Okta configuration with Zoom

Single sign-on allows you to login to your Zoom account using your company credentials. A connection is made between Okta, the identity provider (idP), and Zoom, the service provider (SP), to allow users to directly connect to their zoom accounts. 

Once you configured your Okta account with Zoom, you can follow these instructions to manage users.

This article covers:

• How to add the Zoom app
  • Add the Zoom pre-built app to Okta
  • Add the Zoom custom app to Okta
• How to connect Okta and Zoom

Prerequisites for Okta configuration with Zoom

• Zoom owner or admin privileges
• Business, Education, or Enterprise account with approved Vanity URL
• Single Sign-On enabled
• Okta admin privileges

Note: Without an approved Associated Domain, users will need to confirm to being provisioned on the account through an email automatically sent to them. Provisioning will take place without email confirmation for any users falling under an approved domain.

How to add the Zoom app

There are two ways that you can configure Zoom with Okta. You can use the pre-built Zoom app in the Okta Application Console to automatically configure the Okta app for Zoom, or you can set up a custom app in Okta for Zoom.

Add the Zoom pre-built app to Okta

1. In Okta Console, go to Applications.
2. Click Add Application. 
3. Search for Zoom.
4. Click Add.
5. This will take you to the General Settings page.

• Application label: You can leave this as Zoom or rename as desired.
• Subdomain: Enter only the custom part of your Vanity URL. For example, if your vanity URL is https://mydomain.zoom.us, only enter mydomain.
• (Optional) Application visibility: Check the options if you don’t want to make this app visible to your users. 
• Click Done.

Add the Zoom custom app to Okta

1. In Okta console, go to Applications.
2. Click Add Application.
3. Click Create New app.
   • Platform: Web
   • Sign on method: SAML 2.0
4. Click Create. This will take you to the General Settings page.
   • App Name: You can give the app the name of your choice, something that will identify this as the Zoom app for you on the Okta side, eg. Zoom. 
   • (Optional) App logo: Upload the Zoom logo if desired
   • (Optional) App visibility: Check these options if you don’t want to show the Zoom custom app to show to your users in Okta.
5. Click Next. This will take you to the Configure SAML page. 
   • Single sign on URL: https://yourvanityurl.zoom.us/saml/SSO
   • Check Use this for Recipient URL and Destination URL 
   • Leave Allow this app to request other SSO URLs unchecked
   • Audience URI (SP Entity ID): https://yourvanityurl.zoom.us
   • Default RelayState: Leave blank. 
   • Name ID Format: Select EmailAddress.
   • Application username: Select Okta username.
   • Click Show Advanced Settings. 
   • Response: Choose Signed. 
   • Assertion Signature: Choose Unsigned. 
   • Signature Algorithm: Choose RSA-SHA256.
   • Digest Algorithm: Choose SHA256.
   • Assertion Encryption: You can choose either. If you choose encrypted, you will need to check the option for encrypted assertions on the Zoom side. If unsure, leave as Unencrypted.
   • Enable Single Signout: Leave unchecked.
   • Authentication context class: Choose PasswordProtectedTransport.
   • Honor Force Authentication: Choose Yes.
   • SAML Issuer ID: Leave blank.
   • Attribute Statements: 

     Name	Name format	Value
     email	Unspecified	user.email
     firstName	Unspecified	user.firstName
     lastName	Unspecified	user.lastName

   • Group Attribute Statements: Leave blank.
   • Preview the SAML Assertion: You can click to preview the SAML assertion.
6. Click Next.
7. This will take you to the Okta feedback page. Enter your feedback if desired and click Next.

How to connect Zoom and Okta

Zoom and Okta need to create a trusted relationship with each other to allow communication.

1. In Okta Console, go to Applications.
2. Click on the Zoom app.
3. Click the Sign On tab.
   • Click View Setup Instructions to review Okta setup instructions to configure SAML 2.0 for Zoom.
4. Open a new browser window and sign in to the Zoom web portal as an admin or as the owner.
5. In the navigation menu in the Zoom web portal, click Advanced then Single Sign-On.
6. Click Enable Single Sign-On.
7. On the SAML tab, click Edit.
8. From the instruction page in Okta, copy the following in the Zoom SSO page:

   From Okta	To Zoom
   Sign-in Page URL	Sign-in Page URL box
   Sign-out Page URL	Sign-out Page URL box
   Identity Provider Certificate	Identity Provider Certificate box
   Issuer (IDP Entity ID)	Issuer (IDP Entity ID)  box

9. In Binding, select HTTP-Redirect.
10. In Signature Hash Algorithm, select SHA-256.
11. In Security and Provision User, select as desired.
12. Click Save Changes.