Quick start guide for SSO in zoom App
Overview
Logging in with a single sign-on allows you to use your company credentials. SAML 2.0 is the standard used by Zoom SSO. In addition to Okta, Zoom also supports other enterprise identity management platforms such as Centrify, Microsoft Active Directory, Gluu, OneLogin, PingOne, Shibboleth, and many others. In Zoom, users can be provisioned to different groups based on attributes.
ZOOM provides automatic user provisioning as a Service Provider (SP). You do not need to register for a Zoom account. Upon receiving a SAML response from the Identity Provider (IdP), Zoom checks if the user exists. In the event that the user account does not exist, Zoom will automatically create it based on the received name ID.
Prerequisites
- A business account or an education account
- that has been approved for vanity URLs
Users will need to confirm their provisioning on the account via an email automatically sent to them without an approved Associated Domain. A user falling under an approved domain will be provisioned without email confirmation.
Configuring SSO
You can apply for a vanity URL (such as https://yourcompany.zoom.us) on your Account Profile page if you do not already have one. Before you are able to configure SSO on Zoom, this will need to be approved.
Set up your IdP so we receive the following information
- edupersonTargetedID, persistentID, and mailID are all unique identifiers associated with nameID
- The attributes that can be accepted are email (urn:oid:0.9.2342.19200300.100.1.3), sn (urn:oid:2.5.4.4), and givenName (urn:oid:2.5.4.42).
Second, enter your SSO details at https://zoom.us/account/sso. You can see an example of your idP xml metadata in the attached file.
- URL of the sign-in page: *SingleSignOnService
- URL of the sign-out page: *SingleLogoutService
- *X509Certificate> *Note: Remove the Beginning Certificate and End Certificate”
- EntityDescriptor: *ID of Issuer>
- Type: http-post or http-redirect
- Basic or Pro as the default user type
After your SP metadata XML file is configured, you can download it from: https://yourcompany.zoom.us/saml/metadata/sp
Users can sign in using SSO once it is configured.
Enabling or disabling automatic SSO certificate rotation
SSO certificate management can be automatically enabled or disabled by admins. New certificates are automatically installed by Zoom when they become available. Administrators can also roll back to a previous certificate. Default settings enable this option.
Check out our release notes for Web for updates on new SSO certificates.
- Log into Zoom’s web portal.
- Select Single Sign-On from the navigation menu.
- In the top-right corner, click Edit.
- Check or uncheck Automatically manage the certificate in the Service Provider (SP) Entity ID section.