Information to consider for advanced SAML mapping
When configuring SAML Advanced Information Mapping, there are a number of items to consider for effective mapping to avoid unexpected results. You can review the information below regarding the section you are setting up to ensure desired outcomes.
Note: Some sections are dependent on their associated licensing types being tied to the account, for example, Zoom Translated Captions and Concurrent Licenses.
Information to consider that applies to all SAML Advanced Information Mapping sections
- Advanced SAML mapping is hierarchical.
- Advanced SAML mapping works off a contains basis rather than an exact match.
- Advanced SAML mapping works off a first-match basis, meaning the rule processing stops after an attribute name/value pair has been matched.
Note: An exception exists for Zoom Webinars and Large Meeting add-ons.
License Assignment (Supported Zoom Workplace Bundle Assignment)
- No change will be made to an existing user’s license assignment unless there is a matching attribute name/value pair.
- None will block access to a user who matches None and will prevent user creation.
- If a licensed user has upcoming events and matches the Basic license type, they will not be downgraded to Basic.
Add-on:
- Zoom Webinars / Large Meeting
- The same attribute/value pair can be used to assign both Zoom Webinars and Large Meeting add-ons as separate entries.
Notes:
- Processing of Zoom Webinars rules will stop once a webinar match has been made.
- Processing of Large Meeting rules will stop once a large meeting match has been made.
- These matches are independent of each other. Outside of these exceptions, the first match rule applies.
- If this section is mapped and there is no matching attribute/value pair, the add-on will be removed.
- The Add-on cannot be changed from one type to another by changing the attribute/value pair, this must be done through user management, or the existing add-on must be removed first.
- Zoom Translated Captions
- Zoom Workforce Management
- Zoom Quality Management
- Zoom Scheduler
- Visitor Management
- Zoom Workplace for Clinicians
- Zoom Custom AI Companion
License:
- Zoom Events Unlimited
- Zoom Sessions - Pay Per Attendee
- Zoom Events - Pay Per Attendee
- Zoom Revenue Accelerator
- Zoom Custom AI Companion
Zoom Whiteboard
- Only available for accounts with Zoom Whiteboard plans.
- Users with an attribute/value pair match will be assigned licensing regardless of whether the user is licensed or basic.
Zoom Revenue Accelerator
If the account has Zoom Revenue Accelerator plans, the SAML mapping page will display the Zoom Revenue Accelerator SAML mapping.
Note: This feature will not be applicable if users' meeting data transit and residency method is On-Prem.
- Only available for accounts with Zoom Revenue Accelerators plans.
- Only licensed users can be assigned a Zoom Revenue Accelerator plan through SAML mapping.
- Zoom Revenue Accelerator licensing must be removed through User Management. The license will not be removed even if the SAML mapping is not matched.
Sign in to Sub Account
A page specific to primary/sub account should be created.
- Allows users to sign in to the designated sub-account utilizing the primary account’s SSO configuration.
- All mappings below the sub-account mapping section will not be applied to sub-accounts. They apply to the Primary account only.
- See Primary/sub account mapping page (which doesn’t exist yet).
User Role
- User role mappings will not be applied to the account owner.
- If the user does not match a matching attribute/value pair, the user will be placed in the Member group.
User Group
- Group mappings will not be applied to the account owner.
- If the user does not pass a matching attribute/value pair, no changes will be made to the user’s existing groups. To remove users from groups entirely, this must be done manually.
- If an attribute/value pair is matched, any existing groups will be overwritten by the groups specified in Advanced SAML Mapping.
- A single attribute/value pair must be utilized to map a user to multiple groups.
- Multiple groups can be specified in the Resulting Value field.
- The first group selected from the list of groups will be the primary group.
- Supports a maximum of 20 groups.
User Group Admin
- If no matching attribute/value pair exists, no update will be made.
- If an attribute/value pair is matched, any existing group admin assignments will be overwritten by the group admin assignments specified in the Advanced SAML mapping.
Channel
Recording Location
Zoom Rooms Admin
- If there is no attribute/value pair match, no changes will take place.
- When there is an attribute/value pair match, the user’s current zoom room admin assignments will be overwritten.
Contact Group
Zoom Phone Calling Plan
- Only available for accounts with Zoom Phone Calling plans.
- Mappings do not apply to the owner.
- User must have a zoom phone extension number OR must already be an existing Zoom Phone user.
- Zoom Phone extension can be assigned through SAML Basic Mapping. When using Basic SAML Mapping to assign an extension, and Advanced SAML mapping to assign a calling plan, the user must sign in twice. First to be assigned their extension, and the second time to get the calling plan.
Zoom Phone Role
Zoom Phone Site
- User must have a zoom phone extension number OR must already be an existing Zoom Phone user.
- If there is no match, the site will not change.
Zoom Translated Captions
Zoom Scheduler
Zoom Clipls Plus
Zoom Mail and Calendar
Zoom Docs
Zoom Custom Avatars
Compliance Management
Visitor Management
Division
Zoom Workplace for Frontline
Zoom Workplace for Clinicians
Zoom Auto Dialer Plus
Zoom Revenue Accelerator Role
Zoom Contact Center Role
Zoom Contact Center Package
Zoom Contact Center Add-ons
Zoom Contact Center Team
Zoom Contact Center Supervisor
Zoom Contact Center Region
Zoom Contact New User Template
Zoom Workforce Management
Zoom Quality Management