Improved Security in SAML/OIDC Sign-in Redirection Flow

To enhance the security of our authentication system, we’ve made a change to how SAML and OIDC sign-in redirections are handled. This update resolves a potential open redirection vulnerability and adds an extra layer of protection during the sign-in process.

What’s changing?

Previously, when an account was set up to use only SAML or OIDC for sign-in, users were automatically redirected to the configured SSO URL without any intermediate steps.

However, this behavior could be misused. If an attacker managed to configure a malicious redirect URL as part of the SSO setup and sent that sign-in link to a user, the user could be unknowingly redirected to a harmful site, even if they don’t belong to the attacker’s organization.

To prevent this, we now present users with a consent screen (shown below) before redirecting them to the SSO URL. This screen clearly displays the Sign-in URL and asks users to confirm that they trust the site before proceeding.

Note: You may see this consent screen when signing in through a direct link or from a site that is not part of your organization’s trusted domains. This is a security measure to help verify the origin of your sign-in attempts. If you're unsure about the URL displayed, please contact your administrator before proceeding.

If you have any questions or concerns, feel free to reach out to us at support@zohoaccounts.com

• Topic Participants

• Fathima Rizwana R

  

• Sticky Posts

• Deprecation of SMS-based multi-factor authentication (MFA) mode

  Overview of SMS-based OTP MFA mode The SMS-based OTP MFA method involves the delivery of a one-time password to a user's mobile phone via SMS. The user receives the OTP on their mobile phone and enters it to sign into their account. SMS-based OTPs offer

• Recent Topics

• emailing estimates

  Shows up in the customer mail logs as sent but nobody is receiving them, even when I send them to myself I don't get them ??? Something wrong with the mail server or my end ?

• Can Zoho Flows repeat Actions more than once?

  I'm attempting to make an intentional Zoho Flow loop using the below layout. However, when "WithinLimit" condition is met, the program fails to execute the action "Get & Add Request Co..." again. Is this by design? Is Zoho Flows unable to repeat actions

• How to use OR when filtering using two fields

  I want to create return a list of Account Names by filtering on Field1 = "yes" OR Field 2 = "no" I can't see how to use the OR in the filter.

• Mobile phone version not working well

  I am working on the Zoho Site Builder. In the preview the desktop version looks okay, but in the mobile phone preview many words are cut off in the weirdest (wrong) way. How can I fix that?

• Zoho - Please explain difference between Thread view and Conversation view on Ticket

  I have reviewed the help document here but am still not clear on the difference between the two views. As an example, I just had a back and forth on a ticket: - Customer emails support email. - I email back from Desk. - Customer responds back. - I email back from Desk. On the upper left drop down box on the ticket Zoho Desk now says this is "4 Threads" and "4 Conversations" . How is that 4 threads?? By my count it is 1 thread and 4 conversations (assuming by "conversation" Zoho means number of total

• Not able to Sign In in Zoho OneAuth in Windows 10

  I recently reset my Windows 10 system, after the reset when I downloaded the OAuth app and tried to Sign In It threw an error at me. Error: Token Fetch Error. Message: Object Reference not set to an instance of an object I have attached the screenshot

• I need help to take Reports for tickets moved between departments.

  Hi, I need help to take Reports for tickets moved between different departments. Pls guide Shyam

• Export to excel stored amounts as text instead of numbers or accounting

  Good Afternoon, We have a quarterly billing report that we generate from our Requests. It exports to excel. However if we need to add a formula (something as simple as a sum of the column), it doesn't read the dollar amounts because the export stores

• Increase Round Robin Scheduler Frequency in Zoho Desk

  Dear Zoho Desk Team, We hope this message finds you well. We would like to request an enhancement to the Round Robin Scheduler in Zoho Desk to better address ticket assignment efficiency. Current Behavior At present, the Round Robin Scheduler operates

• Automation #6 - Prevent Re-opening of Closed Tickets

  This is a monthly series where we pick some common use cases that have been either discussed or most asked about in our community and explain how they can be achieved using one of the automation capabilities in Zoho Desk. Typically when a customer submits

• Zoho Desk EU slow/unresponsive

  Has anyone else got issues with ZohoDesk today in the EU? It takes an age to come back and if you do start typing something and try and send or save it looks like it times out. We are also getting this pic. ot I can't see anything on https://status.zoho.eu/

• EU DC Partial Outage Resolved: A Detailed RCA

  Incident Summary Due to an overload on one of the nodes in the EU DC for Zoho Desk, the system was unable to handle the heavy load, causing a slowdown in requests and resulting in a partial outage for customers with data residing in that node. On May

• This domain is not allowed to add in Zoho. Please contact support-as@zohocorp.com for further details

  After not using the domain rcclima.org.pe for some time, I'm trying to set up the free version of Zoho Mail. When I tried to validate my domain, rcclima.org.pe, I received the error message discussed in this thread: "This domain is not allowed to be added

• Perfomance Management - Zoho People

  Hi team, I am looking for performance management data such as KRA, goals, feedback, appraisals, etc., in Zoho Analytics. However, I am unable to find these metrics while editing the setup. Could you please confirm whether these fields are available in

• Deprecation of the Zoho OAuth connector

  Hello everyone, At Zoho, we continuously evaluate our integrations to ensure they meet the highest standards of security, reliability, and compliance. As part of these ongoing efforts, we've made the decision to deprecate the Zoho OAuth default connector

• Zoho Mail iOS app update: Display recipient's nickname on contact suggestion

  Hello everyone! In the most recent version(v3.3.1) of the Zoho Mail iOS app update we have brought in support to display recipient's nickname in contacts suggestion. Please update the app to the latest version directly from the App Store or using the

• Digest Février - Un résumé de ce qui s'est passé le mois dernier sur Community

  Bonjour chers utilisateurs, Le 26 février, nous avons organisé notre première session Ask the Expert de 2026. Nous sommes heureux de partager que ce fut une session très interactive, avec de nombreuses questions intéressantes posées par nos clients. Si

• Zoho CRM Case Notes - Share to Customer

  Hi team does anyone know the Api to set a note, against a case, to shared with customer? i cant seem to find it  cheers 

• Send out follow-up email in the same thread (threaded conversations in individual emails) from Zoho CRM

  Hi, I'm new to Zoho. I'm trying to send individual emails to my leads one by one. And I'll send out follow up email if I don't hear back from them later. However, instead of sending a new email, I want to reply in the same email thread so that the recipients

• web to lead

  Can anyone help me how to create web to lead from zoho marketing automation

• UI issue with Organize Tabs

  When looking at the organize Tabs window (bellow) you can see that some tabs are grayed out. there is also a "Add Module/Web Tab" button. When looking at this screen it's clear that the grayed out tabs can not be removed from the portal user's screen

• I created a signup form in Zoho Marketing Automation with the correct field mapping, but the data is not being reflected under Leads in Zoho CRM.

  web to lead from zoho marketing automation

• Pasted Images not being embedded in custom mail

  Hi, I'm making a custom report by email based on commentaries. I have the email ready, all working great except for images that are being pasted in the commentaries. Zoho deals with them as temp images and so it requires authentication to view them, something

• Kaizen #232 - Building a Ticket Escalation Mechanism from Zoho CRM

  Howdy, Tech Wizards! Picking up the thread from last week, we will continue our Zoho CRM and Zoho Desk integration. In Kaizen #231 - Embedding Zoho Desk Tickets in Zoho CRM, we built a Related List widget that displays open Zoho Desk tickets within the

• Inactive License for free account.

  I recently upgraded my Cliq subscription not my team (on the free version), are unable to login to their accounts. The error message received is Inactive License Looks like you have not been covered under the current free plan of users. Please contact

• Deluge scripts

  Why is there not a search function to make it easier to find the script of interest when modifications are required.

• Searching for an item from within an invoice should show any item containing the string, not just those that begin with the string.

  Hello, I've found myself becoming increasingly frustrated with the limited line-item seach when adding new items to an invoice. The problem is that the characters being typed are only being matched from the beginning of the item name.  This might be usable

• How to Rank Tables by Row Count in Descending Order

  I am trying to understand the consume of lines that grow up so fast in the last week. Is there any way to create a pivot table or query to get TABLE NAME LINES in descending order?

• Dealing With One-Time Customers on Zoho Books

  Hello there! I am trying to figure out a way to handle One-Time customers without having to create multiple accounts for every single one on Zoho Books. I understand that I can create a placeholder account called "Walk-In Customer", for example, but I

• Feature Request: Render Markdown (.md) files in Zoho Cliq

  Hi, We regularly share Markdown (.md) files in Zoho Cliq. However, when we open these files in Cliq, the content does not render as Markdown—it displays as plain text. This forces us to copy/paste the content into an external Markdown viewer to read it

• Subforms and automation

  If a user updates a field how do we create an automation etc. We have a field for returned parts and i want to get an email when that field is ticked. How please as Zoho tells me no automation on subforms. The Reason- Why having waited for ever for FSM

• Xero Billing Data (22 instances) - Zoho (CRM) - Single Source of Truth For Client Data & Notes

  Hi - I’m trying to build out a CRM for a Single Source of Truth Currently I have 22 Instances of Xero (for legal entity purposes - can’t consolidate to one) How would I be best placed to do this? Is it possible to have all the Xero instances (22) → Consolidated

• Zoho CRM Quotes – Subform and PDF/Writer Limitations

  Hello, I am encountering the following limitations in Zoho CRM Quotes: Custom product images cannot be uploaded in the subform – the image upload field cannot be added; only the file upload field is available. File upload placeholders cannot be used in

• No background for video recordings, no playback speed, can't even playback longer recordings - have to download…

  Hi. We utilize heavily video messages on Slack, but wanted to migrate to Cliq with Zoho One, however very basic yet very frequently used feature is missing: backgrounds for video recordings and playback speed. We were not happy with Slack's 5 minute limits

• Support inefficiency

  We have been asking for support for a minor adjustment for 12 days now and we haven't got a single viable resolution from support team despite there are 19 emails going between our HR team and various support emails from Zoho. 1. they do not understand

• About Certification Exam

  I recently written Zoho Creator Ceritification Exam But i failed in first attempt of exam. how to reset my account for second attempt of exam . 

• Zia capabilities now available in the Professional edition announcement

  Hello all! The Professional edition now supports a broader set of Zia capabilities, enabling teams to bring AI into more of their everyday CRM work. From writing assistance and summaries to setup support, predictions, and recommendations, Zia can now

• Where Do I set 24h time format in Cliq?

  Where Do I set 24h time format? Thanks

• How to I generate Proforma Invoices?

  When customers need to pay by bank transfer I need to send them a Proforma Invoice with our bank details. I am unable to work out how this can be done.  It needs to be done at the Sales Order stage before a formal Invoice is generated. John Legg Owner:

• This will be long, Please bear with me - Next Gen Layout - Search

  In general, I think that Zoho are going in the right direction with the Next Gen UI. The latest update brings some nice improvements and all-in-all from a user's perspective I think the improvements are generally very good. However, there are some areas

• Next Page