Administrator- SSO (single sign on) setting for Zoom App

With SSO (single sign on)

You can log in to Zoom using your company credentials.

Zoom Single Sign-On (SSO) is based on SAML 2.0.

Zoom acts as a service provider (SP) and offers automatic user provisioning.

It is not necessary to register as a user with Zoom, but when a SAML response is received from an identity provider (IdP), it checks if the user exists.

If the user does not exist

Zoom automatically creates a user account using the received name ID.

Available with the following service providers

  • PingOne
  • Okta
  • Azure
  • Centrify
  • Shibboleth
  • Gluu
  • G Suite / Google Apps
  • OneLogin

In addition, ADFS 2.0 will be available with the implementation using SAML.

Necessary requirements before setting

  • Business or Education account
  • Vanity URL it is approved
    Note : If you do not have an approved vanity URL
    vanity URL  (example: Https: // Yourcompany .Zoom.Us) the account profile , please apply at the page. Only after this application is approved, you can configure SSO on the Zoom side.

SSO setting method

  1. After setting up your IdP, please send the following to Zoom
  • A unique distinguished name linked to a nameID such as edupersonTargetedID , persistentID , or  email
  • (Optional) Available attributes are Mail (urn: oid: 0.9. 2342. 9200300. 100.1.3), sn (urn: oid: 2.5. 4.4), and givenName (urn: oid: 2.5. 4. 42).
  1. Next,  enter SSO information at

Please refer to the attached example from idP xml metadata.

  • Sign In Page URL: <SingleSignOnService>
  • Signout Page URL: <SingleLogoutService>
  • Certificate: <X509Certificate> * Note : Delete ” Begin Certificate and End Certificate “.
  • Publisher: <ID of EntityDescriptor>
  • Combine: select HTTP-POST or HTTP-REDIRECT
  • Default User Type: Basic or Pro
  1. Finally, after configuration, you can get SP metadata XML file from the following.
    https: // / saml / metadata / sp

Confirmation items after setting

  • To start SSO,
    SSO users need to use a browser to access https: // yourcompany and
    log in.
  • When logging in from the desktop or mobile client, you
    need to enter the domain name of the vanity URL in SSO login.