Configuring Zoom with Azure Follow

Overview

You can connect Zoom with Azure to use your company's Azure credentials to login to your Zoom account via Single Sign-On (SSO). You can assign users Zoom licenses based on their group in Azure.

This article covers:

Prerequisites

  • Zoom owner or admin privileges
  • Business or Education account with approved vanity URL
  • An Azure AD subscription

Adding Zoom from the Azure Gallery

Note: Screenshots in this article were taken using the default Azure theme. Your Azure portal will look slightly different if you changed the theme.

  1. Sign in to the Azure portal.
  2. Click Azure Active Directory in the left panel.
  3. Click Enterprise Applications.
  4. Click All Applications.
  5. Click New Application at the top of the window.
  6. In the Add from Gallery window, search for Zoom.
  7. Click Zoom in the Telecommunications category.
  8. Click the Add button on the right side.

Configuring Single Sign-On

  1. In the Azure portal, on the Zoom application page, click Single sign-on.

  2. From the Single Sign-on Mode drop down, select SAML-based Sign-on.
  3. For Sign on URL, enter https:// followed by your Vanity URL.
    Eg. https://yourvanityurl.zoom.us
  4. For Identifier, enter your vanity URL without https://.
    Eg. yourvanityurl.zoom.us
  5. To view the claims being passed by Azure, click the pencil icon in the UserAttributes section.
  6. Under SAML Signing Certificate, click Certificate (Base 64) and save it to your computer.

    Note: Check that the certificate's status is active. If it is listed as new, check Make new certificate active.
  7. Click Save at the top.
  8. Click Configure Zoom.
  9. Scroll down to the Quick Reference section.
  10. Open a new browser tab/window and login to the Zoom web portal.
  11. Navigate to the Single Sign-On page.
  12. Copy the Azure AD Single Sign-On Service URL from Azure and paste it into the Sign-in page URL field in Zoom.
  13. Open the certificate you downloaded in Step 5 in a text editor. Copy the portion between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and paste it into the Identity provider certificate field in Zoom.
  14. For Service Provider (SP) Entity ID, select the version of your vanity URL without https, eg. yourvanityurl.zoom.us
  15. Copy the Azure AD SAML Entity ID from Azure and paste it into the Issuer (IDP Entity ID) field in Zoom.
  16. In Azure, click on More Services on the left.
  17. Search for and click App registrations.
  18. Click Endpoints.

  19. Copy the SAML-P Sign-out Endpoint and paste it into Sign-out page URL in Zoom.
  20. In Zoom, for Binding, select HTTP-Post.
  21. Click Save Changes.

Assigning Azure users and groups to Zoom

  1. In the Azure portal, click Azure Active Directory.
    Screen_Shot_2017-12-27_at_12.56.07_PM.png
  2. Click Enterprise Applications.
  3. Click All Applications.
  4. Click Zoom.
  5. Click Users and groups.
  6. Click Add user.
  7. Click Users and groups.
  8. Search for the user or group you want to add.
  9. Click it and a check mark will appear next to the name.
  10. Click Select.
  11. Click Select Role.
  12. Select the role type that you would like to designate in Azure. This information will not be passed to Zoom. The Role type in Zoom will be set based on SAML Mapping. Alternatively, you can set up group mapping to have the role type passed on to Zoom.
  13. Click Select.
  14. Click Assign.

 

Setting up Group Mapping (Optional) 

Follow these steps if you want to the Azure user role to Zoom. See the previous section for instruction on how to assign a user role.

  1. In the Azure portal, click Azure Active Directory, then click App registrations.
  2. Select All apps in the drop-down menu.
  3. Select Zoom in the app list, then click Manifest to edit it.
  4. Find the property "groupMembershipClaims" and change the value from null to "SecurityGroup". This allows the group claim to be passed to Zoom.
    Note: The values are case sensitive.
  5. Click Save.
  6. Go back to main menu and click Azure Active Directory then Groups.
  7. Select the group that you want to create mapping for and copy the Object ID for future use.
  8. Log in to your Single Sign-On Configuration page in the Zoom web portal.
  9. Click the SAML Response Mapping tab.
  10. In the SAML Advanced Information Mapping section, click Edit then Add.
  11. Enter the following information:
    1. SAML Attribute: Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/groups. If the above attributes doesn't work, use http://schemas.microsoft.com/ws/2008/06/identity/claims/groups.
    2. SAML Value: Paste the Object ID from step 7.
    3. ResultingValue: Select the expected user type for group members.
  12. Repeat steps 10 and 11 to configure additional group mapping for each user type.

Mapping Basic Information

  1. Login to your Single Sign-On Configuration page in the Zoom web portal.
  2. Click SAML Response Mapping.6b903e05-c5fa-415a-84fc-bf5a5945d950.png
  3. The first section of this page covers Basic SAML Information Mapping.
    Screen_Shot_2017-12-27_at_4.34.26_PM.png
  4. Add the Source Attribute listed below for the corresponding value.
    Name Source Attribute
    Email Address http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    Last Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
    Phone Number http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone
    Department http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department
Was this article helpful?