Setting up advanced SAML mapping in zoom App

Using advanced SAML mapping, account owners and admins can designate Zoom licenses, add-ons, user roles, groups, or IM groups based on a value passed using SAML. Certain users, such as university faculty, can receive a license during sign-in, while other users, such as university students, will become Basic (non-licensed) users after they sign in. Using advanced SAML mapping, you can also deny users access to your Zoom account.

SAML advanced mapping affects new users as well as existing users with admin or member privileges upon their next login. An account owner cannot use advanced SAML mapping.

How to set up advanced SAML mapping

SAML attributes and values must be configured in your identity provider (IdP). After you configure them in your IdP, you can configure advanced SAML mapping in Zoom.

1. Log in as an account owner or administrator to the Zoom web portal.
2. Under Advanced, click Single Sign-On.
3. Then click SAML Response Mapping.
4. Next, scroll down to the Advanced Information Mapping section for SAML.
5. Select the item that you want to designate based on the SAML value and click Add.
   • License Type: Select whether this user will receive a Basic, Licensed, On-Premise (for accounts using On-Premise), or None, which will deny the user access to your Zoom account.
   • Add-on Plan: Select if this user should receive an add-on plan, such as a Webinar, Large Meeting, or Concurrent Meeting license. To use an add-on plan, they must also have a License assigned to them.
     Currently, only add-on plans can be assigned or removed. Add-ons cannot be changed, for example, from Webinar 500 to Webinar 1000, and must be done manually on the Users page by an admin.
   • User can sign in the sub-account using the parent account’s vanity URL (only available for the parent account): Choose whether this user can sign in the sub-account using the parent account’s vanity URL.
   • Role: Select whether the user is an admin, member, or has a customized role (set up in Role Management).
   • Specify whether this user belongs to a group. Access to features and permissions can be restricted by groups.
   • Group Admin: Indicate whether this user is a group administrator for the selected group.
   • Channel: Assign channels to specific IdP groups. As soon as you create a new channel through SAML mapping, you are prompted to assign an existing user as the channelStorage Location: Specify the location in which Communications Content should be stored.ocation.
   • Zoom Rooms Admin: Specify if this user is a Zoom Rooms admin for the selected location.
   • IM Group: Specify if this user is added to an IM group.
     Note: See the Zoom Chat admin guide for instructions on deploying chat for the first time.
   • Zoom Phone Calling Plan: Specify if this user has a Zoom Phone license and requires a calling plan (for outbound calling or direct phone numbers).
   • Zoom Phone Site: Specify if this user should be assigned to a site.
6. Input the SAML Attribute, SAML Value, and Resulting Value. If you would like to specify different results for different groups of users, you can add multiple SAML Attributes and/or values.
   • Attribute Name: Enter the attribute name that is being passed by your IdP.
   • SAML Value: This is the value being passed by your IdP to this user or group of users.
     It does not matter what the case is. It is the same if ABC or abc is passed.
   • Assign this user based on the SAML value in Zoom.
7. Click Add to add additional SAML mappings.
8. Then click Save.