Quick start guide for SSO in Zoom App

This post was most recently updated on July 23rd, 2022

Overview

It is possible to log on with your company credentials using a single sign-on system. It is possible to log in to Zoom with a single sign-on by means of SAML 2.0. In addition to Okta, Zoom also supports Centrify, Microsoft Active Directory, OneLogin, PingOne, Shibboleth, and other enterprise identity management platforms. By mapping attributes to features, Zoom can provision users to different groups.

In addition to its automatic user provisioning features, Zoom acts as a Service Provider (SP). Zoom does not require registration. After the Identity Provider (IdP) sends Zoom a SAML response, Zoom checks if the account already exists. Upon receiving a name ID, Zoom creates a user account for the user if none exists.

Prerequisites 

  • Account for business or education
  • That has been approved as a vanity URL

Note:

If an Associated Domain is not approved, the user will be prompted by an email to confirm their provisioning on the account. Any user under an approved domain will be provisioned without requiring an email confirmation.

Configuring SSO

Note:

For those of you who have not yet applied for a vanity URL, please get one by filling out your Account Profile page (https://yourcompany.zoom.us) and uploading it. After this has been approved, you will be able to set up SSO in Zoom after the approval has been received.

The first step is to configure your IDP so that we can receive the following information:

  • NameID can be linked to any unique identifier, for instance edupersonTargetedID, persistentID, or mailID
  • It is optional to provide email addresses (urn:oid:0.9.2342.19200300.100.1.3), social security numbers (urn:oid:2.5.4.4), and given names (urn:oid:2.5.4.42).

Next, go to https://zoom.us/account/sso and enter your SSO credentials. This can be seen from the example that has been attached.

  • Sign-in page URL: <SingleSignOnService>
  • Sign-out page URL: <SingleLogoutService>
  • Certificate: <X509Certificate> *Note: Remove the Begin Certificate and End Certificate”
  • Issuer: <ID of EntityDescriptor>
  • Binding: Choose http-post or http-redirect
  • Default user type: Basic or Pro

After the SP metadata XML file is configured, you can access it at the following URL: https://yourcompany.zoom.us/saml/metadata/sp

As soon as SSO is configured, users are able to log in using SSO.

Enabling or disabling automatic SSO certificate rotation

An administrator can control whether or not the SSO certificate is managed automatically. When a new certificate is available, Zoom will automatically update the certificate. Additionally, administrators can revert to an older certificate. A default setting is available.

We have updated our release notes for Web with information on new SSO certificates.

  1. Sign into Zoom’s web portal.
  2. Choose Advanced then Single Sign-On from the navigation menu.
  3. Select Edit in the upper-right corner.
  4. You can turn on or off Automatically manage the certificate in the section Service Provider (SP) Entity ID.