Developer's Guide


How does SAML function?

The step by step illustration shows the transactions between the IDP (Identity Provider) and the SP (Service provider):

  1. Credential Validation

  2. SAML Request to the IDP

  3. Authentication at IDP

  4. Response message to Zoho-SSO

  5. User session










 Step 1: Credential validation

When a user from the organization "" tries to sign-in to his portal using a business URL " or  (mapped custom domain)

It will be checked for valid credentials.

 Step 2: SAML Request to the IDP

"Service Provider" (Zoho-SSO) constructs a request message and posts the SAML Request message to the IDP (

  • The below is the sample message that is sent as SAML Request. (Before encoding)

  • The above message is sent using the HTTP Post Binding.

  • The message will be Base64 encoded.

  • So the final request will be in the below format.

Sample URL:

 Step 3: Authentication at IDP

  • IDP (eg. : should authenticate the user based on the SAML request received from the Service Provider (Zoho SSO).

 Step 4: Response message to Zoho-SSO

  • After successful authentication, IDP (eg. : should respond to the Service Provider (Zoho-SSO), say @ about the successful authentication, with the required information.

  • Sample Message : The above message should be encoded in Base-64 format.

 Step 5 : User Session

  • Upon receiving the successful authentication response from the IDP (eg., the Service Provider (Zoho SSO) will verify the message using the public key provided by the IDP

  • If it is valid, it will create a session for the user.

  • Then, the user can access all the Zoho services under SSO.

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: