Zoom SAML Single Sign-On (SSO)

This topic describes how to configure the CyberArk Identity Zoom SAML template for SSO.

Zoom offers the #1 Cloud Video Conferencing Experience that unifies HD video conferencing, mobility and web meetings together as a free cloud service.

Zoom Requirements

Configuring Zoom for single sign-on requires

  • A Zoom account with administrator privileges.
  • A signed certificate.

    You can either download one from the Admin Portal or use your organization’s trusted certificate.

Set up the certificates for SSO

To establish a trusted connection between the web application and the CyberArk Identity, you need to have the same signing certificate in both the application and the application settings in the Admin Portal.

If you use your own certificate, you upload the signing certificate and its private key in a .pfx or .p12 file on the application’s Trust page in the Admin Portal. You also upload the public key certificate in a .cer or .pem file to the web application.

What to know before configuring SSO for Zoom

  • If you configure the CyberArk Identity to use SP-initiated SSO to launch Zoom, be aware that you can still log in to your Zoom account using the www.zoom.us URL. (In most other applications that use SP-initiated SSO, the application blocks users from logging in directly to the application account.) SP-initiated SSO uses just the domain-specific URL with Zoom, such as https://acme.zoom.us where acme is your custom domain.

  • Zoom offers automatic user provisioning. After you’ve created your administrative account in Zoom and configured SSO, you don’t need to register additional users. Once Zoom receives the SAML response from the CyberArk Identity, Zoom checks to see if the user already exists. If the user doesn’t already exist, Zoom creates the user account automatically with the user account received in the SAML response.

  • The additional users that Zoom creates based on the SAML response are part of the original Zoom administrator account but they are non-administrative users (they can’t edit Zoom account settings, for example).

Configure Zoom for Single Sign-On

The following steps are specific to this application and are required in order to enable SSO. For information on optional configuration settings available in the Admin Portal, see Configure optional application settings.

A video for how to configure the Zoom template for SSO is also available.

  1. On the Settings page in the Admin Portal, specify the following settings:

    Option

    Description

    Your Zoom domain name

    Enter your Zoom domain name. For example, if you login to Zoom using https://acme.zoom.us, enter acme.

    Application ID

    Configure this field if you are deploying a mobile application that uses the CyberArk mobile SDK, for example mobile applications that are deployed into a Samsung KNOX version 1 container. The CyberArk Identity uses the Application ID to provide single sign-on to mobile applications. Note the following:

    The Application ID has to be the same as the text string that is specified as the target in the code of the mobile application written using the mobile SDK. If you change the name of the web application that corresponds to the mobile application, you need to enter the original application name in the Application ID field.

    There can only be one SAML application deployed with the name used by the mobile application.

    The Application ID is case-sensitive and can be any combination of letters, numbers, spaces, and special characters up to 256 characters.

    Show in User app list

    Select Show in User app list to display this web application in the user portal. (This option is selected by default.)

    If this web application is added only to provide SAML for a corresponding mobile app, deselect this option so the web application won’t display for users in the user portal.

  2. In the Identity Provider Configuration area of the Trust page, expand the certificate area and select the certificate that you want to use for the application, then click Download.

  3. Open a new tab in your web browser.

    It is helpful to open the web application and the Admin Portal simultaneously to copy and paste settings between the two browser windows.
  4. Go to the following URL and sign in as an admin user:

    https://www.zoom.us
  5. Click MY ACCOUNT, then scroll down to the Advanced area and click Single Sign-On.

  6. Use this page to configure the application for single sign-on.

  7. Click Enable Single Sign-On.
  8. Open the certificate that you downloaded earlier in a text editor, then copy the contents and paste them into the web application's certificate field.

  9. In the Identity Provider Configuration area of the Trust page, copy the Sign-in and Sign-out URLs from the Admin Portal and paste them into Zoom's sign-in and sign-out fields.

  10. In the Service Provider Configuration area of the Trust page, select the Metadata option, then enter the following URL (where "mycompany" is your company's Zoom domain) in the URL field and click Load.

    https://mycompany.zoom.us/saml/metadata/sp

  11. Specify the following remaining options in the web application:

    Option

    Required or optional

    Set it to

    Description

    Vanity URL

    Required

    [a URL of your choice and approved by Zoom]

    For example, if your company name is acme, you could request that your vanity URL is https://acme.zoom.us.

    Binding

    Required

    HTTP-POST

     

    Default user type

    Basic, Pro, or Corp

     

    This applies to automatic user provisioning. If the user who attempts to connect to Zoom does not yet exist in your Zoom account, Zoom creates a user account of this type automatically for the user.

    See https://support.zoom.us/hc/en-us/articles/201363003-Getting-Started for more information.

  12. Click Save.

For more information about Zoom

For more information about configuring Zoom for SSO, see the following information:

https://support.zoom.us/entries/22826921-Getting-Started

For information about editing and adding Zoom users, see the following information:

https://support.zoom.us/entries/23437441-About-User-Management