How to Set Up Zoom SSO with Google Workspace (SAML 2.0)

Single sign-on lets your users sign into Zoom with their Google Workspace credentials — no separate Zoom password. When you disable a user in Google, they immediately lose Zoom access.

This guide covers the full SAML 2.0 setup between Google Workspace and Zoom. For the complete picture of all Zoom + Google integrations, see the Complete Guide to Zoom and Google Workspace.

Prerequisites

• Google Workspace (any edition — Business Starter, Standard, Plus, Enterprise, or Education)
• Google super admin access
• Zoom Business or Enterprise plan (SSO is not available on Pro)
• Zoom admin account with owner or admin privileges
• A vanity URL configured in Zoom (e.g., yourcompany.zoom.us)

Step 1: Configure Your Vanity URL

SSO requires a vanity URL — this is what users visit to trigger the Google login redirect.

1. Sign in to the Zoom admin portal.
2. Go to Account Management > Account Profile.
3. Under Vanity URL, enter your company name (e.g., yourcompany).
4. Click Save. Your SSO login URL will be https://yourcompany.zoom.us.

Vanity URL changes take effect immediately but can only be set once — choose carefully.

Step 2: Add Zoom as a SAML App in Google Admin

1. Sign in to the Google Admin console.
2. Go to Apps > Web and mobile apps.
3. Click Add app > Search for apps.
4. Search for Zoom and select the Zoom SAML app from the catalog.
5. Google pre-fills most SAML settings. On the Google Identity Provider details page, download or note:
   • SSO URL: https://accounts.google.com/o/saml2/idp?idpid=XXXXX
   • Entity ID: https://accounts.google.com/o/saml2?idpid=XXXXX
   • Certificate: Download the X.509 certificate file

Keep this page open — you’ll need these values for the Zoom side.

Step 3: Configure Attribute Mapping

On the Attribute mapping page in Google Admin, verify these mappings:

These are typically pre-configured when you select Zoom from the app catalog. If not, add them manually.

Optional attributes:

Step 4: Set User Access Scope

Still in Google Admin:

1. Under User access, choose who can use the Zoom SAML app:
   • ON for everyone — all users in your Google Workspace org can SSO into Zoom
   • ON for specific organizational units — limit to specific OUs
2. Click Save.

Start with a specific OU (e.g., your IT team) for testing before rolling out org-wide.

Step 5: Configure SSO in Zoom

1. In the Zoom web portal, go to Advanced > Single Sign-On.
2. If this is your first time, click Enable SSO. If already configured, click Edit.
3. Enter the following:

4. Click Save Changes.

Step 6: Configure Sign-In Methods

Decide how users can authenticate:

1. In Zoom admin portal, go to Advanced > Security > Sign-in methods.
2. Options:
   • SSO only — users must go through Google SSO (recommended for security)
   • SSO + password — allow both methods during transition
   • SSO + Google OAuth — allow “Sign in with Google” button alongside SSO

For maximum security, disable password-based login after confirming SSO works for all users.

Step 7: Test the Configuration

1. Open an incognito/private browser window.
2. Navigate to https://yourcompany.zoom.us.
3. You should be redirected to the Google sign-in page.
4. Sign in with a Google Workspace account that has access to the Zoom SAML app.
5. You should land in Zoom, authenticated.

Test the full lifecycle:

• Sign in via SSO — confirms SAML assertion works
• Check user profile — confirms attribute mapping (name, email)
• Sign out of Zoom — confirms sign-out URL works
• Sign out of Google — confirms session is cleared across both

Advanced: Conditional Access via Google Context-Aware Access

Google Workspace Enterprise edition supports Context-Aware Access, which lets you enforce conditions on SSO:

• Device policy — only allow SSO from managed devices (via Google Endpoint Management)
• IP restrictions — only allow SSO from corporate IP ranges
• OS requirements — require minimum OS versions

Configure these in Google Admin under Security > Access and data control > Context-Aware Access. Create an access level, then assign it to the Zoom SAML app.

After SSO: Set Up SCIM Provisioning

SSO handles authentication. For automated user lifecycle management (auto-create Zoom accounts when users join, auto-deactivate when they leave), set up SCIM provisioning next.

Set up SCIM provisioning with Google Workspace →

Common Issues

• Login loop (redirects back to Google repeatedly) — The most common cause is an Entity ID mismatch between Google and Zoom. Copy the exact Entity ID from the Google Admin page and paste it into Zoom’s SSO settings. Check for trailing slashes or extra characters.
• “SAML response is not valid” error — The X.509 certificate uploaded to Zoom doesn’t match the one Google is signing with. Re-download the certificate from Google Admin and re-upload to Zoom. Certificates can also expire — Google rotates them periodically.
• User gets a new Zoom account instead of linking to existing — The email in the SAML assertion doesn’t match the existing Zoom account email. Verify the attribute mapping sends Primary email as the email claim. If users were provisioned with a different email, you may need to update their Zoom account email first.
• SSO works for some users but not others — Check the User access scope in Google Admin. If set to specific OUs, the user must be in an enabled OU. Also verify the user has been assigned a Zoom license.
• Can’t access Zoom on mobile — The Zoom mobile app supports SAML SSO. Users tap “Sign in with SSO,” enter the vanity URL domain (e.g., yourcompany), and are redirected to Google’s mobile sign-in. If it fails, check that your Google conditional access policies allow mobile devices.