Active Directory Federation Services (ADFS) allows you to set up your account to log in with single sign-on (SSO). You can use SAML mapping to assign user licenses, groups, and roles based on ADFS settings. For more information on single sign-on, please click here .
- Zoom’s Business or Education account with an approved vanity URL
- ADFS server access
- Zoom Administrator or Owner Access
Settings in Zoom
- Https: // [SERVER] /FederationMetadata/2007-06/FederationMetadata.Xml in ADFS XML metadata search to the Download / Views
* [SERVER]: ADFS server (adfs.example.com)
- On the Zoom Admin page, click Single Sign On to display the SAML tab.
- Enter the following information in the SAML tab options:
- [ Sign SAML Request ]: Check this option to sign a SAML request in ADFS.
- [ Support Encrypted Assertions ]: Check this option to use encrypted assertions with ADFS.
- [ Enforce automatic logout after the user has been logged in for ]: Check this if you want to log out automatically after the specified period of time.
- [ Sign-in page URL ]: https: // [SERVER] /adfs/ls/idpinitiatedsignon.aspx?logintoRP=[Vanity].zoom.us
- [ Sign-out page URL ] : https: // [SERVER] /adfs/ls/?wa=wsignout1.0
- [ Identity provider certificate ] : Use the first X509 certificate of X509 certificate
* XML file from XML metadata in step 1 :
<ds: Signature xmlns: ds = “http://www.w3.org/2000/ 09 / xmldsig # “>
<KeyInfo xmlns =” http://www.w3.org/2000/09/xmldsig# “>
- [ Service Provider (SP) Entity ID ]: Select an option without https.
- [ Issuer ]: http or https: // [SERVER] / adfs / services / trust (entityID of metadata)
- [ Binding ]: HTTP-POST
Settings in ADFS
- Log in to the ADFS server.
- Open the ADFS 2.0 MMC .
- Add Relying Party Trust .
Select important data about Relying Party (RP) published online or on a local network.
Federation metadata address: https: // YOURVANITY .zoom.us / saml / metadata / sp
- Add a display name (“Zoom “) and exit the wizard with default settings.
- Modify the redirect and post SAML logout endpoint (right click on the newrelying party trust> Properties> Endpoints tab) URL as follows:
https: // SERVER /adfs/ls/?wa=wsignout1.0
Note: If you can not change the log out end-point[ Monitor Open the tab “ Automatically update relying party to cancel the check”,
to apply the changes.
- 2 Add the two claim rules (request convention).
itemconcents inputtedTypeSend LDAP Attributes as Claims
( Send LDAP Attributes as Claims )Name Zoom-Send to EmailMappingsE-Mail-Addresses> E-Mail AddressUser-Principal-Name> UPNGiven-Name> urn: oid: 188.8.131.52Surname> urn: oid: 184.108.40.206Type Incoming Claim Transform
(accepted request conversion)Name Zoom – Email To Name ID
(name ID from the e-mail)Incoming claim type
(incoming request type)-Mail Address E
(mail address)Outgoing claim type
(outgoing request type)ID Name
(name ID)Outgoing name ID format
(outgoing name ID format)Email
When setting is over
Based on what you have configured, any user in Active Directory should be able to log in.
To test , select [ Login ] at
http: / / YOURVANITY .zoom.us .
Inability to login:
- I can not log in using Google Chrome
- I can not log in using Firefox
- “Audit Failure” event of “Status: 0xc000035b” is displayed in the event viewer of the ADFS server
Extended protection needs to be turned off.
Chrome and Firefox do not support ADFS extended protection (IE supports it).
- Start IIS Manager .
- In the left panel, navigate to Sites > Default Web Site > ADFS > LS .
- Double-click the [ Authentication ] icon .
- [ Windows Authentication the] right-click and then.
- Select [ Advanced Settings ].
- Turn off [ Extended Protection ] .
Read it also –
|How To Enable Tls 1 2 On Adfs Windows Server 2012 R2|
|How To Configure Zoom Sso With Adfs|
|Administrator Set Zoom Room In Microsoft Exchange 2010|
|Administrator Set Zoom App With Onelogin|
|How To Set Zoom As Default For Google Calendar|
Frequently Asked Questions
Does zoom integrate with Active Directory?
With the AD Sync Tool, you are able to manage users between your Active Directory (AD) or LDAP Server and your Zoom account via a command line tool that can be installed on a Windows, Linux, or macOS system. As a result of this tool, when a change is made in your LDAP/AD system for any of the users in your Zoom account, Zoom will automatically manage them when the changes are made.
What is a Zoom administrator?
Zoom Rooms offer the owner the option of giving Zoom Rooms administration to all admins or to a few specific admins, depending on their need. Zoom Rooms admins with the ability to manage Zoom Rooms can use their Zoom login to select the specific Zoom Rooms (room picker) to be installed during installation, or they can log into the Zoom Room computer if the Zoom Room computer becomes unlogged until they login again.
How do I give administrator permission in Zoom?
In order to access the Zoom web portal, you will need to sign in as the account owner. Click on User Management in the navigation menu and then click Roles in the menu. Select the Add Role option from the menu. Then click on the Add Role button and provide the role with a name and description.
What is the difference between a Zoom owner and administrator?
In addition to having all privileges, the owner is also responsible for managing the roles. A user can be added, removed, or edited by an administrator. Manages advanced features such as APIs, single sign-on, and meeting connectors as well as manages advanced features. There are no administrative privileges available to members.
How do I get rid of administrator Zoom?
Sign into the Zoom web portal as an account owner or administrator in order to access the Zoom web portal. Click User Management in the navigation menu and then click Users in the left-hand menu. In the first column, click on the check boxes next to the names of the users you wish to delete, and then click the delete button. On the top of the table, click on Delete to delete the item.