Configuring Zoom with Shibboleth
Last Updated:
You can connect Zoom with Shibboleth to use your organization's Shibboleth credentials to login to your Zoom account via Single Sign-On (SSO). You can assign users Zoom licenses, add-on plans, roles and groups based on their SAML attributes.
This article covers:
- How to configure your SSO Information with Zoom
- How to Configure your Zoom Metadata in Shibboleth
- How to test your Configuration
Prerequisites for configuring Zoom with Shibboleth
- Zoom owner or admin privileges
- Business or Education account with approved Vanity URL
Note: Without an approved Associated Domain, users will need to confirm to being provisioned on the account through an email automatically sent to them. Provisioning will take place without email confirmation for any users falling under an approved domain.
How to configure your SSO Information with Zoom
- Access the metadata for your organization. It can typically be found at https://IdP.DomainName/idp/shibboleth.
- Login to your Zoom web portal and navigate to the Single Sign-On page.
- Configure the page with your SSO information from your metadata:
- Sign-in page URL: Choose either the POST or Redirect Binding as it is listed after Location=
- Sign-out page URL: This is optional. If you want to enter a Sign-out page URL, choose the corresponding POST or Redirect URL that appears in SingleLogoutService, after Location=.
- Identity Provider Certificate: Use the first X509 certificate that appears in your metadata.
- Service Provider (SP) Entity ID: Choose the Service Provider (SP) Entity ID which includes https://, for example https://yourVanityURL.zoom.us
- Issuer (IDP Entity ID): Enter the full Entity ID from your IdP metadata, such as https://IdP.yourorganization/idp/shibboleth
- Binding: Choose the POST or Redirect binding that corresponds with the Sign-in page URL used.
- Check Support Encrypted Assertions, unless you have disabled these in Shibboleth.
- Click Save Changes.
Note: When using CAS with Shibboleth, used HTTP-Redirect for the Binding.
- Sign-in page URL: Choose either the POST or Redirect Binding as it is listed after Location=
How to Configure your Zoom Metadata in Shibboleth
- Download your Zoom metadata from https://yourVanityURL.zoom.us/saml/metadata/sp
- Configure the Zoom metadata as trusted in Shibboleth by adding a metadata element in the relying-party.xml file.
Example:
<MetadataProvider id="Zoom_SP_Metadata" xsi:type="ResourceBackedMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata">
<MetadataResource xsi:type="resource:FilesystemResource"
file="/var/shibboleth-idp/metadata/zoom_sp_metadata.xml" />
</MetadataProvider> -
Configure your IdP to send at least the email address SAML attribute.
Attribute Common SAML Attribute Name Email Address* urn:oid:0.9.2342.19200300.100.1.3
First Name urn:oid:2.5.4.42 Last Name urn:oid:2.5.4.4
To do this, you can add an AttributeFilterPolicy element to the attribute-filter.xml file.
Example:
<AttributeFilterPolicy id="releaseToZoom">
<PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="yourVanityURL.zoom.us" /> <AttributeRule attributeID="email">
<PermitValueRule xsi:type="basic:ANY"/> </AttributeRule>
<AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="basic:ANY"/></AttributeRule>
<AttributeRule attributeID="surname">
<PermitValueRule xsi:type="basic:ANY"/> </AttributeRule>
</AttributeFilterPolicy>
How to test your Configuration
You can test the SSO login by logging in at https://yourVanityURL.zoom.us/ or by logging into the Zoom client and choosing SSO.
Zoom Community
Join the 100K+ other members in the Zoom Community! Login with your Zoom account credentials and start collaborating.