Configuring Zoom With ADFS Follow

1) Find and download/view your ADFS XML metadata at https://[SERVER]/FederationMetadata/2007-06/FederationMetadata.xml

    *[SERVER]: your ADFS server (adfs.example.com)

2) From the Zoom Admin page, click on Single Sign-on to View the SAML tab.

3) Enter the following information into the SAML tab options:

   Sign-in page URL:
     https://[SERVER]/adfs/ls/idpinitiatedsignon.aspx?logintoRP=[Vanity].zoom.us

   Sign-out page URL:  https://[SERVER]/adfs/ls/?wa=wsignout1.0

   Identity provider certificate:    X509 Certificate from XML Metadata in step 1

        *Use the first X509 Certificate in the XML file:

         <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

             <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

                 <X509Data>

                     <X509Certificate>

    Issuer:    http or https://[SERVER]/adfs/services/trust (entityID in metadata)

    Binding:    HTTP-POST

    Default user type:    Depends on your plan

 

4) Login to your ADFS server, open ADFS 2.0 MMC

5) Add a Relying Party Trust

    Select Import data about the relying party published online or on a local network

    Federation metadata address:   https://YOURVANITY.zoom.us/saml/metadata/sp

 

6) Add a display name ("Zoom") and finish the Wizard with default settings

7) Change both Redirect and Post SAML Logout Endpoint (Right click the new Relying Party Trust > Properties > Endpoints Tab) URLs to: 

     https://SERVER/adfs/ls/?wa=wsignout1.0

 

*Note: If you are unable to change the logout endpoints, open the Monitor tab and uncheck "Automatically update relying party" and Apply changes.

 8) Add two claim rules:

     a) Type:    Send LDAP Attributes as Claims

        Name:    Zoom - Send to Email

        Mappings:    E-Mail-Addresses > E-Mail Address

                         User-Principal-Name > UPN

                         Given-Name > urn:oid:2.5.4.42

                         Surname > urn:oid:2.5.4.4

     b) Type:    Transform Incoming Claim

         Name:    Zoom - Email to Name ID

         Incoming claim type:    E-Mail Address

         Outgoing claim type:    Name ID

         Outgoing name ID format:    Email

9) Visit http://YOURVANITY.zoom.us and select Login

Troubleshooting Tips

Unable to log in using Google Chrome or Firefox

If you are unable to log in using Chrome or Firefox, and are seeing an 'Audit Failure' event with "Status: 0xc000035b" in the Event Viewer on the ADFS server, you will need to turn off Extended Protection. Chrome and Firefox do not support the Extended Protection of ADFS (IE does).

  1. Launch IIS Manager
  2. In the left panel, navigate to Sites > Default Web Site > ADFS > LS
  3. Double-click Authentication icon
  4. Right-click Windows Authentication
  5. Select Advanced Settings
  6. Turn OFF Extended Protection
Was this article helpful?
Have more questions? Submit a request
Powered by Zendesk