Configuring Okta with Zoom Follow

Overview

You can connect Zoom with Okta to use your company's Okta credentials to login to your account via SSO. By configuring Zoom with Okta, you can create users, update user information, and deactivate users in Zoom via Okta. There are two ways that you can configure Zoom with Okta. You can use the pre-built Zoom app in the Okta Application Network to automatically configure the Okta app for Zoom, or you can set up a custom app in Okta for Zoom. Configuring a custom app will allow you to pass additional information to Zoom and use advanced SAML mapping

This article covers:

Prerequisites

  • Zoom owner or admin privileges
  • Business or Education account with approved Vanity URL
  • Single Sign-On Enabled
  • Okta admin privileges

Instructions

Configuring Okta with the pre-built app

Configuring Okta with Zoom

  1. In Okta, go to Applications.
  2. Click Add Application. 

  3. Search for Zoom.
  4. Next to Zoom SAML, Click Add.
  5. This will take you to the General Settings page.

    • Application label: You can leave this as Zoom or rename as desired.
    • Subdomain: Enter only the custom part of your Vanity URL. For example, if your vanity URL is https://mydomain.zoom.us, only enter mydomain
    • Application visibility: Optional. Check the options if you want to make this app visible to your users.
    • Click Done.
  6. Click the Provisioning tab.
  7. Click Configure API Integration.
  8. Check Enable API Integration.
  9. Click Authenticate with Zoom SAML.
  10. A new browser window will open where you will be told what information Okta has access to in Zoom. Click Authorize to allow the app.
  11. Click Save.
  12. On the To App tab, click Edit.
    • Check Create Users.
    • Check Update User Attributes.
    • Check Deactivate Users.
  13. Click Save.
  14. Scroll to the Attribute Mappings section.
  15. Confirm that the attributes are mapped as shown below.
  16. Click the To Okta tab.
  17. Scroll to the Okta Attribute Mapping section.
  18. Confirm that the attributes match as shown below.
  19. In the main Okta navigation, hover over Directory and select Profile Editor.
  20. Next to the Zoom app, click Mappings.
  21. On To Okta, confirm that your mappings match the mappings shown below.

  22. Click Okta to Zoom and confirm that your mappings match the mappings shown below.
  23. Hover over the Applications drop down and choose Applications.
  24. Click Zoom.
  25. Click the Import tab.
  26. Click Import Now.

  27. The import process will begin.
  28. Okta will list any users found in Zoom who are not already in Okta.
  29. By default, the users will be added in Okta. To associate a Zoom user with an existing Okta user or ignore them during this import, click the arrow next to their name.

  30. Check all users who you want to import.
  31. Click Confirm Assignments.

Adding, Updating, and Deprovisioning Zoom Users in Okta

When you update a user’s information in Okta, such as their name, it will automatically sync this information to Zoom within a few minutes. No additional steps need to be taken to update this information. Email address changes will not be sent from Okta to Zoom; the email address will need to be changed in Zoom. Learn how to update a user in Okta.

Adding Users or Groups to Zoom from Okta

  1. In Okta, hover over Applications and click Applications.
  2. Click the name of your Zoom app.
  3. Click Assign and choose whether you would like to assign Okta to a user or a group of users.
  4. Click Assign next to the user or group.
  5. Choose the user or group options.
  6. Click Save and Go Back.
  7. Click Done.

Deprovisioning a User

You can deactivate a user’s Zoom account by following the steps below. If you suspend a user’s Okta access or delete their Okta account, their Zoom account will automatically be deactivated as well.

  1. In Okta, hover over Applications and click Applications.
  2. Click the name of your Zoom app.
  3. Click the X next to the user’s name.
  4. Confirm that you want to remove this user’s Zoom access.
  5. The user will now show as deactivated in your Zoom User Management.

Changing an Email Address

If you need to change a user’s email address, this will not be copied from Okta to Zoom. The following steps must be completed to make sure that the email address gets updated in both Zoom and Okta.

  1. Change your email address in Zoom. Learn how.
  2. Click the confirmation link in the email sent to the new email address.
  3. Update the email address in Okta. Learn how.

Migrating to an Updated Version of the Zoom Okta Integration

The Zoom app in Okta has recently been updated to provide a better overall experience to Okta customers. Here is a summary of changes:

  • November 2018: “UserType” has been added

For users with an existing instance of the Zoom app in Okta, you will need to add the Zoom app again and deactivate the old Zoom app.  Follow the steps above for Configuring Okta with Zoom to learn how to add the Okta app and provision users.

Deleting the Old App

  1. In Okta, hover over Applications and click Applications.
  2. Click the name of your Zoom app.
  3. Click the Provisioning tab.
  4. Uncheck Enable API Integration.

  5. Click Save.

NoteIf you were using your old Zoom app as a profile master for certain Okta attributes, you will need to set your new Zoom app as the profile master for the same attributes.

Configuring Okta with a custom app

  1. In Okta, click Add Apps.
  2. Click Create New App. Screen_Shot_2017-12-11_at_4.39.48_PM.png
  3. In the Create a New Application Integration window, select the following:
    • Platform: Web
    • Sign on method: SAML 2.0
  4. Click Create.
  5. This will take you to the General Settings page.
    • App Name: You can give the app the name of your choice, something that will identify this as the Zoom app for you on the Okta side, eg. Zoom. 
    • (Optional) App logo: Upload the Zoom logo if desired.
    • (Optional) App visibility: Check these options if you would like the Zoom custom app to show to your users in Okta.
  6. Click Next.
  7. This will take you to the Configure SAML page. 
    • Single sign on URL: https://yourvanityurl.zoom.us/saml/SSO
    • Check Use this for Recipient URL and Destination URL 
    • Leave Allow this app to request other SSO URLs unchecked
    • Audience URI (SP Entity ID): https://yourvanityurl.zoom.us
    • Default RelayState: Leave blank. 
    • Name ID Format: Select EmailAddress.
    • Application username: Select Okta username.
    • Click Show Advanced Settings
    • Response: Choose Signed
    • Assertion Signature: Choose Unsigned
    • Signature Algorithm: Choose RSA-SHA256.
    • Digest Algorithm: Choose SHA256.
    • Assertion Encryption: You can choose either. If you choose encrypted, you will need to check the option for encrypted assertions on the Zoom side. If unsure, leave as Unencrypted.
    • Enable Single Signout: Leave unchecked.
    • Authentication context class: Choose PasswordProtectedTransport.
    • Honor Force Authentication: Choose Yes.
    • SAML Issuer ID: Leave blank.
    • Attribute Statements
      Name Name format Value
      email Unspecified User.email
      firstName Unspecified User.firstName
      lastName Unspecified User.lastName
      Add any other attributes that you want to pass such as department, title, etc. 
    • Group Attribute Statements: Leave blank.
    • Preview the SAML Assertion: You can click to preview the SAML assertion.
  8. Click Next.
  9. This will take you to the Okta feedback page. Enter your feedback if desired and click Next.
  10. Click View Setup Instructions.
  11. This will open your Okta setup details.
  12. In a separate tab, login to your Zoom SSO page
  13. Choose Configure SSO Manually.
  14. Copy the Identity Provider Single Sign-On URL in Okta and paste it into the Sign-in page URL field in Zoom.
  15. Leave Sign Out Page URL blank in Zoom.
  16. Copy the Identity Provider Issuer in Okta and paste it into the Issuer (IDP Entity ID) field in Zoom. 
  17. In Okta, copy the X.509 Certificate between the BEGIN CERTIFICATE and END CERTIFICATE lines (do not include these). Paste this into the Identity Provider Certificate field in Zoom.
  18. In Zoom, for Service Provider (SP) Entity ID, choose https://yourvanityurl.zoom.us
  19. For Binding, choose HTTP-Redirect
  20. For security, leave all unchecked unless you choose to send Encrypted Assertions on the Okta side. 
  21. In Zoom, choose Save Changes.
     
  22. In Okta, click the Assignments tab.
  23. Click Assign and choose if you want to assign it to a person or a group. If you want to assign it to all users, click Assign to Groups.
  24. Next to everyone, click Assign.
  25. Click Done.
  26. Your setup is complete and you should now be able to sign in to Zoom with Okta. To test, logout of your Zoom account and click Log In at https://yourvanityurl.zoom.us

 

Was this article helpful?
Have more questions? Submit a request