Improved Security in SAML/OIDC Sign-in Redirection Flow

To enhance the security of our authentication system, we’ve made a change to how SAML and OIDC sign-in redirections are handled. This update resolves a potential open redirection vulnerability and adds an extra layer of protection during the sign-in process.

What’s changing?

Previously, when an account was set up to use only SAML or OIDC for sign-in, users were automatically redirected to the configured SSO URL without any intermediate steps.

However, this behavior could be misused. If an attacker managed to configure a malicious redirect URL as part of the SSO setup and sent that sign-in link to a user, the user could be unknowingly redirected to a harmful site, even if they don’t belong to the attacker’s organization.

To prevent this, we now present users with a consent screen (shown below) before redirecting them to the SSO URL. This screen clearly displays the Sign-in URL and asks users to confirm that they trust the site before proceeding.

Note: You may see this consent screen when signing in through a direct link or from a site that is not part of your organization’s trusted domains. This is a security measure to help verify the origin of your sign-in attempts. If you're unsure about the URL displayed, please contact your administrator before proceeding.

If you have any questions or concerns, feel free to reach out to us at support@zohoaccounts.com

• Topic Participants

• Fathima Rizwana R

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• How do I link my invoice to an estimate?

  There has been instances where I have created estimates, however, invoices for the same estimate were created independently. The status of these estimates hasn't converted to 'invoiced'. 

• Subheaders for Sections in forms

  Currently, every form section has a field name, which one can choose to show/hide to the end user. It would be great if there was an option to show a SUB-HEADER in addition to a header. It would be useful for explaining to the end user what the section

• Antispam validation failed for your domain in Accounts

  I tried adding a domain to zeptomail.zoho.com, but the “add domain” operation failed. The front‑end error reads: “Domain could not be added. Please contact support@zeptomail.com.” The back‑end API returned: ``` { "error": { "code": "TM_3601", "details":

• Convert invoice from zoho to xml with all details

  How to convert an Invoice to XML format with all details

• Prevent subform editing on a module's detail's page

  Hi everyone, We would like to prevent any editing of the subform data in the : Create page Edit page Details page (as subform editing is now allowed by the recent UX update) We are able to prevent editing by making the subform fields read only in the

• Export Invoices to XML file

  Namaste! ZOHO suite of Apps is awesome and we as Partner, would like to use and implement the app´s from the Financial suite like ZOHO Invoice, but, in Portugal, we can only use certified Invoice Software and for this reason, we need to develop/customize on top of ZOHO Invoice to create an XML file with specific information and after this, go to the government and certified the software. As soon as we have for example, ZOHO CRM integrated with ZOHO Invoice up and running, our business opportunities

• Refresh frequency

  Dear Zoho Team, I really, truly appreciate that Zoho Books gets frequent updates. As a matter of fact this is how a good SaaS company should stay on top. However, I feel that I have to hit refresh almost every day. This was exciting at the beginning but

• Zoho Books | Product updates | January 2026

  Hello users, We’ve rolled out new features and enhancements in Zoho Books. From e-filing Form 1099 directly with the IRS to corporation tax support, explore the updates designed to enhance your bookkeeping experience. E-File Form 1099 Directly With the

• Weekly Tips : Save Time with Saved Search

  Let's assume your work requires you to regularly check emails from important clients that have attachments and were sent within a specific time period. Instead of entering the same conditions every time—like sender, date range, and attachments included—you

• Bring real app analytics into Zoho Creator apps with Zoho Apptics

  We’re kicking off the year with a release we’ve been looking forward to for a long time. After being in the works for a while, Zoho Creator and Zoho Apptics are now officially integrated, bringing in-depth product analytics directly into the Zoho Creator

• emailing estimates

  Shows up in the customer mail logs as sent but nobody is receiving them, even when I send them to myself I don't get them ??? Something wrong with the mail server or my end ?

• Ability to CC on a mass email

  Ability to CC someone on a mass email.

• No background for video recordings, no playback speed, can't even playback longer recordings - have to download…

  Hi. We utilize heavily video messages on Slack, but wanted to migrate to Cliq with Zoho One, however very basic yet very frequently used feature is missing: backgrounds for video recordings and playback speed. We were not happy with Slack's 5 minute limits

• Bookings duration - days

  Hi team, Is there any way to setup services/bookings that span multiple days? I am using Zoho Bookings for meeting room bookings. Clients may wish to book a room for more than one day, for up to a month.  If not, is there a plan to allow services to be setup with durations of Days as well as hours and minutes? Many thanks, Anna.

• Customer address in Zoho Bookings

  Hello,  Is it possible to add customer address information to the Zoho bookings appointment screen? Or have it pull that information automatically from the CRM? We are wanting to use this as a field management software but it is difficult to pull the address from multiple sources when it would be ideal to have a clickable address on the appointment screen that opens up the user's maps.  It would also be advantageous for the "list view" to show appointment times instead of just duration and booking

• Organize and manage PDFs with Zoho PDF Editor's dashboard

  Hello users, Zoho PDF Editor's dashboard is a one-stop place to upload, sort, share PDF files, and more. This article will explore the various capabilities that Zoho PDF Editor's dashboard offers. A few highlights of Zoho PDF Editor's dashboard: Upload

• Feature Request - Allow Customers To Pick Meeting Duration

  Hi Bookings Team, It would be great if there was an option to allow customers to pick a duration based on a max and minimum amount of time defined by me and in increments defined by me. For example, I have some slots which are available for customers

• New feature: Invite additional guests for your bookings

  Hello everyone, Greetings from Zoho Bookings! We are happy to announce the much-awaited feature Guest Invite, which enhances your booking experience like never before. This feature allows additional participants to be invited for the bookings to make

• Changing the owner of a call

  Am I correct in my conclusion that I cannot change the owner of a call in Zoho? The field does not show up in the screen, nor can I make it show up as the systems does not give me that option. I cannot "mass update" it either. I tried it, but Zoho refuses to change the name of the owner. Please help out: how do I change the owner of a call.

• Unified Notes View For Seamless Collaboration

  To facilitate better coordination among different departments and team members, the notes added to a record can now be accessed in all its associated records. With this, team members, from customer service representatives to field technicians, can easily

• Remove Profiles from "Forecast" Module

  How can I remove Profiles from My forecast Module? Image Below The only revenue generators are the VP's, and the Estimation Managers, and the Estimators subordinate to the Est. Managers. How can I remove the unused Profiles? Its frustrating to see them

• Manage Every Customer Conversation from Every Channel inside Zoho SalesIQ

  Your customers message you from everywhere. But are you really able to track, manage, and follow through on every conversation, without missing anything? With interactions coming in from websites, mobile apps, and messaging platforms like WhatsApp and

• Integrate Excel or Zoho Sheet functions / calculations to CRM product module

  Hello Community, I hope someone more experienced can help me with this question. Our price / payment plan calculations are in an Excel spreadsheet and I would like to use all those functions / calculations in my Products module. So when we send a quote

• Sync CRM Contacts to USER'S contacts on Office 365

  I can see that the O365 sync is transferring contacts backwards and forwards between Zoho CRM and Office365. But it has created a separate address book in Office 365 called "Zoho CRM Contacts". This address book is not used by Office/Outlook's email function

• Uplifted homepage experience

  Editions: All editions. Availability update: 17th February 2026: All editions in the CA and SA DC | JP DC (Free, Standard and Professional editions) 23 February 2026: JP (All Editions) | AU, CN (Free, Standard, Professional editions) 27 February 2026:

• Logging Out of FSM

  I have tried to log out of FSM app of the last person and it will not let me do so. I need to log in to my account.

• Restoring records from the recycle bin programatically

  Background I'm working on a piece of software to automate conversion of Leads into Deals based on order status from my company's website. The process is mostly complete, right now I'm just working on handling a few edge cases to ensure data integrity.

• Does Zoho Learn integrate with Zoho Connect,People,Workdrive,Project,Desk?

  Can we propose Zoho LEarn as a centralised Knowledge Portal tool that can get synched with the other Zoho products and serve as a central Knowledge repository?

• All new Address Field in Zoho CRM: maintain structured and accurate address inputs

  Availability Update: 29 September 2025: It's currently available for all new sign-ups and for existing Zoho CRM orgs which are in the Professional edition exclusively for IN DC users. 2 March 2026: Available to users in all DCs except US and EU DC. Latest

• Create static subforms in Zoho CRM: streamline data entry with pre-defined values

  Last modified on (9 July, 2025): This feature was available in early access and is currently being rolled out to customers in phases. Currently available for users in the the AU, CA, and SA DCs. It will be enabled for the remaining DCs in the next couple

• SalesIQ Identity Update for Logged In Wordpress User

  Hey folks, SalesIQ does not automatically detect when a visitor logs in to WordPress and update their identity to match. For example, if a client of ours visits the site and logs in, SalesIQ will not track them correctly by default. The Solution The solution

• Feature Request – Conditional Visitor Information Request in Zoho SalesIQ

  We would like to request the ability to conditionally ask for visitor details based on the communication channel used in Zoho SalesIQ. Specifically: When a visitor initiates a conversation through the live chat widget on the website, we want to continue

• Add zoho calendar to google calendar

  Hi I keep seeing instructions on how to sync Zoho CRM calendar with google calendar but no instructions on how to view Zoho calendar in my google calendar.

• Promote a layout to standard so I can delete one layout

  Similar to this and many other topics: https://help.zoho.com/portal/en/community/topic/set-layout-as-standard The problem, every model has a standard layout, which is what we use most of the time... But as the business grows and evolves we may have to

• Workdrive on Android - Gallery Photo Backups

  Hello, Is there any way of backing up the photos on my android phone directly to a specific folder on Workdrive? Assuming i have the workdrive app installed on the phone in question. Emma

• Auto sync Photo storage

  Hello I am new to Zoho Workdrive and was wondering if the is a way of automatically syncing photos on my Android phone to my workdrive as want to move away from Google? Thanks

• Is anyone experience missing functions in the new UI until hard refresh?

  The set of functions including search is almost always missing upon loading an app in the new UI. If you refresh, the functions return. (see second screenshot) Anyone else experiencing this?

• Conversion Rate – Won Deals over Assigned Prospects

  Hello, I would like assistance configuring a KPI in Zoho Analytics titled: Objective of the calculation: Number of Won Deals divided by Total number of assigned prospects (not only converted prospects). Important clarification: The denominator must include

• Not receiving New Ticket Emails

  Hello! The company I work for uses the Zoho ticketing system, however, I've noticed I'm not receiving email notifications when new tickets are published. I have admin rights to see these tickets on Zoho Desk and respond to them, but am not receiving the

• Can't update a field on a parent form from a child form's On Success workflow

  Title: Can't update a field on a parent form from a child form's On Success workflow Hi everyone, I'm building a simple Golf Lesson Tracker app and I'm stuck on what should be a basic operation — updating a number field on a parent form when a child form

• Next Page