SAML Configuration - SAML based SSO | Zoho Accounts

Configure SAML in Zoho Accounts

Note: If you want to configure SAML for Zoho One/ Zoho Directory, you can refer to their respective help documents: Zoho One | Zoho Directory

To create a SAML connection between Zoho and your identity provider (IdP), you will need to provide some details from Zoho to your IdP, and vice versa. You can get Zoho's details from the Zoho metadata and provide them to your IdP while configuring SAML.  Similarly, you will need to get the required details from your IdP to configure SAML in Zoho.

Configure SAML in your IdP (using Zoho's Metadata)

To configure Zoho as a service provider in your Identity Provider (IdP), you will need to provide Zoho's details. These details can be found in the metadata file, which you can download from your Zoho account. You can upload the metadata file to your IdP or enter the details manually. Refer to your IdP's documentation or support to learn how.

Zoho's metadata file contains the following details:
  1. Entity ID (or issuer URL/identifier)
  2. ACS URL (or reply URL/single sign-on URL)
  3. Sign-out URL
  4. NameIDFormat
  5. ZOID (which is the last part of the ACS URL)

To download Zoho metadata:
  1. Sign in at
  2. In the left menu, under Organization, click SAML Authentication.
  3. Click Download Metadata. A file named "zohometadata.xml" will be downloaded.
  4. To view and copy the required details, open the file using a browser or text editor.

Configure SAML in Zoho

To configure SAML in Zoho, you need to obtain the below information from your identity provider. You can either enter the information manually or auto-fill it by uploading the metadata (based on how your IdP provides it).
  1. Sign-in URL
  2. Sign-out URL (optional)
  3. Name identifier
  4. X.509 Certificate (Make sure the certificate is in one of these formats: based-64 coded .cer, .crt, .cert, or .pem file)
To fill out these details:
  1. Sign in at
  2. Click Organization in the left menu, then click SAML Authentication. If you can't find Organization, click View More
  3. Click Set up Now
  4. Either auto-fill the required details by uploading the metadata file (which you got from your IdP) or manually enter them. 
  5. The Name Identifier will be Email Address by default. If your IdP uses a different name identifier, select the applicable option. 
  6. In the Zoho Service field, select the Zoho app to redirect to, when users sign in from the IdP. Learn more

Based on your SAML requirements, you can make use of the following options as well:


When your users sign in or sign out, your IdP may require their email address or username from Zoho. For example, when a user tries signing in to Zoho directly, they'll be redirected to IdP for authentication. The IdP will present a sign-in form to users for authentication. If the IdP can obtain the user's email address or username from Zoho, it can auto-fill this field on the sign-in form.

To send such information to your IdP, you need to enable Parameters. The Value field can be Username or Email Address. The parameter name you enter in the Name field will be used by the IdP to identify the values sent by Zoho. 

Sign SAML requests

For SP-initiated SAML, Zoho will send SAML requests to your IdP (to authenticate the user). Your IdP may require that these requests are signed to ensure that:
  1. The requests are coming from Zoho and not any other source.
  2. The information sent in the request is not altered by a malicious actor.
To meet this signature requirement, you can enable the option to sign all SAML requests Zoho sends. A public key will be generated and available for download (on the SAML Authentication page). You'll need to provide this public key to your IdP for verifying the signed requests. 

Generate key pair

After your IdP authenticates a user, it will send a SAML response to Zoho, which contains information about the authenticated user, among other details. To maintain the confidentiality of this information, the IdP may require that SAML responses be encrypted. To meet this requirement, you can generate a cryptographic key pair of public and private key. The private key will be kept secure. The public key will be available for download, and you'll need to provide it to your IdP. Your IdP will use this public key to encrypt the information in SAML responses and send them to Zoho. Since this information can only be decrypted using the private key that Zoho has kept secure, the information sent in responses remains confidential between your IdP and Zoho.

Note: If you enable the option Sign SAML requests, a key pair will be generated automatically.

Single logout

There are two types of Single logout (SLO):
  1. SP-initiated SLO: When users sign out of Zoho, they will be automatically signed out of the IdP as well.
  2. IdP-initiated SLO: When users sign out of the IdP, they will be automatically signed out of Zoho as well.
For SLO to work, it must be supported by the IdP. Some IdP's support only type of SLO, some support both, and some support none. 

To configure Single logout for your organization, you need to: 
  1. Enable the Single logout option. 
  2. Provide your IdP's sign-out URL to Zoho while configuring SAML.
  3. Provide Zoho's sign-out URL to your IdP. Zoho's sign-out URL can be found in the metadata file under the tag <md:SingleLogoutService>. For IdPs that are supported, the steps to enable single logout are described in the respective SAML help articles

Just-In-Time provisioning

Just-in-Time (JIT) provisioning allows your users to get added to your Zoho organization when they sign in to Zoho for the first time through SAML. They will be added after validating the SAML response and their domain. If JIT is not enabled, you have to manually add your users to your Zoho organization before they can sign in with SSO. 

Using JIT, you can also retrieve and auto-fill some user information fields in Zoho (from the IdP). To do that, map the following Zoho user information fields with the corresponding fields from your IdP when you enable JIT: 
  1. First Name
  2. Last Name
  3. Display Name
Your IdP may either pre-define the attribute names or let you enter an attribute name of your own. If the latter is the case, enter an attribute name in Zoho and use the same name in your IdP.

To learn more about the terms used here, check out our SAML Terminologies glossary.

To configure SAML-based SSO with the following IdPs, refer to their respective help articles:

    Zoho CRM Training Programs

    Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

    Zoho CRM Training
      Redefine the way you work
      with Zoho Workplace

        Zoho DataPrep Personalized Demo

        If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

        Zoho CRM Training

          Create, share, and deliver

          beautiful slides from anywhere.

          Get Started Now

            Zoho Sign now offers specialized one-on-one training for both administrators and developers.

            BOOK A SESSION

                                      You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.

                                          Manage your brands on social media

                                            Zoho Desk Resources

                                            • Desk Community Learning Series

                                            • Digest

                                            • Functions

                                            • Meetups

                                            • Kbase

                                            • Resources

                                            • Glossary

                                            • Desk Marketplace

                                            • MVP Corner

                                            • Word of the Day

                                              Zoho Marketing Automation

                                                Zoho Sheet Resources


                                                    Zoho Forms Resources

                                                      Secure your business
                                                      communication with Zoho Mail

                                                      Mail on the move with
                                                      Zoho Mail mobile application

                                                        Stay on top of your schedule
                                                        at all times

                                                        Carry your calendar with you
                                                        Anytime, anywhere

                                                              Zoho Sign Resources

                                                                Sign, Paperless!

                                                                Sign and send business documents on the go!

                                                                Get Started Now

                                                                        Zoho TeamInbox Resources

                                                                                Zoho DataPrep Resources

                                                                                  Zoho DataPrep Demo

                                                                                  Get a personalized demo or POC

                                                                                  REGISTER NOW

                                                                                    Design. Discuss. Deliver.

                                                                                    Create visually engaging stories with Zoho Show.

                                                                                    Get Started Now

                                                                                                        • Related Articles

                                                                                                        • Accessing Zoho via Google using SAML

                                                                                                          You can use Google as an identity provider (IdP) to access Zoho applications. Google IdP is a user management platform for Google Apps and services. Required items from Google You will need the following items from Google to configure SAML in Zoho. ...
                                                                                                        • Accessing Zoho via Auth0 using SAML

                                                                                                          By configuring SAML based SSO with Auth0, you can let your users sign in to Zoho using their Auth0 credentials. Required items from Auth0 You will need the following items from Auth0 to configure SAML in Zoho. You can follow the configuration steps ...
                                                                                                        • Accessing Zoho via AWS using SAML

                                                                                                          By configuring SAML-based SSO with AWS, you can let your users sign in to Zoho using their AWS credentials. Required items from AWS: You will need the following items from AWS to configure SAML in Zoho. You can follow the configuration steps to get ...
                                                                                                        • Sign in using SAML

                                                                                                          SAML is a protocol that allows you to configure single sign-on (SSO) for Zoho with your identity provider (IdP). Once SAML-based SSO is configured for an organization, all the organization users can directly sign in to Zoho using their IdP ...
                                                                                                        • Accessing Zoho via Microsoft Entra ID using SAML

                                                                                                          By configuring SAML based SSO with Microsoft Entra ID, you can let your users sign in to Zoho using their Entra ID credentials. Required items from Microsoft Entra ID You will need the following items from Microsoft Entra ID to configure SAML in ...
                                                                                                          Wherever you are is as good as
                                                                                                          your workplace



                                                                                                            Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.


                                                                                                            Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.


                                                                                                            Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.

                                                                                                            CRM Tips

                                                                                                            Make the most of Zoho CRM with these useful tips.

                                                                                                              Zoho Show Resources