SAML troubleshooting

SAML troubleshooting

1. How can a user bypass SAML so that he is not redirected to the SSO page.

Users can be grouped in Zoho Directory using conditional assignment. These groups can be excluded within Zoho Directory → Security → Custom Authentication, selecting the Identity Provider, and excluding the group accordingly.

2. When a user is trying to login via Azure SSO, receiving an error "The signed in user is blocked because they are not a direct member of a group with access". How to fix and let the user access the application?

The corresponding user has not been added to the Azure AD SSO group. Kindly note that only when he is added to the group, the user will be able to login successfully.

Kindly follow the steps below to resolve the issue:

a. Navigate to the Azure portal and open the Applications view
b. Then, navigate to the Directory view and select Enterprise Applications and All Applications.



c. In the applications list, select Zoho > Click Users and Groups in the left-side menu > Click Add user
d. Select Users and groups from the Add Assignment page, choose users from the list and click Assign after selecting the users


3. When I enter my email ID on the login page, I am redirected to the Microsoft login page and can sign in successfully. However, when I click the Microsoft icon on the Zoho accounts login page, it returns an “OIDC Invalid Request” error or "Identity Provider Not Allowed – Signing in with AZURE is not allowed. For more details, contact your administrator" and does not allow me to log in.

Since you are redirected to the Microsoft login page after entering your email address, SAML authentication is currently configured. However, the URL configured for SAML is not a custom URL, which is why the redirection does not occur directly when using the URL.

To resolve this, configure a custom URL and update the same in your SAML configuration by following the recommended setup steps. Kindly refer, https://help.sdpondemand.com/customized-domains

If you would like to support multiple login methods—such as logging in using icon like Microsoft sign-in, other social sign-in options, or Zoho username/password—while still retaining SAML authentication for your Organization, you can configure a Routing Policy in Zoho Directory. This allows you to bypass SAML selectively and enable alternative authentication methods for specific or all users.



      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • SLA Troubleshooting Guide

                      Refer to the following link for a scenario-based automation guide specific to SLA's: https://pitstop.manageengine.com/portal/en/kb/articles/sla-scenarios Steps to Effectively Troubleshoot SLA: Ensure the SLA is defined separately for incidents and ...

                    • Business Rule Troubleshooting Guide

                      Refer to the following link for a scenario-based automation guide specific to Business Rules: ? https://pitstop.manageengine.com/portal/en/kb/articles/business-rule-scenarios Steps to Effectively Troubleshoot a Business Rule: Check if the Business ...

                    • Unable to perform any action in ServiceDesk Plus Cloud

                      There might be scenarios where you may not be able to create request and the page would still load with an internal error, or the buttons may not work as intended. At this point of time, it would be great if you could reach support along with the HAR ...

                    • Order of Automation Execution During Request Creation

                      When a request is created in the application, various automation layers are executed in a specific sequence. Understanding this order is essential to determine the appropriate level for applying automation and troubleshooting in case of failures. ...

                    • Scan related FAQ's and Troubleshooting Procedures

                      For detailed configuration steps, please refer to our help guide. 1. What are the prerequisites for adding a probe? Here are the prerequisites for adding a probe: Operating System: Windows Server 2008 or higher, Windows 7 or higher. Dependent ...

                      Related Products