The Zoom Community is here!
We welcome all Zoom customers to come together on the Zoom Community to ask questions, find solutions,
and collaborate with peers. Login with your Zoom account credentials and start collaborating!

Zoom Support Maintenance: 9/18/2021

Date and time: 9/18/2021 at 1PM PST for 10 hrs 30 min

We will be performing routine maintenance for Zoom Support. During this time, users may experience system delays or longer than expected wait times when contacting Zoom Support via phone, chat or web submission. All other request methods, based on your plan, will be available during this time. Please refer to https://support.zoom.us/hc/articles/201362003 for available contact options.

Affected components: Zoom Support Center

Configuring Zoom with Shibboleth Follow

Overview

You can connect Zoom with Shibboleth to use your organization's Shibboleth credentials to login to your Zoom account via Single Sign-On (SSO). You can assign users Zoom licenses, add-on plans, roles and groups based on their SAML attributes.

This article covers:

Prerequisites

  • Zoom owner or admin privileges
  • Business or Education account with approved Vanity URL

Note: Without an approved Associated Domain, users will need to confirm to being provisioned on the account through an email automatically sent to them. Provisioning will take place without email confirmation for any users falling under an approved domain.

Instructions

Configuring your SSO Information with Zoom

  1. Access the metadata for your organization. It can typically be found at https://IdP.DomainName/idp/shibboleth.
  2. Login to your Zoom web portal and navigate to the Single Sign-On page. 
  3. Configure the page with your SSO information from your metadata:
    • Sign-in page URL: Choose either the POST or Redirect Binding as it is listed after Location=
      Screen_Shot_2017-12-29_at_11.34.18_AM.png
    • Sign-out page URL: This is optional. If you want to enter a Sign-out page URL, choose the corresponding POST or Redirect URL that appears in SingleLogoutService, after Location=.
      Screen_Shot_2017-12-29_at_11.39.25_AM.png
    • Identity Provider Certificate: Use the first X509 certificate that appears in your metadata. 
      x509cert.png
    • Service Provider (SP) Entity ID: Choose the Service Provider (SP) Entity ID which includes https://, for example https://yourVanityURL.zoom.us
    • Issuer (IDP Entity ID): Enter the full Entity ID from your IdP metadata, such as https://IdP.yourorganization/idp/shibboleth
      IssuerEntityID.png
    • Binding: Choose the POST or Redirect binding that corresponds with the Sign-in page URL used. 
    • Check Support Encrypted Assertions, unless you have disabled these in Shibboleth. 
    • Click Save Changes.
      ZoomSSOpage.png
      Note: When using CAS with Shibboleth, used HTTP-Redirect for the Binding. 

Configuring your Zoom Metadata in Shibboleth

  1. Download your Zoom metadata from https://yourVanityURL.zoom.us/saml/metadata/sp
  2. Configure the Zoom metadata as trusted in Shibboleth by adding a metadata element in the relying-party.xml file. 
    Example: 

    <MetadataProvider id="Zoom_SP_Metadata" xsi:type="ResourceBackedMetadataProvider"
    xmlns="urn:mace:shibboleth:2.0:metadata">
    <MetadataResource xsi:type="resource:FilesystemResource"
    file="/var/shibboleth-idp/metadata/zoom_sp_metadata.xml" />
    </MetadataProvider>

  3. Configure your IdP to send at least the email address SAML attribute. 

    Attribute Common SAML Attribute Name
    Email Address*

    urn:oid:0.9.2342.19200300.100.1.3

    First Name urn:oid:2.5.4.42
    Last Name urn:oid:2.5.4.4
    *If eduPersonPrincipalName is formatted as email address you can use the following SAML Attribute Name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6

    To do this, you can add an AttributeFilterPolicy element to the attribute-filter.xml file.
    Example:

    <AttributeFilterPolicy id="releaseToZoom">
    <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="yourVanityURL.zoom.us" /> <AttributeRule attributeID="email">
    <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule>
    <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="basic:ANY"/></AttributeRule>
    <AttributeRule attributeID="surname">
    <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule>
    </AttributeFilterPolicy>

Testing your Configuration

You can test the SSO login by logging in at https://yourVanityURL.zoom.us/ or by logging into the Zoom client and choosing SSO. 

ssologin.gif