SAML based Single Sign On (SSO) in CRM portals - Overview
This document will provide a basic overview of SAML based Single Sign On (SSO).
For instructions on enabling it for your CRM's portal users, see: Configuring SAML-based SSO in CRM Portal
Supported editions
Glossary
Supported editions
- Enterprise
- Ultimate
- Bundles (CRMPlus and Zoho One)
- Trial: No
- Developer: No
- Sandbox: No
- Mobile: No
Glossary
- Authentication
Authentication is the process of confirming a user's identity before providing access to a system. This is used to secure the system against impostors. - SAML
Security Assertion Markup Language (SAML) is a standard for communication that helps in authentication. It eases the exchange of authentication-related information between systems. - SSO
Single Sign On (SSO) is a method of authentication where a user needs to log in just once to access multiple apps and services. This improves user experience and security. - IdP
Identity provider (IdP) is a system that stores users' identities and authenticates them when they want to access an app or service. It helps improve the security of multiple systems by centralizing authentication and enabling SSO. - SP
Service provider (SP) is an app or service that a user wants to access. - Issuer
Issuer is the unique identifier of an IdP or SP. It helps ensure that the SAML requests and responses are being sent to the right place. - ACS URL
Assertion Consumer Service (ACS) URL is where the IdP sends SAML responses. SAML responses are messages from the IdP to the SP that confirm a user's identity. - Default Relay State
This is the URL where the user lands after login authentication in IdP. - Single Logout (SLO) URL
This is the URL where the IdP sends the logout request. - Login URL
This is the login URL for the IdP. If a user isn't logged in to the IdP, they will be redirected to this page when they try to access an app or service. - Logout URL
This is the logout URL for the IdP. When a user logs out of an app or service managed by the IdP, the log out request is sent here. - Public Key/ Certificate
Public keys are used by SP and IdP to verify the signature and encrypt (or decrypt) SAML messages. - Algorithm
This is the algorithm used to encrypt and decrypt messages sent between the IdP and the SP.
Admins can enable SAML-based SSO for portal users to ease the process of logging into the CRM portal.
Let's say that a marketing agency uses the CRM's portal to engage with its clients and partners. The agency also provides them access to a project management tool and a design tool. To streamline access across these related apps, the agency implements SAML SSO for its portal users. Once enabled, the following happens:
- A client logs into the CRM portal to add some information related to a deal.
- Since SSO is enabled, when the client accesses the project management tool, they don't need to enter their credentials again. They are automatically logged in.
- The same applies for when they want to access the design tool to check a prototype. Logging into the CRM portal ensures that they can access these other apps without entering their credentials again.
- The same applies if the client had logged into the project management tool first. When they access the CRM portal, they are automatically logged in.
What is SAML-based SSO?
SAML-based Single Sign On (SSO) is a quicker way of authenticating users who work with multiple apps or services. It is commonly used by businesses where a central IT team manages employees' access to multiple tools.
Without SSO, employees must log in to each app or service. They must remember multiple credentials or use the same one for multiple apps. This affects user experience and security, as a compromised app could expose other apps' credentials. In addition, it is difficult for the Central IT team to manage user access to multiple apps and enforce security policies.
With SSO enabled, the employee needs to log in just once to the IdP. Once logged in, they have access to all the apps or services linked to the IdP. The Central IT team can manage access using the IdP. Since IdPs are specialized for authentication, they tend to be more secure as well.
The user can access multiple apps and services because the IdP communicates the authentication to the SPs (apps and services the user wants to access). If the communication between the IdP and the SP is in the form of SAML messages, the SSO is called SAML-based SSO. The most common flow looks like this:
- User tries to access an app (SP).
- The SP asks the IdP to authenticate the user.
- The IdP authenticates the user. If the user is not logged in to the IdP, then the user is asked to do so.
- The IdP send a SAML assertion to the SP.
- The SP provides access to the user.
Some benefits of using the SAML-based SSO method of authentication are:
- Ease of remembering and managing login credentials
- Simplified login process for portal users
- Enhanced security due to centralized access control
- Reducing the risk of password-related vulnerabilities
- Ease of managing user access and permissions from a centralized identity management system
Next steps
For instructions on how to enable SAML-based SSO for your CRM portal, please see Configuring SAML-based SSO in CRM Portal.
See also
For learning more about setting up CRM portals, see: Setting up Portals and Inviting Users.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Configuring SAML-based SSO in CRM portals
This document will provide instructions on how to enable SAML-based SSO for your CRM's portal users. For an overview of SAML-based SSO, see SAML based Single Sign On (SSO) in CRM portals - Overview. Prerequisite Glossary Prerequisite Editions: ...Adobe Sign
Digitally signed documents can be collected easily from customers and prospects with the Adobe Sign extension in your Zoho CRM account. When your business requires you to get documents approved and signed on time for a deal to be successfully ...Zoho Directory integration with CRM
Integrating CRM with Zoho Directory gives the CRM administrators a stronger hold on the organization's CRM account by enforcing password security, IP restrictions, and other policies. Read more about Zoho Directory here. Benefits of integrating CRM ...Frequently Asked Questions on CRM for Everyone
Zoho CRM for Everyone is available on the Early Access mode for customers upon request. Request access here. Are Zoho CRM and CRM for Everyone the same CRM or is it a new CRM from Zoho? We are introducing an upcoming upgrade to your existing Zoho ...Managing Multiple CRM Organizations
Access multiple CRM accounts using one sign-in Zoho CRM allows users to access multiple organizational (CRM) accounts using the same email address. This is especially useful for organizations that maintain different CRM accounts to manage their ...
New to Zoho LandingPage?
Zoho LandingPage Resources