details tab.
    3. Click Copy to File. The Certificate Export Wizard will open.

    4. Click Next. Ensure the No, do not export the private key option is selected, and then click Next.
    5. Select Base-64 encoded X.509 (.cer), then click Next.

    6. Choose where to save the file and name it. Click Next.
    7. Select Finish. The instance requires that this certificate be in .cer or .pem format.
  6. Configure Single Sign-On URL and Entity ID URLs at Zoho.

Submit metadata at ADFS

Add a Relying Party Trust

  1. Under Trust Relationships in the left-pane menu, right-click Relying Party Trusts and select Add Relying Party Trust. This will open the Add Relying Party Trust Wizard.

  2. On the Select Data Source screen, select Enter data about the relying party manually.
  3. On the Specify Display Name screen, enter as the display name.
  4. On the Choose Profile screen, select AD FS profile.
  5. On the Configure URL screen, check the Enable Support for the SAML 2.0 WebSSO protocol.
  6. Enter the ACS URL present in the metadata file you downloaded from Zoho in the Relying Party SAML 2.0 SSO service URL text box.

  7. On the Configure Identifiers screen, enter as the Relying Party Trust Identifier.
  8. On the Configure Multi-factor Authentication Now screen, choose I do not want to configure multi-factor authentication settings for this relying party trust at this time.
  9. On the Choose Issuance Authorization Rules screen, select the Permit all users to access this relying party radio button.
  10. The wizard will display an overview of your settings on the next two screens. On the final screen, click Close to exit and open the Claim Rules editor.

Creating Claim rules

You can create claim rules once the relying party trust is created. By default, the claim rule editor opens once you create a trust.
  1. Click Add Rule to create a new rule. This will launch the Add Transform Claim Rule Wizard.

  2. On the Choose Rule Type screen, select Send LDAP Attributes as Claims in the drop-down menu. Click Next.
  3. On the Configure Claim Rule screen:
    1. Enter a Claim rule name.
    2. Choose Active directory from the drop-down menu for the Attribute Store.
    3. On the LDAP Attribute column, choose E-Mail Addresses from the drop-down menu.
    4. On the Outgoing Claim Type column, select E-Mail Address from the drop-down menu.
  4. Click Finish to save the rule.

  5. Create another claim rule and select the Transform an Incoming Claim template.
  6. On the Configure Claim Rule screen:
    1. Enter a Claim rule name.
    2. Choose E-Mail Address as the Incoming claim type from the drop-down menu.
    3. Select Name ID as the Outgoing claim type from the drop-down menu.
    4. Select Email as the Outgoing name ID format.
  7. Select the Pass through all claim values radio button
  8. Click Finish to create the claim rule.

  9. If you have selected Do you need Logout Response? at Zoho:
    1. Download the logout certificate from Zoho Accounts in the SAML Authentication section under Settings.
    2. Go to Relying Party Trust under Trust Relationships and select
    3. Go to Endpoints on the top navigation bar and click Add.
    4. Select the Endpoint type as SAML Logout.
    5. Enter the logout URL generated from the metadata file you downloaded from your Zoho account.
    6. Go to Signature on the top navigation bar and click Add.
    7. Upload the logout certificate.
    8. Go to Advanced on the top navigation bar.
    9. Select the Secure hash algorithm as SHA-256.

    Zoho CRM Training Programs

    Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

    Zoho CRM Training
      Redefine the way you work
      with Zoho Workplace

        Zoho DataPrep Personalized Demo

        If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

        Zoho CRM Training

          Create, share, and deliver

          beautiful slides from anywhere.

          Get Started Now

            Zoho Sign now offers specialized one-on-one training for both administrators and developers.

            BOOK A SESSION

                                    You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.

                                        Manage your brands on social media

                                          Zoho Desk Resources

                                          • Desk Community Learning Series

                                          • Digest

                                          • Functions

                                          • Meetups

                                          • Kbase

                                          • Resources

                                          • Glossary

                                          • Desk Marketplace

                                          • MVP Corner

                                          • Word of the Day

                                            Zoho Marketing Automation

                                              Zoho Sheet Resources


                                                  Zoho Forms Resources

                                                    Secure your business
                                                    communication with Zoho Mail

                                                    Mail on the move with
                                                    Zoho Mail mobile application

                                                      Stay on top of your schedule
                                                      at all times

                                                      Carry your calendar with you
                                                      Anytime, anywhere

                                                            Zoho Sign Resources

                                                              Sign, Paperless!

                                                              Sign and send business documents on the go!

                                                              Get Started Now

                                                                      Zoho TeamInbox Resources

                                                                              Zoho DataPrep Resources

                                                                                Zoho DataPrep Demo

                                                                                Get a personalized demo or POC

                                                                                REGISTER NOW

                                                                                  Design. Discuss. Deliver.

                                                                                  Create visually engaging stories with Zoho Show.

                                                                                  Get Started Now

                                                                                                      • Related Articles

                                                                                                      • Accessing Zoho via Google using SAML

                                                                                                        You can use Google as an identity provider (IdP) to access Zoho applications. Google IdP is a user management platform for Google Apps and services. Required items from Google You will need the following items from Google to configure SAML in Zoho. ...
                                                                                                      • Accessing Zoho via Auth0 using SAML

                                                                                                        By configuring SAML based SSO with Auth0, you can let your users sign in to Zoho using their Auth0 credentials. Required items from Auth0 You will need the following items from Auth0 to configure SAML in Zoho. You can follow the configuration steps ...
                                                                                                      • Accessing Zoho via AWS using SAML

                                                                                                        By configuring SAML-based SSO with AWS, you can let your users sign in to Zoho using their AWS credentials. Required items from AWS: You will need the following items from AWS to configure SAML in Zoho. You can follow the configuration steps to get ...
                                                                                                      • Accessing Zoho via Microsoft Entra ID using SAML

                                                                                                        By configuring SAML based SSO with Microsoft Entra ID, you can let your users sign in to Zoho using their Entra ID credentials. Required items from Microsoft Entra ID You will need the following items from Microsoft Entra ID to configure SAML in ...
                                                                                                      • Configure SAML in Zoho Accounts

                                                                                                        Note: If you want to configure SAML for Zoho One/ Zoho Directory, you can refer to their respective help documents: Zoho One | Zoho Directory To create a SAML connection between Zoho and your identity provider (IdP), you will need to provide some ...
                                                                                                        Wherever you are is as good as
                                                                                                        your workplace



                                                                                                          Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.


                                                                                                          Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.


                                                                                                          Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.

                                                                                                          CRM Tips

                                                                                                          Make the most of Zoho CRM with these useful tips.

                                                                                                            Zoho Show Resources