How to Set up advanced SAML mapping in Zoom

This post was most recently updated on July 29th, 2022

An account owner or administrator of an account can use Advanced SAML mapping in order to assign Zoom licenses, add-ons, IM groups or a role to users when a value is passed using SAML. You can create licenses for some users during sign-in, such as university faculty, and make those users Basic (non-licensed) users after sign-in, such as university students. By using advanced SAML mapping, you can also block users from accessing your Zoom account.

Upon their next login using Single Sign-On, new users or existing users with member or administrator privileges will benefit from advanced SAML mapping. Zoom account owners are not eligible for advanced SAML mapping.

Prerequisites for configuring advanced SAML mapping

  • Ownership or administration privileges on an account
  • For which SSO has been configured

How to set up advanced SAML mapping

Your identity provider (IDP) must be configured with the SAML attributes that correspond to the values in the SAML attributes. You can set up advanced SAML mapping in Zoom once these settings have been configured in your IDP.

  1. If you are the account owner or admin of your Zoom account, please sign into the Zoom web portal.
  2. On the left-hand side, navigate to Advanced and then Single Sign-On.
  3. After clicking SAML Response Mapping, the page will appear.
  4. Go to the Advance Information Mapping section of the page and follow the instructions.
  5. To designate an item based on a SAML value, click on the Add button next to the item that you wish to designate.
    • License Type:
    • Choose whether this user should have a Basic, Licensed (for accounts that use Licensed), On-Premise (for accounts using On-Premise), or None (which will prevent the user from accessing the Zoom account).
    • Add-on Plan:
    • You can also specify if the user should receive a premium plan, such as for Webinars, Large Meetings, or Concurrent Meetings. In order for them to be able to use an add-on plan, they will also need a license assigned to them.
      Note:
    • Currently we provide the option to assign or remove add-on plans. A change of add-ons, for instance from Webinar 500 to Webinar 1000, cannot be performed on the website when an admin is logged into the Users page.
    • Sign in to Sub Account (only available for the parent account):
    • It is important to specify whether or not this sub-account user can access the parent account’s vanity URL to login to this sub-account.
    • User Role:
    • The user must be an admin, a member, or a role that has been customized (in Roles Management).
    • User Group:
    • List the group to which the user belongs. Users can be grouped in order to limit certain features.
    • User Group Admin:
    • If this user belongs to a group, indicate if they are group admins.
    • Channel:
    • Create a special channel for each IDP group. As a channel administrator, you are prompted to assign an existing user to the channel when you create a new channel via SAML mapping.
    • Recording Location:
    • Choose the storage location for Communications Content.
    • Zoom Rooms Admin:
    • The user must specify if the user is a Zoom Rooms administrator for the location selected.
    • IM Group:
    • The user must indicate if they are a member of an IM group.
      Note:
    • If you are interested in instructions on how to deploy Zoom Chat for the first time, please see the Zoom Chat admin guide.
    • Zoom Phone Calling Plan:
    • You need to specify whether the user has a Zoom Phone license and whether they need a calling plan (for direct phone numbers or outbound calls).
      Note:
    • In order to assign calling plans to account owners, this attribute cannot be used. Before they can assign phone numbers via SAML mapping, the Zoom web portal user must manually assign the account owner a calling plan before they can use the Zoom web portal to assign calling plans.
    • Zoom Phone Site:
    • Specify if you would like to assign this user to a particular site.
  6. You need to enter the attribute of SAML, the value of SAML, and the result value. For example, if you want to specify different results for different groups of users, then you can add multiple SAML Attributes, and/or values, to your SAML Manifest.
    • SAML Attribute:
    • Make sure that you enter the name of the attribute as it is passed by the IDP.
    • SAML Value:
    • Your IDP will pass the value for each user or group of users across to your application.
      Note:
    • Capitalization does not matter. The values ABC and ABC, for example, will remain the same after the conversion.
    • Resulting Value:
    • Based on the SAML value provided, select how you would like to assign this user to Zoom.
  7. Adding more SAML mappings could be added by clicking on the Add button.
  8. Once the changes have been made, click Save.