Administrator- SAML mapping (Basic and Advanced) in zoom app

 

 

Basic SAML mapping

You can specify a default user type when users log in to Zoom via SSO. You can also map specific SAML attributes passed from your identity provider to Zoom’s email address, first name, last name, phone number, and department. This allows this information to be passed automatically from the identity provider.

Requirements

Set up a basic SAML mapping

SAML attributes and corresponding values ​​need to be configured in the identity provider. Once you configure them in your IdP, you can configure basic SAML mappings in Zoom.

  1. In the Zoom web portal, log in to the single sign-on settings page .
  2. Click the SAML Response Mapping tab.
  3. The first section of this page shows basic SAML information mappings .
    • Default User Type ]: To change the default user type, [next to edit and click].
      If [ None ] is selected, the user’s Zoom account is not created by default and access to Zoom is also denied. Assigning Zoom access to users requires advanced SAML mappings . You can also use advanced SAML mappings to assign different user types based on the attributes passed.
    • Other fields: To change , click Map to SAML Attribute . Enter the SAML attribute passed by the identity provider.
    • After entering the value, you can click Edit to edit the value, or click Clear to delete the value.

For more information on basic SAML mapping, please click here .

Advanced SAML mapping

Advanced SAML mapping allows you to specify Zoom licenses, add-ons, user roles, user groups, or IM groups based on the values ​​passed through SAML at login. You can also use the advanced SAML mapping to deny user access to your Zoom account.

As an example of usage, it is effective when you want to give a Pro license when logging in and give a basic license to other users (such as university students) when logging in.

Advanced SAML mappings affect new and existing users the next time they log in via SSO.

Configure advanced SAML mapping

SAML attributes and corresponding values ​​need to be configured in the identity provider. Once you configure them in your IdP, you can configure advanced SAML mappings in Zoom.

  1. In the Zoom web portal, log in to the single sign-on settings page .
  2. Click [ SAML Response Mapping ].
  3. SAML Advanced Information Mapping and scroll down to].
  4. Click Add next to the item you want to specify based on the SAML value .
    • User Type ]: This user to specify whether to receive Basic, Pro, a Corp (the case of the account that you are using on-premises) or None. Based on this, the user access to the Zoom account is denied.
    • Add-On Plan ]: this user specifies whether the receipt of the add-on plan, such as a license of webinars and large-scale meetings. To use an add-on plan, a Pro license must be assigned.
    • User Role ]: Administrator this user, you specify whether you need to be a member or customized role, ( management of the role set in).
    • User Group ]: This user to specify whether they are added to a particular group. Groups are configured in group management and can restrict features and privileges.
    • IM Group ]: Specify whether this user is added to a specific IM group. Read more about IM management .
  5. Once you click Add next to the item you want to configure, you need to enter the SAML attribute, the SAML value, and the resulting value. If you want to specify different user groups and receive different results, you can add multiple SAML attributes and / or values.
    • SAML Attribute ]: Enter the attribute name passed by the IdP.
    • SAML Value ]: for this particular user or user group, enter the value that is passed by the IdP.
    • Resulting Value ]: Select how to assign this user in Zoom based on the SAML value.
  6. Click Add to add additional SAML mappings.
  7. Click Save Changes .

 

Leave a Comment