Account owners and admins can configure authentication profiles for single sign-on (SSO) for external authentication for Zoom Events and Zoom Sessions. Authentication profiles for SSO provide a way to enable a large group of users to join an event without having to register. Those users will authenticate through the identity provider (IDP). This must be a separate integration that is not associated with an already existing Zoom SSO integration.

This configuration is particularly useful for large enterprises/organizations that want to run a large Zoom Event and have a simple join link for all users to attend. When configuring authentication profiles for SSO for  Zoom Events/Zoom Sessions with Azure, there is no requirement for registration/pre-registration. Hosts can send or advertise the link. Hosts can also use this to control who can view and register for an event.

Learn more about enabling external authentication in Zoom Events and Zoom Sessions, creating registration and group join links, and configuring Zoom with Azure.

This article covers:

• How to configure Zoom Events and Zoom Sessions with Azure
  • Create an event with authentication profiles for SSO

Prerequisites for configuring Zoom Events and Zoom Sessions with Azure

• Account owner or admin privileges
• Business or Education account with an approved vanity URL
• Azure AD subscription
• Azure admin privileges
• Zoom Events Unlimited license or Zoom Events Pay Per Attendee license, or Zoom Sessions Unlimited license or Zoom Sessions Pay Per Attendee license

Note: Without an approved associated domain, users will need to confirm to be provisioned on the account through an email automatically sent to them. Provisioning will take place without email confirmation for any users falling under an approved domain.

How to configure Zoom Events and Zoom Sessions with Azure

1. Create a new custom app for Azure in your IDP.
2. Sign in to Azure.
3. Click Azure Active Directory.
4. Click Enterprise Applications, then click New Application.
5. Select Azure AD SAML Toolkit.
6. In the left navigation menu, click Single sign-on.
7. On the page, select SAML.
   The SSO configuration page will appear.
8. In the Basic SML Configuration section, click the Edit icon .
9. Under SAML Signing Certificate, click Download next to Certificate (Base 64) and save it to your computer.
10. On a new browser tab, sign in to the Zoom web portal as an admin with account privileges.
11. In the navigation menu, click Account Management then Account Settings.
12. Under Security, locate the Meetings & Webinar Authentication Options setting, then click + Add Configuration.
13. Enter the following required fields:
    Note: Do not select Set as default authentication option if you are configuring this specifically for Zoom Events.
    • Give a name for users to know this authentication
    • Sign-in page URL: Enter a valid login page URL.
    • Identity provider certificate: Copy the certificate (from step 9) from Azure (remove -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- before pasting it into the Zoom web portal).
    • Issuer (IDP Entity ID): Azure AD identifier.
14. Click Save.
    After saving those settings, the SP metadata XML file will appear next to the Azure configuration on the Zoom web portal.
15. Download the file and ensure that it includes the configuration data.
    Note: If the file contains only 1 row of text, then it has not worked yet.
16. Return to the Azure site's Single sign-on page, then click Upload metadata file to upload the SP metadata XML file.
    Once uploaded, all the Basic SAML Configuration fields will update within Azure.
17. In Azure, copy the Identifier (Entity ID) field and paste it into the Sign on URL (Optional) field so both of those fields will be the same.
18. Configure users or groups with access to the app.

The IDP option in Zoom Events and Zoom Sessions will be available in the Links & Event Access tab when you set up the event.

Create an event with authentication profiles for SSO

1. Sign in to Zoom Events.
2. Access the Links & Event Access tab.
3. Create a group join link.
   • Under Authentication method at join, click the dropdown menu and select Authenticated via Identity Provider (external SSO).
   • Select your IDP. If you have multiple IDPs configured, you can create separate group join links for each one.
4. (Optional) Create a registration link or use pre-registration with SSO to set up a registration link that will be secured by the IDP.
   • Under Authentication method at registration and join, click the dropdown menu and select Authenticated via Identity Provider (external SSO).
   • Select your IDP.
5. Click Save.
6. Publish the event.

You can access the registration and group join link by clicking Dates & Links in the event creation header after you publish your event.

Learn more about creating registration and group join links with authentication profiles in the Links & Event Access tab.