Information to consider for advanced SAML mapping

When configuring SAML Advanced Information Mapping, there are a number of items to consider for effective mapping to avoid unexpected results. You can review the information below regarding the section you are setting up to ensure desired outcomes.

Note: Some sections are dependent on their associated licensing types being tied to the account, for example, Zoom Translated Captions and Concurrent Licenses.

This article covers:

• Information to consider that applies to all SAML Advanced Information Mapping sections
  • License Type
  • Add-on: Zoom Webinars / Large Meeting
  • License: Zoom Events
  • Add-on Zoom Whiteboard
  • Zoom IQ for Sales
  • Add-on: Zoom Translated Captions
  • Add-on: Concurrent Meeting
  • Sign in to Sub Account
  • User Role
  • User Group
  • IM Group
  • Contact Group
  • User Group Admin
  • Zoom Phone Calling Plan
  • Zoom Phone Site
  • Channel
  • Zoom Room Admin
  • Recording Location

Information to consider that applies to all SAML Advanced Information Mapping sections

• Advanced SAML mapping is hierarchical.
• Advanced SAML mapping works off a contains basis rather than an exact match.
• Advanced SAML mapping works off a first-match basis, meaning the rule processing stops after an attribute name/value pair has been matched.
  Note: An exception exists for Zoom Webinars and Large Meeting add-ons.

License Type

• No change will be made to an existing user’s license type unless there is a matching attribute name/value pair.
• None will block access to a user who matches None and will prevent user creation.
• If a licensed user has upcoming events and matches the Basic license type, they will not be downgraded to Basic.

Add-on: Zoom Webinars / Large Meeting

• The same attribute/value pair can be used to assign both Zoom Webinars and Large Meeting add-ons as separate entries.
  Notes:
  • Processing of Zoom Webinars rules will stop once a webinar match has been made.
  • Processing of Large Meeting rules will stop once a large meeting match has been made.
  • These matches are independent of each other. Outside of these exceptions, the first match rule applies.
• If this section is mapped and there is no matching attribute/value pair, the add-on will be removed.
• The Add-on cannot be changed from one type to another by changing the attribute/value pair, this must be done through user management, or the existing add-on must be removed first.

License: Zoom Events

• Only available for accounts with Zoom Events licensing.
• Cannot be assigned concurrently with webinar licensing and will override webinar licensing assignment.
• Capacity for an existing Zoom Events License may be upgraded through SAML mapping, but cannot be downgraded.

Add-on: Zoom Whiteboard

• Only available for accounts with Zoom Whiteboard plans.
• Users with an attribute/value pair match will be assigned licensing regardless of whether the user is licensed or basic.

Zoom IQ for Sales

• Only available for accounts with Zoom IQ for Sales plans.
• Only licensed users can be assigned a Zoom IQ for Sales plan through SAML mapping.

Add-on: Zoom Translated Captions

• Only available for accounts with Zoom Translated Caption addons.
• Can only be assigned through SAML, Zoom Translated Caption add-ons must be removed through User Management.

Add-on: Concurrent Meeting

• Only available for accounts with Concurrent Meeting addons.
• Can only be assigned through SAML, Concurrent Meeting add-ons must be removed through User Management.

Sign in to Sub Account

A page specific to primary/sub account should be created.

• Allows users to sign in to the designated sub-account utilizing the primary account’s SSO configuration.
• All mappings below the sub-account mapping section will not be applied to sub-accounts. They apply to the Primary account only.
• See Primary/sub account mapping page (which doesn’t exist yet).

User Role

• User role mappings will not be applied to the account owner.
• If the user does not match a matching attribute/value pair, the user will be placed in the Member group.

User Group

• Group mappings will not be applied to the account owner.
• If the user does not pass a matching attribute/value pair, no changes will be made to the user’s existing groups. To remove users from groups entirely, this must be done manually.
• If an attribute/value pair is matched, any existing groups will be overwritten by the groups specified in Advanced SAML Mapping.
• A single attribute/value pair must be utilized to map a user to multiple groups.
  • Multiple groups can be specified in the Resulting Value field.
  • The first group selected from the list of groups will be the primary group.
• Supports a maximum of 20 groups.

IM Group

• No special notes.

Contact Group

• No special notes.

User Group Admin

• If no matching attribute/value pair exists, no update will be made.
• If an attribute/value pair is matched, any existing group admin assignments will be overwritten by the group admin assignments specified in the Advanced SAML mapping.

Zoom Phone Calling Plan

• Only available for accounts with Zoom Phone Calling plans.
• Mappings do not apply to the owner.
• User must have a zoom phone extension number OR must already be an existing Zoom Phone user.
  • Zoom Phone extension can be assigned through SAML Basic Mapping. When using Basic SAML Mapping to assign an extension, and Advanced SAML mapping to assign a calling plan, the user must sign in twice. First to be assigned their extension, and the second time to get the calling plan.

Zoom Phone Site

• User must have a zoom phone extension number OR must already be an existing Zoom Phone user.
• If there is no match, the site will not change.

Channel

• No special notes.

Zoom Room Admin

• If there is no attribute/value pair match, no changes will take place.
• When there is an attribute/value pair match, the user’s current zoom room admin assignments will be overwritten.

Recording Location

• No special notes.