You may be able to set up Single Sign-On if you use G Suite / Google Apps, which will provide the ability to set up a default user type for SSO and SAML mapping with provisioning. In addition, we offer the Login with Google option, which does not require any additional configuration.
- Super administrator privileges within Google Admin for your domain
- Business or Education account with approved Vanity URL
- Admin or owner permissions in Zoom
The user will have to confirm their provisioning on the account through an email that will be sent to them without an approved Associated Domain. Any user falling under an approved domain will be provisioned without email confirmation.
SAML app configuration
- Navigate to Apps > SAML Apps under the dashboard of the Admin console. You might have to click More controls at the bottom of the dashboard to be able to see Apps on the dashboard.
- You can do this by clicking the plus (+) icon.
- Click on Zoom.
- It automatically fills in the fields for the Single Sign-On URL and the Entity ID URL in the Google IDP Information window.
- The Entity ID field value and the Single Sign-On URL field value are to be copied and downloaded, since they will be used later in the setup process.
- Click on Next.
- The https://endenumURL.com option will allow you to enter your ACS URL, Entity ID, and a URL to start at.
- ACS URL: https://vanityurl.zoom.us/saml/SSO
- Entity ID: https://vanityurl.zoom.us
- Start URL: leave blank
- Click Finish.
- You can access your Zoom account at https://zoom.us/account/sso by logging in
- And selecting the Basic SAML Configuration option
- Service Provider (SP) Entity ID:
- You can also use the Entity ID set in G Suite to match the URL given in https://vanityurl.zoom.us (Step 7 in the Within Google section).
- Sign-in page URL:
- Usually, the SSO URL can be found in the Google IDP information or when the meta data for the XML meta data includes *md:SingleSignOnService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect”.
- Identity provider certificate:
- You will need to copy and paste the details from the x.509 certificate that can be found on Google, into this box.
- It appears after entityID= in the XML meta data or in the Google idP information.
- The default value can be used.
- Sign SAML request:
- Check #10 from the Google section above (unless it was also checked in #11).
- Support encrypted assertions:
- Do not check this box.
- In this case, you should check if you want to force the logout after a specified period of time.
- Under Basic SAML Mapping, set:
- Default user type:
- This specifies what type of user should be added when a new user is created.
- (Optional) Email, Name, Etc. – Customize SAML Response Mapping:
- As long as you have the ability to map attributes from your Google mapping to Zoom users, you can configure them based on the Google mapping configuration.
Enable the Zoom app in Google
- Go to the Google Admin Console, and then click on Apps, and then select SAML apps. It may be necessary to click More controls at the bottom of the screen to see Apps on the Home page.
- To do so, click Zoom.
- Click Edit Service on the gray box to the right of the grey box.
- Using the options on the left-hand side of the service toggle, you can choose to turn on or off the service for everyone in your company, and then click on the Save button.
- You can turn on or off the service for everyone in an organizational unit by following the following steps:
- Select the organizational unit on the left-hand side.
- Check or uncheck the box.
- Keeping the service in place even when the parent organizational unit turns it on or off is as simple as clicking Override.
- Choose one of the following options:
- Uses the same settings as its parent.
- The new settings are saved (even if the parent settings change).
- Please ensure that the Zoom user IDs match the ones in your Google domain to make sure that your accounts are connected.
Post (vanity URL) 404 (not found): Confirm that the URL for ACS is correct. This should be something like this: https://vanityurl.zoom.us/saml/SSO
App not configured: Verify that Google and Zoom have the same Entity ID URL.
Metadata for issuer https://accounts.google.com/o/saml2?idpid=(unique idpid) wasn’t found (-1): Check that the metadata matches the issuer. However, there are some minor differences from the URL of the Sign-in page.
Other errors: Please confirm that the ACS URL should be http://vanityurl.zoom.us/saml/SSO followed by a capital S