Configuring Zoom with Azure
Last Updated:
You can connect Zoom with Azure to use your company's Azure credentials to login to your Zoom account via Single Sign-On (SSO). You can assign users Zoom licenses based on their group in Azure.
Note: The JWT app type will be deprecated on June 1, 2023. At this time, configuring Zoom with Azure only supports JWT. We are currently working with Microsoft to implement OAuth support for Azure Enterprise Applications and will provide updates as this becomes available.
Microsoft has advised that support for OAuth should be available to customer tenants by the end of April 2023, and as such Zoom will provide updated guidance and documentation for JWT to OAuth migration in the first week of May 2023. These dates should be considered tentative and will be updated pending any further timeline changes from Microsoft.
This article covers:
- How to add Zoom from the Azure Gallery
- How to configure Single Sign-On with Azure
- How to assign Azure Users and Groups to Zoom
- How to set up Group Mapping (Optional)
- Mapping Basic Information
- How to set up Auto Provisioning in Azure AD
Prerequisites for configuring Zoom with Azure
- Zoom owner or admin privileges
- Business or Education account with approved Vanity URL
- An Azure AD subscription
- Ability to generate a JSON Web Token (JWT)
Note: Without an approved associated domain, users will need to confirm to being provisioned on the account through an email automatically sent to them. Provisioning will take place without email confirmation for any users falling under an approved domain.
How to add Zoom from the Azure Gallery
Note: Screenshots in this article were taken using the default Azure theme. Your Azure portal will look slightly different if you changed the theme.
- Sign in to the Azure portal.
- Click Azure Active Directory in the left panel.
- Click Enterprise Applications.
- Click All Applications.
- Click New Application at the top of the window.
- In the Add from Gallery window, search for Zoom.
- Click Zoom in the Telecommunications category.
- Click the Add button on the right side.
How to configure Single Sign-On with Azure
- In the Azure portal, on the Zoom application page, click Single sign-on.
- Under Select a single sign-on method, select SAML.
- Click the edit icon for Basic SAML Configuration.
- Fill out the following fields:
- For Identifier (Entity ID), enter your vanity URL without https://.
Eg. yourvanityurl.zoom.us - For Reply URL, enter https://yourvanityurl.zoom.us/saml/SSO
- For Sign on URL, enter https:// followed by your Vanity URL.
Eg. https://yourvanityurl.zoom.us
- For Identifier (Entity ID), enter your vanity URL without https://.
- Click Save.
- To view the claims being passed by Azure, click the pencil icon in the UserAttributes section.
- Under SAML Signing Certificate, click Download next to Certificate (Base 64) and save it to your computer.
Note: Check that the certificate's status is active. If it is listed as inactive, click the Edit button, and click Make certificate active. - Click Save at the top.
- Scroll to Set up Zoom.
Note: You can also click View step-by-step instructions, to access the quick reference guide, and download your Azure AD Signing Certificate if you did not in step 7. - Open a new browser tab/window and sign in to the Zoom web portal.
- Access the Single Sign-On page.
- From Azure, under Set up Zoom, click Configuration URLs.
- Copy the Login URL and paste it into the Sign-in page URL field in the SAML configuration page in Zoom.
- Open the certificate you downloaded in Step 5 in a text editor. Copy the portion between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and paste it into the Identity provider certificate field in Zoom.
- For Service Provider (SP) Entity ID, select the version of your vanity URL without https, eg. yourvanityurl.zoom.us
- Under Configuration URLs in Azure, copy the Azure Azure AD Identifier from Azure and paste it into the Issuer (IDP Entity ID) field in the SAML configuration page in Zoom.
- In Azure, click on All Services on the left.
- Search for and click App registrations.
- Click Endpoints.
- Copy the SAML-P Sign-out Endpoint and paste it into Sign-out page URL in Zoom.
- In Zoom, for Binding, select HTTP-Post.
- Click Save Changes.
How to assign Azure users and groups to Zoom
- In the Azure portal, click Azure Active Directory.
- Click Enterprise Applications.
- Click All Applications.
- Click Zoom.
- Click Users and groups.
- Click Add user.
- Click Users and groups.
- Search for the user or group you want to add.
- Click it and a check mark will appear next to the name.
- Click Select.
- Click Select Role.
- Select the role type that you would like to designate in Azure. This information will not be passed to Zoom. The Role type in Zoom will be set based on SAML Mapping. Alternatively, you can set up group mapping to have the role type passed on to Zoom.
- Click Select.
- Click Assign.
How to set up Group Mapping (Optional)
Follow these steps if you want to set up the Azure user role with Zoom. See the previous section for instructions on how to assign a user role.
- In the Azure portal, click Azure Active Directory, then click Applications.
- Click Enterprise Applications.
- Click the previously created Zoom app.
- In the Attributes and Claims section, click Edit.
- Under Additional Claims, click http://schemas.microsoft.com/ws/2008/06/identity/claims/groups.
Note: If the schema is not listed, you will need to add the schema first. - Under Claim Conditions, select the desired groups.
- Click Save.
- In the navigation menu, click Single Sign-on.
- Find the property "groupMembershipClaims" and change the value from null to "SecurityGroup". This allows the group claim to be passed to Zoom.
Note: The values are case sensitive. - Click Save.
- Go back to main menu and click Azure Active Directory then Groups.
- Select the group that you want to create mapping for and copy the Object ID for future use.
- Log in to your Single Sign-On Configuration page in the Zoom web portal.
- Click the SAML Response Mapping tab.
- In the SAML Advanced Information Mapping section, click Add.
- Enter the following information:
- SAML Attribute: Enter http://schemas.microsoft.com/ws/2008/06/identity/claims/groups.
- SAML Value: Paste the Object ID from step 9.
- ResultingValue: Select the expected user type for group members.
- Repeat steps 15 and 16 to configure additional group mapping for each user type.
Mapping Basic Information
- Login to your Single Sign-On Configuration page in the Zoom web portal.
- Click SAML Response Mapping.
- The first section of this page covers Basic SAML Information Mapping.
- Add the Source Attribute listed below for the corresponding value.
Name Source Attribute Email Address http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname Last Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname Phone Number http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone Department http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department
How to set up Auto Provisioning in Azure AD
Auto-provisioning allows the management of users within Zoom from Azure. If a user is added to Azure and/or assigned the Zoom app, they will be provisioned in Zoom automatically. If the user is unassigned or deactivated in Azure, they will be deactivated in Zoom as well.
- Sign in to the Azure portal.
- Click Azure Active Directory in the left panel.
- Click Enterprise Applications.
- Click Zoom.
- Click Provisioning.
- Fill in the fields under Admin Credentials:
- For the Tenant URL enter https://api.zoom.us/scim
- For the Secret Token, generate a JSON Web Token (JWT)** using your Zoom Marketplace key and secret.
Note*: You must have your own method of creating the JWT. Zoom does not provide this functionality.
Note**: The JWT app type will be deprecated in June 2023. We recommend that you create Server-to-Server OAuth or OAuth apps to replace the functionality of a JWT app in your account when the functionality becomes available. At this time, configuring Zoom with Azure only supports JWT.
- Click Test Connection, to confirm that Azure is able to connect to Zoom via API.
- Leave the Default Mapping as below:
- Set Provisioning Status to On.
- Choose Scope.
- Click Save.
Zoom Community
Join the 100K+ other members in the Zoom Community! Login with your Zoom account credentials and start collaborating.