How does SSO works?

How does SSO works?

IDP intitiated flow


  1. The user wants to access a Zoho service.
  2. The user logs in to their Identity Provider (IdP )and chooses the Zoho application.
  3. IdP will create a signed SAML assertion response, which is sent to the ACS (Assertion Consumer Service) URL endpoint at Zoho.
  4. Zoho will validate the SAML assertion response. Upon successful validation, the user will be granted access to any Zoho services they are authorized for.

SP initated flow


  1. The user wants to sign in to a Zoho service. 
  2. Zoho generates an SAML authentication request and sends it to IdP via HTTP-Redirect binding.
  3. IdP will authenticate the user and form a signed SAML assertion response, which is sent to the ACS URL endpoint at Zoho.
  4. Zoho will validate the SAML assertion response. If the user is authorized to use the Zoho service, they will be granted access.

    • Related Articles

    • Configure SSO

      SSO via SAML involves Zoho trusting the assertions provided by your Identity Provider (IdP) to grant access to your users. This trust must be established by configuring SAML at your IdP and at Zoho. Steps involved in configuring SAML for your Zoho ...

    • SAML Overview

      What is Single Sign-on? Before understanding what Single Sign-On (SSO) is, we must go through how traditional authentication works. A service will present the user with a login page where the user must submit a set of login credentials i.e., username ...

    • Setting up SAML Single Sign-on for Help Center

      Security Assertion Markup Language (SAML) is a mechanism used for exchanging authentication and authorization data between applications, in particular, an identity provider (IdP) such as OneLogin, Okta, PingIdentity and a service provider (such as ...

    • SAML integration

      Zoho supports various Identity Providers (IdP) to configure SAML based Single Sign On (SSO) for your Zoho account. Learn how to configure SAML with: Google OneLogin Azure ADFS Okta

    • Sign-in Modes

      Zoho Accounts offer multiple first-factor authentication modes. In addition to using your account password, you can Sign in using OTP Use Federated sign-in Use SAML based SSO