Prerequisites for configuring Zoom with Azure
- admin or owner privileges
- An approved Vanity URL for a business or education account
- associated with an Azure AD subscription
- JSON Web Token (JWT) generation
Note: In the absence of an approved Associated Domain, users will need to confirm being provisioned on the account through an email which is automatically sentFor any user under an approved domain, provisioning will occur without email confirmation.ed domain.
How to add Zoom from the Azure Gallery
Note: In this article, screenshots were taken using the default Azure theme. Changing the theme will change how your Azure portal looks.
- Log in to the Azure portal.
- Navigate to the Azure Active Directory section.
- Select Enterprise Applications.
- Scroll to the bottom of the list.
- On the top of the window, click New Application.
- Search for Zoom in the Add from Gallery window.
- Click Zoom under Telecommunications.
- On the right, click Add.
How to configure Single Sign-On with Azure
- On the Zoom application page of the Azure portal, click Single sign-on.
- Then choose SAML as the single sign-on method.
- Edit Basic SAML Configuration by clicking the edit icon.
- Complete the fields as follows:
- Your vanity URL should not contain https:// for the Identifier (Entity ID).
- For Reply URL, enter https://yourvanityurl.zoom.us/saml/SSO
- Enter your Vanity URL followed by https:// as your Sign On URL.
- For example. www.yourvanityurl.zoom.us.
- Save the file.
- Click the pencil icon in the UserAttributes section to view the claims that are being passed by Azure.
- To download the Certificate (Base 64), click Download next to SAML Signing Certificate.
Note: Check that the certificate’s status is active. If it is listed as inactive, click the Edit button, and click Make certificate active.
- Click Save at the top.
- Zoom in by scrolling
Note: If you didn’t download your Azure AD Signing Certificate after step 7, click View step-by-step instructions, to access the quick reference guide, and to access the quick reference guide.
- Log in to the Zoom web portal in a new browser tab or window.
- Open the SSO page.
- In Zoom, paste the Azure AD Single Sign-On Service URL into the Sign-in page URL field.
- Use a text editor to view the downloaded certificate. Copies the portion between —-BEGIN CERTIFICATE—– and —-END CERTIFICATE—– and pastes it into the Identity provider certificate field in Zoom.
- You should select the version of your vanity URL without https for Service Provider (SP) Entity ID. zoom.us/yourvanityurl.
- The Azure AD Identifier should be pasted into the Issuer (IDP Entity ID) field in Zoom.
- Select All Services from the left-hand side of Azure.
- Select App Registrations from the list.
- Endpoints can be selected.
- In Zoom, copy the SAML-P Sign-out Endpoint and paste it into the Sign-out page URL.
- Set the Binding to HTTP-Post in Zoom.
- Then click Save Changes.
How to assign Azure users and groups to Zoom
- In the Azure portal, click Azure Active Directory.
- Click Enterprise Applications.
- Click All Applications.
- Click Zoom.
- Click Users and groups
- Click Add user.
- Click Users and groups.
- You can add users and groups by searching for them.
- A check mark appears next to their name when you click on it.
- Click Select.
- Click Select Role.
- If you would like to designate a role type in Azure, select it. Zoom will not receive this information. Role types will be determined by SAML Mapping in Zoom. The role type can also be passed to Zoom through group mapping.
- Click Selected.
- Click Assign.
How to set up Group Mapping (Optional)
You can add Zoom to Azure user roles by following these steps. For instructions on assigning user roles, refer to the previous section.
- In the Azure portal, click Azure Active Directory, then click App registrations.
- In the drop-down menu, select All apps.
- Click Edit manifest on Zoom in the apps list.
- You should change the value from null to “Security Group” for the property “group Membership Claims”. Zoom can then take advantage of this property.
Note: Be aware that case matters.
- Save your work.
- Click Azure Active Directory followed by Groups on the main menu.
- Copy the Object ID from the group for which you want to create the mapping.
- Zoom’s web portal allows you to configure Single Sign-On.
- To do so, click SAML Response Mapping.
- Click Edit then Add under SAML Advanced Information Mapping.
- Provide the information below:
- Enter the SAML attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/groups. For those who cannot use the above attributes, try http://schemas.microsoft.com/ws/2008/06/identity/claims/groups.
- Copy the Object ID from step 7 and paste it here.
- Value: Select the type of user expected for the group.
- Perform steps 10 and 11 again to map additional groups according to the types of users.
Mapping Basic Information
- Log in to the Zoom web portal and access the Single Sign-On Configuration page.
- Then click SAML Response Mapping.
- Basic SAML Information Mapping is covered in the first section of this page.
- Delete the Value Attribute and add the Source Attribute listed below.
How to set up Auto Provisioning in Azure AD
With auto-provisioning, Zoom users can be managed from Azure. Users who are added to Azure and/or assigned the Zoom app will be provisioned in Zoom automatically. Upon assigning or deactivating the user in Azure, Zoom will also deactivate them.
- You need to sign into the Azure portal.
- Go to the left panel and click Azure Active Directory.
- Please click Enterprise Applications
- Zoom in by clicking.
- Then click Provisioning.
Under Admin Credentials, enter the following information:
- Enter the following URL for the Tenant: https://api.zoom.us/scim
- To generate a Secret Token, use your Zoom Marketplace key and secret to create a JSON Web Token (JWT).
Note: The JWT must be generated by you. Zoom does not provide this service.
- Check that Azure is able to connect to Zoom via API by clicking Test Connection.
- Leave the Default Mapping as below:
- Provisioning status should be set to On.
- You can choose which scope to use.
- Save your work.