Okta

How to Configure SAML 2.0 for Zoom

Contents


Supported Features

The Okta/Zoom SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Log into your Zoom account.

  2. Go to Advanced > Single Sign-On, then click Enable Single Sign-On:

    zoom_newa.png

  3. Enter the following:

    • Sign-in Page URL:

      Sign in to the Okta Admin app to have this variable generated for you.
    • Sign-out Page URL:

      Sign in to the Okta Admin app to have this variable generated for you.
    • Identity provider certificate:

      Sign into the Okta Admin Dashboard to generate this variable.
    • Service Provider (SP) Entity ID: Select a URN-based entity ID for a Service Provider(SP):

      [your-subdomain].zoom.us

    • Issuer (IDP Entity ID):

      Sign in to the Okta Admin app to have this variable generated for you.
    • Binding: Select HTTP-Redirect.

    • Signature Hash Algorithm: Select SHA-256.

    • Click Save Changes:

    • Enter SAML config values

  4. Select the SAML Response Mapping tab:

    zoom_new_1.png

  5. Click Edit for the following attributes and use the following corresponding values:

      Display Name Variable Name
      Phone number phoneNumber
      Department department
  6. Click Save Changes after entering the correct mapping. For Example:

    zoom_new_2.png

  7. Optional: Group Attribute Steps:

    1. To send group attributes (UserGroup, IMGroup) as a part of SAML assertion, in Okta select the Sign On tab for the Zoom SAML app, then click Edit.

      • Select the appropriate filter from the drop-down menus, then type the preferred value into the field.

      • Click Save

        Note: To send all groups a user is assigned to, select Regex and type .* (dot and asterix):

      • zoom_new_a.png

    2. Go back to the Single Sign-On in Zoom and select the SAML Response Mapping tab:

      zoom_new_b.png

    3. Scroll down to either SAML Advanced Information Mapping or SAML Auto Mapping (whichever is more appropriate for you).

      1. SAML Advanced Information Mapping:

        • Click Add for User Group:

          • SAML Attribute: Enter UserGroup. (This group attribute is passed by Okta.)

          • SAML Value: Enter the appropriate group for UserGroup.

          • Resulting Value: select the Group that will be assigned to a user in Zoom.

            For example: In the screenshot below, the SAML value is User_Group_Test and the Resulting Value is User_Group_Test. This means that a user will be added to the User_Group_Test group in Zoom.

            zoom_new_c.png

          • You can add multiple User Groups by clicking Add. Once you have completed, click Save Changes.

        • Click Add for IM Group:

          • SAML Attribute: Enter IMGroup. (This group attribute is passed by Okta.)

          • SAML Value: Enter the appropriate group for IM Group.

          • Resulting Value: Select the IM Group that will be assigned to a user in Zoom.

            For example: In the screenshot below, the SAML value is IMGroup_Test and the Resulting Value is IMGroup_Test. This means that a user will be added to the IMGroup_Test group in Zoom:

            zoom_new_d.png

          • You can add multiple IM Groups by clicking Add. Once you have completed, click Save Changes:

        • After you complete the steps above, you should see a similar list this:

          zoom_new_e.png

      2. SAML Auto Mapping:

        • Click Map to SAML Attribute for User Group:

          • SAML Attribute: Enter UserGroup. (This group attribute is passed by Okta.)

          • Click Save Changes:

            zoom_new_f.png

        • Click Map to SAML Attribute for IM Group:

          • SAML Attribute: Enter IMGroup. (This group attribute is passed by Okta.)

          • Click Save Changes:

            zoom_new_g.png

        • After you complete the steps above, you should see a similar list this:

          zoom_new_h.png

  8. Done!


Notes

SP-initiated SSO

  1. Go to: https://[your-subdomain].zoom.us.

  2. Click SIGN IN:

  3. go to: https://[your-subdomain].zoom.us, click SIGN IN


Custom Attributes

OPTIONAL

By default Okta only sends 2 SAML attributes in the SAML assertion: firstname and lastname. To send custom attributes (User Type, Add-on Plan, User Role), follow the steps below:

  1. In Okta, navigate to Directory > Profile Editor:

    zoom_newd.png

  2. Search for your Zoom app, then click Profile:

    zoom_newe.png

  3. Click Add Attribute, then add any of the custom attributes:

      Display Name Variable Name
      userType userType
      addonPlan addonPlan
      userRole userRole

    Note: If SCIM is enabled or will be enabled for this integration, only add the addonPlan and userRole attributes, as the userType attribute is automatically added once SCIM is set up.

    zoom_newf.png

  4. Scope: If you check User personal, the current attribute will be available once you assign a single user to the Zoom app and will not be available once you assign a group to the Zoom app. For example, in the following screenshot, the User personal Scope was applied to the addonPlan attribute:

    zoom_newg.png

  5. Once you have completed the steps above, you should see a similar list to what is shown below, depending on what optional attributes you added:

    zoom_newh.png

  6. Go back to your SAML configuration in Zoom and select the SAML response Mapping tab.

    Note: For more information, refer to Advanced SAML Mapping.

    zoom_newi.png

  7. Go to SAML Advanced Information Mapping and do the following:

    1. Click Add for UserType:

      • SAML Attribute: Enter userType. (This attribute is being passed by Okta.)

      • SAML Value: Enter the appropriate value for User Type.

      • Resulting Value: Select Basic, Pro, Corp, or None.

      • For example: In the screenshot below, the SAML value is basic and the Resulting Value is Basic. This means that a user should receive the Basic User Type.

        zoom_newj.png

      • You can add multiple User Types by clicking Add. Once you have completed, click Save Changes.

    2. Click Add for Add-on Plan:

      • SAML Attribute: Enter addonPlan. (This attribute is being passed by Okta.)

      • SAML Value: Enter the appropriate value for Add-on Plan.

      • Resulting Value: Select Webinar or Large Meeting License.

      • For example: In the screenshot below, the SAML value is webinar and the Resulting Value is Webinar 500. This means that a user should receive the Webinar Add-on Plan.

        zoom_newk.png

      • You can add multiple Add-on Plans by clicking Add. Once you have completed, click Save Changes.

    3. Click Add for User Role:

      • SAML Attribute: Enter userRole. (This attribute is being passed by Okta.)

      • SAML Value: Enter the appropriate value for User Role.

      • Resulting Value: Select admin, member, or a customized role (for more information see: Role Management).

      • For example: In the screenshot below, the SAML value is member and the Resulting Value is Member. This means that a user should receive the Member Add-on Plan.

        zoom_newl.png

      • You can add multiple User Roles by clicking Add. Once you have completed, click Save Changes.

  8. After you complete the steps above, you should see a similar list this:

    zoom_newm.png

  9. Now you can assign users to the Zoom SAML app with the appropriate attributes values.

    Note: Make sure that the values for the attributes you specified in Okta are the same as the ones you’ve set in the SAML Advanced Information Mapping window in Zoom.

    zoom_newn.png

  10. Done!