Configuring Zoom with G Suite / Google Apps Follow


If your organization users G Suite / Google Apps, you can set up Single Sign-On, which will allow you to set up a default user type for SSO and SAML mapping with provisioning. We also offer a Login with Google option, which requires no additional configuration. 


  • Super administrator privileges within Google Admin for your domain
  • Vanity URL set up for your Zoom account (requires Business or Education acct)
  • Admin or owner permissions in Zoom

Within Google

  1. From the Admin console dashboard, go to Apps > SAML Apps. To see Apps on the dashboard, you might have to click More controls at the bottom.
  2. Select the Add a service/App to your domain link or click the plus (+) icon in the bottom corner. Screen_Shot_2017-08-25_at_10.18.44_AM.png
  3. Click Setup my own custom SAML App.
  4. The Google IDP Information window opens and the Single Sign-On URL and the Entity ID URL fields automatically populate.
  5. There are two ways to collect the service provider Setup information:
    • You can copy the Entity ID and the Single Sign-On URL field values and download the X.509 Certificate, paste them into the appropriate service provider Setup fields, and then click Next
    • You can download the IDP metadata, upload it into the appropriate service provider Setup fields, and then come back to the admin console and click Next.
  6. In the Basic Application Information window, add an application name and description.
  7. In the Service Provider Details window, add an ACS URL, an Entity ID, and a start URL.
    • ACS URL:
    • Entity ID:
    • Start URL: leave blank
  8. Leave Signed Response unchecked.
  9. Click Next.
  10. (Optional) Attribute Mapping
    • Click Add new mapping and enter a new name for the attribute you want to map.
    • In the drop-down list, select the Category and User attributes to map the attribute from the G Suite profile.
  11. Click Finish.

Within Zoom

  1. Login to your Zoom account at
  2. Under Basic SAML Configuration
    • Service Provider (SP) Entity ID: Select or match the Entity ID set in G Suite (step 7 in the Within Google section).
    • Sign-in page URL: This is the SSO URL from the Google idP information or it appears after <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect in the XML meta data.
    • Identity provider certificate: You can download this from the Google idP information or it appears between <ds:X509Certificate> and </ds:X509Certificate> in the XML data.
    • Issuer: This is the Entity ID from the Google idP information or it appears after entityID= in the XML meta data.
    • Binding: can be left as default.
    • Sign SAML request: Leave unchecked (unless checked in #11 from the Google section above).
    • Support encrypted assertions: Leave unchecked.
    • Security: Check if you want to force logout after a certain number of days.
    • Default user type: Select what user type you want new users to be added as.
    • (Optional) Email, Name, Etc. - Customize SAML Response Mapping: If you set up Custom Mapping (#13 from Google section above), you can map attributes to configure Zoom users based on the Google mapping.

Common Errors

Post (vanity URL) 404 (not found): Confirm that ACS URL is set correctly. It should be like

App not configured: Confirm Entity ID URL in Google and Zoom match.

Metadata for issuer idpid) wasn't found (-1): Confirm that the Issuer matches what it is in the metadata. It will look very similar to the Sign-in page URL, but there are slight differences.

Other errors: Confirm that the ACS URL is with the SSO portion capitalized


Was this article helpful?