Accessing Zoho via Microsoft Entra ID using SAML
Required items from Microsoft Entra ID
- Certificate (Base 64)
- Login URL
- Logout URL
Steps to configure SAML
A. Create an app in Microsoft Entra ID
- Sign in to Microsoft Entra admin center as an admin.
- Under Identity in the left menu, click Applications, then click Enterprise applications.
- Click New application.
- Click Create your own application.
- Enter a name for your application under What's the name of your app?.
- Select Integrate any other application you don't find in the gallery, then click Create. Your app will be created and you will be redirected to the app's page.
B. Configure Zoho details in Microsoft Entra ID
- In a new tab, sign in at accounts.zoho.com.
- Go to Organization from the left menu. If you can't find Organization, click View more.
- Under SAML Authentication, click Download Metadata. A file named zohometadata.xml will be downloaded.
- Open the metadata file using a browser or a text editor.
- From the metadata file, copy and save the Entity ID and ACS URL.
- Return to the app's page in Microsoft Entra admin center.
- Click Set up single sign-on under the Getting Started section.
- Select SAML.
- Go to Step 1: Basic SAML Configuration, then click Edit.
- Paste the copied Entity ID in the Identifier field.
- Paste the copied ACS URL in the Reply URL field.
- (optional) In the Sign On URL field, enter the URL in the following format:https://<accounts-url>/samlauthrequest/<orgid>?serviceurl=<service-url>
- <accounts-url> : The first part of the ACS URL after https://. For example, accounts.zoho.eu
- <orgid> : The last (numeric) part of the ACS URL
- <service-url> : The URL of the service you want your users to access. E.g., https://mail.zoho.com for Zoho Mail. (The ".com" should be whatever the domain present in your ACS URL.)
- (optional) In the Relay State field, enter the same service URL you have entered in the previous step. For example, https://mail.zoho.com.
- Click Save.
C. Configure Microsoft Entra ID details in Zoho
- Go to Step 3: SAML Signing Certificate, and download Certificate (Base 64).
- Go to Step 4: Set up {application name}, and copy the Login URL and Logout URL.
- Return to the SAML Authentication page in accounts.zoho.com.
- Configure SAML in your Zoho account using the downloaded certificate and copied URLs from Microsoft Entra ID.
- Paste the Login URL in the Sign-in URL field.
- Paste the Logout URL in the Sign-out URL field.
- Upload the Certificate in the X.509 Certificate field. Make sure the certificate is in one of these formats: based-64 coded .cer, .crt, .cert, or .pem file.
- Click Configure.
Assign users to the app in Microsoft Entra ID
Test the SAML configuration
- Go to your Zoho sign-in page.
- Enter your email address, then click Next. You will be redirected to Microsoft Entra ID for authentication.
- If you are not signed in already, enter your Microsoft Entra ID credentials to sign in. You will now be redirected back to Zoho and will be signed in.
- Go to myapplications.microsoft.com.
- Click on the Zoho app you have configured. You will be redirected to Zoho and will be signed in.
Enable single logout (SLO)
- Sign in to Microsoft Entra admin center as an admin.
- Go to the configured application's page.
- Click Single sign-on in the left menu.
- Go to Step 4: Set up {app name}, then copy the Logout URL.
- Go to SAML Authentication at accounts.zoho.com, then click Edit.
- Enter the copied URL in the Sign-out URL field.
- Select Do you need a sign-out response?.
- Click Configure. You may need to re-enter the X.509 certificate before this.
- Click Download Metadata.
- Open the downloaded file using a browser or a text editor, then copy the Single Logout URL present under the tag <md: SingleLogoutService>.
- Return to the Microsoft Entra admin center.
- Click Edit next to Step 1: Basic Configuration.
- Enter the copied Single logout URL in the Logout URL field, then click Save.
If you encounter any errors while signing in using SAML, you can refer to our troubleshooting guide.
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
Still can't find what you're looking for?
Write to us: support@zohoforms.com
|
Quick Links |
Workflow Automation |
Data Collection |
|
|
||
|
Form Templates |
||
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Zoho Sheet Resources
Zoho Forms Resources
Zoho Sign Resources
Sign, Paperless!
Zoho TeamInbox Resources
Zoho DataPrep Resources
Design. Discuss. Deliver.
Related Articles
Accessing Zoho via AWS using SAML
By configuring SAML-based SSO with AWS, you can let your users sign in to Zoho using their AWS credentials. Required items from AWS: You will need the following items from AWS to configure SAML in Zoho. You can follow the configuration steps to get ...Accessing Zoho via Google using SAML
You can use Google as an identity provider (IdP) to access Zoho applications. Google IdP is a user management platform for Google Apps and services. Required items from Google You will need the following items from Google to configure SAML in Zoho. ...Accessing Zoho via Auth0 using SAML
By configuring SAML based SSO with Auth0, you can let your users sign in to Zoho using their Auth0 credentials. Required items from Auth0 You will need the following items from Auth0 to configure SAML in Zoho. You can follow the configuration steps ...Configure SAML in Zoho Accounts
Note: If you want to configure SAML for Zoho One/ Zoho Directory, you can refer to their respective help documents: Zoho One | Zoho Directory To create a SAML connection between Zoho and your identity provider (IdP), you will need to provide some ...Troubleshoot SAML related errors
Error Message Reason Solution Your organization has configured SAML authentication, please sign in via SAML credentials You cannot sign in to your Zoho account via any linked account, if your organization has mandated you to sign in only through SAML ...