Note: As our world comes together to slow the spread of COVID-19 pandemic, the Zoom Support Center has continued to operate 24x7 globally to support you. Please see the updated Support Guidelines during these unprecedented times.

Important: Starting September 27, Zoom will require that all meetings have a Passcode or a Waiting Room enabled for accounts with a single licensed user, Pro accounts with 2 or more licenses, and Business accounts with 10-100 licenses. For further information, please reference our Frequently Asked Questions.



Configuring Zoom with G Suite / Google Apps Follow

Overview

If your organization users G Suite / Google Apps, you can set up Single Sign-On, which will allow you to set up a default user type for SSO and SAML mapping with provisioning. We also offer a Login with Google option, which requires no additional configuration. 

This article covers:

Prerequisites

  • Super administrator privileges within Google Admin for your domain
  • Vanity URL set up for your Zoom account (requires Business or Education acct)
  • Admin or owner permissions in Zoom

SAML app configuration

Within Google

  1. From the Admin console dashboard, go to Apps > SAML Apps. To see Apps on the dashboard, you might have to click More controls at the bottom.
    Screen_Shot_2017-08-25_at_10.16.50_AM.png
  2. Click the plus (+) icon at the bottom right.
  3. Click Zoom.
  4. The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate.
  5. Copy the Entity ID and the Single Sign-On URL field values and download the Certificate, as they will be used later in the setup. 
    Screen_Shot_2017-08-25_at_10.23.41_AM.png
  6. Click Next.
  7. In the Service Provider Details window, add an ACS URL, an Entity ID, and a start URL.
    • ACS URL: https://vanityurl.zoom.us/saml/SSO
    • Entity ID: https://vanityurl.zoom.us
    • Start URL: leave blank
      Screen_Shot_2017-08-25_at_10.26.57_AM.png
  8. Click Finish.

Within Zoom

  1. Login to your Zoom account at https://zoom.us/account/sso
  2. Under Basic SAML Configuration
    Screen_Shot_2017-08-25_at_10.30.16_AM.png
    • Service Provider (SP) Entity ID: Select https://vanityurl.zoom.us or match the Entity ID set in G Suite (step 7 in the Within Google section).
    • Sign-in page URL: This is the SSO URL from the Google idP information or it appears after <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect in the XML meta data.
    • Identity provider certificate: Copy and paste the information from the x.509 certificate downloaded from Google, here. 
    • Issuer: This is the Entity ID from the Google idP information or it appears after entityID= in the XML meta data.
    • Binding: can be left as default.
    • Sign SAML request: Leave unchecked (unless checked in #11 from the Google section above).
    • Support encrypted assertions: Leave unchecked.
    • Security: Check if you want to force logout after a certain number of days.
  3. Under Basic SAML Mapping, set:
    • Default user type: Select what user type you want new users to be added as.
    • (Optional) Email, Name, Etc. - Customize SAML Response Mapping: If you set up Custom Mapping in Google, you can map attributes to configure Zoom users based on the Google mapping.

Enable the Zoom app in Google

  1. From the Admin console in Google, go to Apps and then SAML apps. To see Apps on the Home page, you might have to click More controls at the bottom.
  2. Click Zoom.
  3. At the top right of the gray box, click Edit Service:
    • To turn on or off service for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
    • To turn on or off service only for users in an organizational unit:
      1. On the left, select the organizational unit.
      2. Select On or Off.
      3. To keep the service turned on or off even when the service is turned on or off for the parent organizational unit, click Override.
      4. If the organization's status is already Overridden, choose an option:
        • Inherit—Reverts to the same setting as its parent.
        • Save—Saves your new setting (even if the parent setting changes).
  4. Ensure that your Zoom user account email IDs match those in your Google domain.

Common errors

Post (vanity URL) 404 (not found): Confirm that ACS URL is set correctly. It should be like https://vanityurl.zoom.us/saml/SSO

App not configured: Confirm Entity ID URL in Google and Zoom match.

Metadata for issuer https://accounts.google.com/o/saml2?idpid=(unique idpid) wasn't found (-1): Confirm that the Issuer matches what it is in the metadata. It will look very similar to the Sign-in page URL, but there are slight differences.

Other errors: Confirm that the ACS URL is https://vanityurl.zoom.us/saml/SSO with the SSO portion capitalized