How to Configure Zoom with Azure
Zoom has a single sign-on (SSO) integration with Azure that allows you to login to your Zoom account using the credentials that are associated with your Company’s Azure account. A Zoom license can be assigned to a user in Azure based on the group they belong to.
The following topics are covered in this article:
- How to add Zoom from the Azure Gallery
- How to configure Single Sign-On with Azure
- How to assign Azure Users and Groups to Zoom
- How to set up Group Mapping (Optional)
- Mapping Basic Information
- How to set up Auto Provisioning in Azure AD
Contents
Prerequisites for configuring Zoom with Azure
- An owner or administrator of Zoom must have the following privileges:
- An approved vanity URL for a business or education account
- Subscription to Azure Active Directory
- The ability to create a JSON Web Token (JWT) from a JSON document
Note: If the Associated Domain is not approved, the user will be contacted automatically via email to confirm that they want to be provisioned onto their account, due to the lack of an approved Associated Domain. For any users that fall under an approved domain, provisioning will take place without an email confirmation being sent to the user.
How to add Zoom from the Azure Gallery
Note :
Throughout this article, screenshots were taken with the default Azure theme in order to illustrate how this works. If you change the theme of your Azure portal, you will notice that it looks slightly different.
- Enter the Azure portal and sign in to your account.
- On the left side of the screen, click Azure Active Directory.
- You will be able to access Enterprise Applications by clicking on this link.
- Select All Applications from the menu.
- On the top of the window, you will find a button that says New Application.
- You need to search for Zoom in the window where you are asked to add something from the gallery.
- In the Telecommunications category, click on Zoom to find out more about it.
- On the right-hand side, there is a button that says Add.
How to configure Single Sign-On with Azure
- The Zoom application page in the Azure portal can be accessed by clicking Single sign-on from the Zoom application page.
- You will be able to select SAML as a single sign-on method under Select a single sign-on method.
- You will be able to edit the Basic SAML Configuration by clicking the edit icon.
- Here are the fields you need to fill out:
- You should enter your vanity URL without the https:// prefix for the Identifier (Entity ID).
Eg. yourvanityurl.zoom.us
- For Reply URL, enter https://yourvanityurl.zoom.us/saml/SSO
- You should enter https:// followed by your vanity URL as the sign-on URL.
Eg. https://yourvanityurl.zoom.us
- You should enter your vanity URL without the https:// prefix for the Identifier (Entity ID).
- Save the changes by clicking on the Save button.
- Click the pencil icon in the User Attributes section to view the claims that Azure is passing.
- If you do not have a computer, click the Download button next to the SAML Signing Certificate that you wish to download and save it to your computer.
Note: - Ensure that the status of the certificate is active by checking the status of the certificate. The certificate may be listed as inactive, so click Edit, then click Make certificate active if it is listed as inactive.
- At the top of the page, click the Save button..
- The Zoom settings can be accessed by scrolling down the page
Note : - As an alternative, should you have not downloaded your Azure AD Signing Certificate in step 7, you can also choose to view step-by-step instructions and access the quick reference guide.
- Log into the Zoom web portal in a new tab or window by opening a new browser tab.
- Select ‘Single Sign-On’ from the menu and you will be redirected to the page.
- I have copied the link to the Azure AD Single Sign-On Service and pasted it into the Sign-in page URL field in Zoom by copying it from Azure AD.
- It is recommended that you open your certificate in a text editor once you have downloaded it in Step 5. The portion between —–BEGIN CERTIFICATE—– and —-END CERTIFICATE—– should be copied and pasted into the Identity provider certificate field in Zoom, which can be found on the right side of the window.
- For your Service Provider (SP) Entity ID, you should select the version of your vanity URL that does not include https, for instance. yourvanityurl.zoom.us
- The Azure AD Identifier for your organization can be obtained from Azure and pasted into Zoom’s Issuer field (IDP Entity ID) once copied.
- On the left-hand side of Azure, click on the All Services tab.
- Click on the App registrations tab and search for the app you wish to register for.
- Click Endpoints.
- The SAML-P Sign-out Endpoint needs to be copied and pasted into the URL of the Sign-out page in Zoom once it is copied.
- For the Binding, make sure that HTTP-Post is selected in Zoom.
- Save the changes by clicking the Save Changes button.
How to assign Azure users and groups to Zoom
- Click on Azure Active Directory in the Azure portal.
- Choose Enterprise Applications from the drop-down menu.
- Click All Applications.
- Click Zoom.
- Click Users and groups
- Click Add user.
- Click Users and groups.
- Find the user or group you wish to add by searching for it in the search bar.
- The name of the file will appear with a check mark next to it when you click it.
- Click Select.
- Click Select Role.
- If you wish to designate a role type in Azure, you will need to select the appropriate one. It is important to note that Zoom will not receive this information. Depending on how the SAML mappings are set up in Zoom, the role type will be set up accordingly. Alternately, you can use group mapping to make sure that the role type is sent to Zoom when you set up group mapping.
- Select the option that you would like to use.
- Click Assign.
How to set up Group Mapping (Optional)
If you would like to add Zoom to your Azure user role, please follow the steps below. The instructions for assigning a role to a user can be found in the previous section.
- The Azure portal should be opened and the Azure Active Directory should be clicked, then the App registrations should be clicked.
- Using the drop-down menu, select All apps from the list.
- You can edit the manifest of Zoom by selecting it in the app list and clicking on the Manifest button.
- You need to change the value of the property “groupMembershipClaims” from null to “SecurityGroup” by finding the property and editing it. As a result, Zoom will be able to receive the group claim.
Note: There is a case-sensitive difference between the values. - Save the file by clicking the Save button.
- Click Azure Active Directory and then click Groups from the main menu to return to the main menu.
- You will need to select the group that you wish to map for and make a note of the Object ID in case you need to use it in the future.
- In the Zoom web portal, you must log into your Single Sign-On Configuration page in order to configure your SSO.
- Click on the SAML Response Mapping tab on the left side of the screen.
- You need to click Edit then Add in the section SAML Advanced Information Mapping in order to add a mapping.
- Enter the following information:
- SAML Attribute: Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/groups. If the above attributes don’t work, use http://schemas.microsoft.com/ws/2008/06/identity/claims/groups.
- SAML Value: You will need to paste the Object ID you obtained in step 7.
- Resulting Value: Specify the type of user that should be assigned to the group members.
- The same process can be repeated for each type of user by repeating steps 10 and 11.
Mapping Basic Information
- In the Zoom web portal, you can access the Single Sign-On Configuration page to configure your single sign-on.
- Select SAML Response Mapping from the drop-down menu.
- Here we will cover some basic information about SAML Information Mapping in the first part of this page.
- The Source Attribute should always be added to the corresponding value and should be listed below.
Name Source Attribute Email Address http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname Last Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname Phone Number http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone Department http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department
How to set up Auto Provisioning in Azure AD
Using auto-provisioning, zoom users can be managed from Azure directly within Zoom. When an Azure user is added to the Zoom App and/or assigned the Zoom app, the user will be provisioned in Zoom automatically as soon as they are added. There is a possibility that the user will be deactivated in Zoom if they are unassigned or deactivated in Azure.
- To access the Azure portal, you will need to sign in.
- On the left side of the screen, click Azure Active Directory.
- Choose Enterprise Applications on the left side of the screen.
- You can zoom your view by clicking the Zoom button.
- Select Provisioning from the drop-down menu.
- Under Admin Credentials, you will need to fill in the following fields:
- The Tenant URL should be entered as follows: https://api.zoom.us/scim as the tenant URL
- It is necessary to generate a JSON Web Token (JWT) based on both the key and secret for Zoom Marketplace in order to generate the Secret Token.
Note: The JWT has to be created in a way that is unique to you. At the moment, Zoom does not offer such a feature.
- Click Test Connection, to confirm that Azure is able to connect to Zoom via API. P
- Leave the Default Mapping as below:
- Set Provisioning Status to On.
- Choose Scope.
- Click Save.
Frequently Asked Questions
Is Zoom hosted on Azure?
As part of our global data center network, which we manage, we utilize services such as AWS, Oracle cloud infrastructure, and Azure, as well as services such as our global network of co-location data centers.”
How do I configure Zoom SSO with Azure AD?
Azure Single Sign-On configuration guide: How to configure it
-
The Zoom application page is located in the Azure portal by clicking the Single sign-on tab.
-
Choose SAML as the method you would like to use for single sign-on.
-
In the Basic SAML Configuration section, click on the edit icon.
-
Then click the Save button.
Does Zoom use Azure or AWS?
It has been announced that (NASDAQ: ZM) has chosen Amazon Web Services as its preferred cloud provider.
Is Azure AD same as SSO?
When a user is using a corporate device connected to your corporate network, Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs them in when they are on a corporate device. It is possible for users to sign in to Azure AD without having to type in their passwords, or even their usernames, when the feature is enabled.