Okta configuration with Zoom
Your company credentials can be used to log into your Zoom account with single sign-on. In order to enable users to connect directly to their Zoom accounts, Okta makes a connection with Zoom, the identity provider (IDP).
Using these instructions, you can manage users after you have configured your Okta account with Zoom.
Prerequisites for Okta configuration with Zoom
- Ownership or administrative privileges in Zoom
- account with approved vanity URL for business, education, or enterprise
- that supports single sign-on
- for Okta administrators
Users will need to confirm their provisioning on the account via an email automatically sent to them without an approved Associated Domain. For any users under an approved domain, provisioning will take place without email confirmation.
How to add the Zoom app
Zoom can be configured in two ways with Okta. If you want to automatically configure the Okta app for Zoom, you can use the pre-built Zoom app in the Okta Application Console, or you can set up a custom app in Okta.
Add the Zoom pre-built app to Okta
- Go to the OKTA Console and select Applications.
- Select the Add Application button.
- Type Zoom into the search box.
- Choose the application.
- You will then be taken to the General Settings page.
- This can be left as Zoom or renamed according to your preference.
- For example, if your vanity URL is https://mydomain.zoom.us, enter only mydomain as the subdomain.
- If you do not want your users to see this application, check the visibility options.
- Click Done.
Add the Zoom custom app to Okta
- Go to the Applications tab in the OKTA console.
- Select Add Application.
- Click Create New Application.
- Select Web as the platform.
- Choose SAML 2.0 as the sign-on method.
- Select Create. The General Settings page will appear.
- You can name the app anything that will identify it on the Okta side as the Zoom app. Just zoom.
- App logo: If you would like to upload the Zoom logo, you can do so here.
- (Optional) App visibility: If you don’t want to show your users the Zoom custom app, select these options.
- Continue. Click Configure SAML to continue.
- Sign in with a single URL: https://yourvanityurl.zoom.us/saml/SSO
- Use this for recipients’ and destinations’ URLs
- Uncheck the box to let the app request other SSO URLs
- Your vanity URL (SP Entity ID): https://yourvanityurl.zoom.us
- RelayState: Leave blank by default.
- The name ID format is EmailAddress.
- Enter the Okta user name.
- The Advanced Settings tab will open.
- Select Signed as the response.
- Select Unsigned as the assertion signature.
- Select the RSA-SHA256 signature algorithm.
- Choose SHA256 as the digest algorAssertion Encryption: Select either.ither. You must check the option for encrypted assertions on the Zoom side if you choose encrypted. Leave Unencrypted if unsure.
- Leave Single Signout unchecked.
- Select PasswordProtectedTransport for the authentication context.
- Select Yes for honor force authentication.
- Leave the SAML Issuer ID blank.
- The following attributes must be defined:
Name Name format Value email Unspecified user.email firstName Unspecified user.firstName lastName Unspecified user.lastName - Leave blank for group attributes.
- SAML Assertion Preview: You can click to view the SAML assertion.
- Click the Next button.
- A feedback screen will appear. If desired, enter your feedback here.
How to connect Zoom and Okta
In order to be able to communicate, Zoom and Okta need to build trust.
- Go to Applications in the OKTA Console.
- Select the Zoom application.
- On the Sign On screen, click the Sign In button.
- Review the Okta setup instructions for configuring SAML 2.0 for Zoom by clicking View Setup Instructions.
- Log in as an owner or as an admin to the Zoom web portal in a new browser window.
- Select Single Sign-On from the Advanced menu of the Zoom web portal.
- Turn it on.
- Click Edit in the SAML tab.
- From the instruction page in Okta, copy the following in the Zoom SSO page:
From Okta To Zoom Sign-in Page URL Sign-in Page URL box Sign-out Page URL Sign-out Page URL box Identity Provider Certificate Identity Provider Certificate box Issuer (IDP Entity ID) Issuer (IDP Entity ID) box - Iin the Binding section.
- Choose SHA-256 for the Signature Hash Algorithm.
- Choose the appropriate security and provisioning options.
- Then click Save Changes.