How to Set up basic SAML mapping in Zoom App

When using a SSO solution such as Zoom via SAML mapping, the default License Type can be set for each user. Also available are mappings for specific SAML attributes, such as phone number, first name, last name, pronouns, and department, which are sent by your Identity Provider. In this way, the identity provider can automatically pass this information. Unless mapped to an Employee Unique ID, Zoom will only map an email address at first login. First name and last name are automatically mapped to Zoom, but you can choose to have them updated at every SSO login. Each field is mapped separately at each login.

By relying on the attribute values passed, you can also assign a user add-ons, roles, or groups.

Prerequisites for setting up basic SAML mapping

  • In Zoom, you can be an owner or an admin
  • If SSO is configured

How to set up basic SAML mapping

SAML must be configured on your Identity Provider (IdP) in order for it to be functional, meaning that you must configure the parameters that go with SAML attributes and the values they entail. You will be able to configure the SAML mappings in Zoom as soon as possible after you have configured SAML mappings in your Identity Provider.

  1. Upon logging in, you will be able to access Zoom’s web portal.
  2. At the top of the page, click Single Sign-On, then Advanced.
  3. Click Save after selecting the SAML Response Mapping.
    The SAML specification includes the following attributes in the Basic Information Mapping section:
  • Default License Type:
  • By clicking on Edit next to the license type field, you can change the default license type. When a user selects None, they will not be able to access Zoom since by default, no account is created for the user and they will not be able to log in. It’s possible to grant access to Zoom to certain users by using SAML mapping technology, while denying access to other users. Furthermore, you can also make use of advanced mappings based on SAML, which would allow you to assign certain users a specific type based on the attributes that have been passed through.

You need to map all other fields to SAML attributes and enter their values, as they are passed by your identity provider when you click Map to SAML Attribute.

  • Email Address:
  • It is the email address of the user associated with their profile, and it is the email address that they will use when logging in to the IDP. Upon first login, this will be mapped to a unique identification code. Zoom uses this code to identify the current user.
  • First Name
  • Last Name
  • Display Name:
  • Typically used as a nickname or preferred name, rather than the actual name of the person.
  • Pronouns:
    • Zoom’s desktop client and mobile app displays users’ pronouns in their profile cards, if pronouns are enabled at the account level. During meetings and webinars, users will have the option of sharing their pronouns. Version 5.7.0 or higher is required for this feature.
    • Make sure this field cannot be updated by users:
    • Make sure that your IDP provides your users with their pronouns and prevents them from changing them.
  • Phone number:
  • Each user’s phone number. Each user is able to add up to three external phone numbers to their profiles through the customization process. Zoom Phone users are not able to use this number if they have Zoom Phone. Adding numbers with labels can be done by clicking on the Add Numbers with Labels option.
  • Company
  • Job Title
  • Location
  • Profile Picture
  • Personal Link Name:
  • The alias for the meeting URL that is used by each user for personal meetings. For example, you can go to https://mycompany.zoom.us/my/grant in order to make a grant request.
  • Department
  • Manager
    Note:
  • Zoom needs to enable this feature for your account in order for you to use it. Once you contact support, please expect the feature to be enabled in a maximum of 3 business days.
  • Cost Center
  • Zoom Phone Ext Number:
  • Zoom Phone users can call this extension number. There are some reserved extension numbers.
  • Zoom Phone Number:
  • Zoom Phone users are able to call this number directly. Direct numbers can only be obtained by Zoom Phone users who have a Zoom Phone calling plan. Advanced SAML Mapping allows you to specify what kind of plan you want.
    Note:
  • In order to assign a direct number to a user, the user must have a calling plan assigned.
  • Employee Unique ID:
  • This is the unique ID assigned to each employee. It can be used to simplify the process of changing an employee’s email address. It is recommended that you use *NameID> instead of your unique ID if it appears in the NameID element.
    Notes:

    • After users have logged in with SSO, their unique employee ID will replace their Email address as their unique identifier.
    • The Associated Domain must be approved before you can configure this SAML attribute.

If you want to edit or remove a value after entering it, click Edit or Clear.