Configuring Zoom with Shibboleth Follow


You can connect Zoom with Shibboleth to use your organization's Shibboleth credentials to login to your Zoom account via Single Sign-On (SSO). You can assign users Zoom licenses, add-on plans, roles and groups based on their SAML attributes.

This article covers:


  • Zoom owner or admin privileges
  • Business or Education account with approved Vanity URL


Configuring your SSO Information with Zoom

  1. Access the metadata for your organization. It can typically be found at https://IdP.DomainName/idp/shibboleth.
  2. Login to your Zoom web portal and navigate to the Single Sign-On page. 
  3. Configure the page with your SSO information from your metadata:
    • Sign-in page URL: Choose either the POST or Redirect Binding as it is listed after Location=
    • Sign-out page URL: This is optional. If you want to enter a Sign-out page URL, choose the corresponding POST or Redirect URL that appears in SingleLogoutService, after Location=.
    • Identity Provider Certificate: Use the first X509 certificate that appears in your metadata. 
    • Service Provider (SP) Entity ID: Choose the Service Provider (SP) Entity ID which includes https://, for example
    • Issuer (IDP Entity ID): Enter the full Entity ID from your IdP metadata, such as https://IdP.yourorganization/idp/shibboleth
    • Binding: Choose the POST or Redirect binding that corresponds with the Sign-in page URL used. 
    • Check Support Encrypted Assertions, unless you have disabled these in Shibboleth. 
    • Click Save Changes.

Configuring your Zoom Metadata in Shibboleth

  1. Download your Zoom metadata from
  2. Configure the Zoom metadata as trusted in Shibboleth by adding a metadata element in the relying-party.xml file. 

    <MetadataProvider id="Zoom_SP_Metadata" xsi:type="ResourceBackedMetadataProvider"
    <MetadataResource xsi:type="resource:FilesystemResource"
    file="/var/shibboleth-idp/metadata/zoom_sp_metadata.xml" />

  3. Configure your IdP to send at least the email address SAML attribute. 

    Attribute Common SAML Attribute Name
    Email Address*


    First Name urn:oid:
    Last Name urn:oid:
    *If eduPersonPrincipalName is formatted as email address you can use the following SAML Attribute Name: urn:oid:

    To do this, you can add an AttributeFilterPolicy element to the attribute-filter.xml file.

    <AttributeFilterPolicy id="releaseToZoom">
    <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="" /> <AttributeRule attributeID="email">
    <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule>
    <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="basic:ANY"/></AttributeRule>
    <AttributeRule attributeID="surname">
    <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule>

Testing your Configuration

You can test the SSO login by logging in at or by logging into the Zoom client and choosing SSO. 


Was this article helpful?