Configuring Zoom with G Suite / Google Apps Follow

About

If your organization users G Suite / Google Apps, you can set up Single Sign-On, which will allow you to set up a default user type for SSO and SAML mapping with provisioning. We also offer a Login with Google option, which requires no additional configuration. 

Prerequisites

  • Super administrator privileges within Google Admin for your domain
  • Vanity URL set up for your Zoom account (requires Business or Education acct)
  • Admin or owner permissions in Zoom

Within Google

  1. From the Admin console dashboard, go to Apps > SAML Apps. To see Apps on the dashboard, you might have to click More controls at the bottom.
    Screen_Shot_2017-08-25_at_10.16.50_AM.png
  2. Select the Add a service/App to your domain link or click the plus (+) icon in the bottom corner. Screen_Shot_2017-08-25_at_10.18.44_AM.png
  3. Click Setup my own custom SAML App.
    Screen_Shot_2017-08-25_at_10.20.58_AM.png
  4. The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate.
  5. There are two ways to collect the service provider Setup information:
    • You can copy the Entity ID and the Single Sign-On URL field values and download the X.509 Certificate, paste them into the appropriate service provider Setup fields, and then click Next
    • You can download the IDP metadata, upload it into the appropriate service provider Setup fields, and then come back to the admin console and click Next.
      Screen_Shot_2017-08-25_at_10.23.41_AM.png
  6. In the Basic Application Information window, add an application name and description.
  7. In the Service Provider Details window, add an ACS URL, an Entity ID, and a start URL.
    • ACS URL: https://vanityurl.zoom.us/saml/SSO
    • Entity ID: https://vanityurl.zoom.us
    • Start URL: leave blank
      Screen_Shot_2017-08-25_at_10.26.57_AM.png
  8. Leave Signed Response unchecked.
  9. Click Next.
  10. (Optional) Attribute Mapping
    • Click Add new mapping and enter a new name for the attribute you want to map.
    • In the drop-down list, select the Category and User attributes to map the attribute from the G Suite profile.
  11. Click Finish.

Within Zoom

  1. Login to your Zoom account at https://zoom.us/account/sso
  2. Under Basic SAML Configuration
    Screen_Shot_2017-08-25_at_10.30.16_AM.png
    • Service Provider (SP) Entity ID: Select https://vanityurl.zoom.us
    • Sign-in page URL: This is the SSO URL from the Google idP information or it appears after <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect in the XML meta data.
    • Identity provider certificate: You can download this from the Google idP information or it appears between <ds:X509Certificate> and </ds:X509Certificate> in the XML data.
    • Issuer: This is the Entity ID from the Google idP information or it appears after entityID= in the XML meta data.
    • Binding: can be left as default.
    • Sign SAML request: Leave unchecked (unless checked in #11 from the Google section above).
    • Support encrypted assertions: Leave unchecked.
    • Security: Check if you want to force logout after a certain number of days.
    • Default user type: Select what user type you want new users to be added as.
    • (Optional) Email, Name, Etc. - Customize SAML Response Mapping: If you set up Custom Mapping (#13 from Google section above), you can map attributes to configure Zoom users based on the Google mapping.

Common Errors

Post (vanity URL) 404 (not found): Confirm that ACS URL is set correctly. It should be like https://vanityurl.zoom.us/saml/SSO

App not configured: Confirm Entity ID URL in Google and Zoom match.

Metadata for issuer https://accounts.google.com/o/saml2?idpid=(unique idpid) wasn't found (-1): Confirm that the Issuer matches what it is in the metadata. It will look very similar to the Sign-in page URL, but there are slight differences.

Other errors: Confirm that the ACS URL is https://vanityurl.zoom.us/saml/SSO with the SSO portion capitalized

 

Was this article helpful?
Have more questions? Submit a request
Powered by Zendesk