Accessing Zoho via Microsoft Entra ID using SAML
By configuring SAML based SSO with Microsoft Entra ID, you can let your users sign in to Zoho using their Entra ID credentials.
Required items from Microsoft Entra ID
You will need the following items from Microsoft Entra ID to configure SAML in Zoho. You can follow the configuration steps to get these.
- Certificate (Base 64)
- Login URL
- Logout URL
Steps to configure SAML
A. Create an app in Microsoft Entra ID
- Sign in to Microsoft Entra admin center as an admin.
- Under Identity in the left menu, click Applications, then click Enterprise applications.
- Click New application.
- Click Create your own application.
- Enter a name for your application under What's the name of your app?.
- Select Integrate any other application you don't find in the gallery, then click Create. Your app will be created and you will be redirected to the app's page.
B. Configure Zoho details in Microsoft Entra ID
- In a new tab, sign in at accounts.zoho.com.
- Go to Organization from the left menu. If you can't find Organization, click View more.
- Under SAML Authentication, click Download Metadata. A file named zohometadata.xml will be downloaded.
- Open the metadata file using a browser or a text editor.
- From the metadata file, copy and save the Entity ID and ACS URL.
- Return to the app's page in Microsoft Entra admin center.
- Click Set up single sign-on under the Getting Started section.
- Select SAML.
- Go to Step 1: Basic SAML Configuration, then click Edit.
- Paste the copied Entity ID in the Identifier field.
- Paste the copied ACS URL in the Reply URL field.
- (optional) In the Relay State field, enter the URL of the app to which users need to be redirected to after signing in. For example, https://mail.zoho.com.
- Click Save.
C. Configure Microsoft Entra ID details in Zoho
- Go to Step 3: SAML Signing Certificate, and download Certificate (Base 64).
- Go to Step 4: Set up {application name}, and copy the Login URL and Logout URL.
- Return to the SAML Authentication page in accounts.zoho.com.
- Configure SAML in your Zoho account using the downloaded certificate and copied URLs from Microsoft Entra ID.
- Paste the Login URL in the Sign-in URL field.
- Paste the Logout URL in the Sign-out URL field.
- Upload the Certificate in the X.509 Certificate field. Make sure the certificate is in one of these formats: based-64 coded .cer, .crt, .cert, or .pem file.
- Click Configure.
Assign users to the app in Microsoft Entra ID
Your users in Microsoft Entra ID can use this newly configured Zoho app to sign in to Zoho. However, before that, you need to assign your users to this app. You can follow the instructions in the following article to assign your users to the app.
Test the SAML configuration
You can test if the configuration is working properly using the following steps as a user in Microsoft Entra ID.
SP-initiated flow:
- Go to your Zoho sign-in page.
- Enter your email address, then click Next. You will be redirected to Microsoft Entra ID for authentication.
- If you are not signed in already, enter your Microsoft Entra ID credentials to sign in. You will now be redirected back to Zoho and will be signed in.
IdP-initiated flow:
- Go to myapplications.microsoft.com.
- Click on the Zoho app you have configured. You will be redirected to Zoho and will be signed in.
Enable single logout (SLO)
Microsoft Entra ID supports both IdP-initiated and SP-initiated single log-out. If you
enable single logout, when your users sign out from Zoho, they will be
automatically signed out from Microsoft Entra ID and vice-versa.
Steps to enable single log-out:
- Sign in to Microsoft Entra admin center as an admin.
- Go to the configured application's page.
- Click Single sign-on in the left menu.
- Go to Step 4: Set up {app name}, then copy the Logout URL.
- Go to SAML Authentication at accounts.zoho.com, then click Edit.
- Enter the copied URL in the Sign-out URL field.
- Scroll down and enable Single logout
- Click Submit. You may need to re-enter the X.509 certificate before this.
- Click Download in the top-right corner, then click Metadata.
- Open the downloaded file using a browser or a text editor, then copy the Single Logout URL present under the tag <md: SingleLogoutService>.
- Return to the Microsoft Entra admin center.
- Click Edit next to Step 1: Basic Configuration.
- Enter the copied Single logout URL in the Logout URL field, then click Save.
If you encounter any errors while signing in using SAML, you can refer to our troubleshooting guide.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Accessing Zoho via AWS using SAML
By configuring SAML-based SSO with AWS, you can let your users sign in to Zoho using their AWS credentials. Required items from AWS: You will need the following items from AWS to configure SAML in Zoho. You can follow the configuration steps to get ...Accessing Zoho via Google using SAML
You can use Google as an identity provider (IdP) to access Zoho applications. Google IdP is a user management platform for Google Apps and services. Required items from Google You will need the following items from Google to configure SAML in Zoho. ...Accessing Zoho via Auth0 using SAML
By configuring SAML based SSO with Auth0, you can let your users sign in to Zoho using their Auth0 credentials. Required items from Auth0 You will need the following items from Auth0 to configure SAML in Zoho. You can follow the configuration steps ...Configure SAML in Zoho Accounts
Note: If you want to configure SAML for Zoho One/ Zoho Directory, you can refer to their respective help documents: Zoho One | Zoho Directory To create a SAML connection between Zoho and your identity provider (IdP), you will need to provide some ...Troubleshoot SAML related errors
Error Message Reason Solution Your organization has configured SAML authentication, please sign in via SAML credentials You cannot sign in to your Zoho account via any linked account, if your organization has mandated you to sign in only through SAML ...
New to Zoho LandingPage?
Zoho LandingPage Resources