SAML terminologies
Identity Provider (IdP)
An identity provider maintains a directory of user credentials. It authenticates a user and sends authorization information about them to the service provider.Service Provider (SP)
Service Provider (SP)
A service provider is a website that hosts services or applications for users. It relies on the IdP to authenticate a user.
Sign-in URL
Sign-in URL is an IdP URL where the user gets redirected to for authentication at IdP.
Sign out URL
Sign out URL is an IdP URL where the sign out request will be sent when the user sign out from Zoho.
Sign out Response
If you enable the sign out response, you will be signed out from the service provider and a response will be sent to the IdP sign out URL as well when you initiate a sign out request from the service provider. If it is unchecked, you will only be signed out from the service provider.
Certificate
The certificate is used to verify the sign out request sent from Zoho. You can find the certificate in the tag <ds:X509Certificate> in the metadata file.
Public Key
Public Key is a certificate with which Zoho can check the digital signature in the SAML assertion response.
Make sure the key is a base-64 encoded .cer , .crt, .cert, or .pem file. We don't accept any other format for the certificate.
Just in time provisioning
Just in time provisioning lets a user from your IdP to be added to Zoho impromptu. We will add them to Zoho after validating the SAML response and their domain.
ACS URL
The Assertion Consumer Service (ACS) URL is a Zoho destination URL where the SAML response must be sent by the IdP. It can be found in the metadata file downloaded from your Zoho account under the tag <md:AssertionConsumerService>.
Zoho only supports email address Name ID format, as specified in the metadata file "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
Related Articles
Terminologies
Technician: A technician is a person who can provide assistance to someone else at the remote end by accessing their smartphone camera. Customer: The person whose smartphone camera stream is being viewed by the technician to provide real-time ...SAML integration
Zoho supports various Identity Providers (IdP) to configure SAML based Single Sign On (SSO) for your Zoho account. Learn how to configure SAML with: Google OneLogin Azure ADFS OktaSAML Overview
What is Single Sign-on? Before understanding what Single Sign-On (SSO) is, we must go through how traditional authentication works. A service will present the user with a login page where the user must submit a set of login credentials i.e., username ...What is SAML?
SAML - Security Assertion Markup Language, developed by the Security Services Technical Committee of "Organization for the Advancement of Structured Information Standards" (OASIS), is an XML-based framework for exchanging user authentication, ...Troubleshoot SAML related errors
Error Message Reason Solution Your organization has configured SAML authentication, please sign in via SAML credentials You cannot sign in to your Zoho account via any linked account, if your organization has mandated you to sign in only through SAML ...