Single sign-on lets your users sign into Zoom with their Okta credentials — centralized authentication, MFA enforcement, and instant deprovisioning when someone leaves.
This guide covers SAML 2.0 SSO setup between Okta and Zoom using the OIN integration. After SSO, set up SCIM provisioning for automated user lifecycle management. For the complete integration picture, see the Complete Guide to Zoom and Okta.
Prerequisites
- Okta account (any edition)
- Okta admin access
- Zoom Business or Enterprise plan
- Zoom admin account with owner or admin privileges
- A vanity URL configured in Zoom (e.g.,
yourcompany.zoom.us)
Step 1: Configure Your Vanity URL
SSO requires a vanity URL — this is what users visit to trigger the Okta login redirect.
- Sign in to the Zoom admin portal.
- Go to Account Management > Account Profile.
- Under Vanity URL, enter your company name (e.g.,
yourcompany). - Click Save. Your SSO login URL will be
https://yourcompany.zoom.us.
Step 2: Add Zoom from the Okta Integration Network
- In the Okta Admin Console, go to Applications > Applications.
- Click Browse App Catalog.
- Search for Zoom and select the Zoom app (the OIN integration).
- Click Add Integration.
- On the General Settings tab:
- Subdomain: Enter your Zoom vanity URL subdomain (e.g.,
yourcompany)
- Subdomain: Enter your Zoom vanity URL subdomain (e.g.,
- Click Done.
Use the OIN app — don’t create a custom SAML application. The OIN app comes pre-configured with correct SAML settings and supports SCIM provisioning.
Step 3: Get SAML Configuration Values from Okta
- In the Zoom app in Okta, go to the Sign On tab.
- Verify the pre-filled SAML settings:
- Single Sign On URL:
https://yourcompany.zoom.us/saml/SSO - Audience (SP Entity ID):
https://yourcompany.zoom.us
- Single Sign On URL:
- Click View SAML setup instructions to get the values you need for Zoom:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate (download the file)
Keep this page open — you’ll enter these values in Zoom next.
Step 4: Configure Attribute Mapping
On the Sign On tab, verify attribute statements:
| Okta Attribute | SAML Attribute | Required? |
|---|---|---|
user.email | email | Yes |
user.firstName | firstName | Yes |
user.lastName | lastName | Yes |
These are typically pre-configured by the OIN app. Add optional attributes if needed:
| Okta Attribute | SAML Attribute | Purpose |
|---|---|---|
user.department | department | User department in Zoom profile |
user.displayName | displayName | Display name |
Step 5: Configure SSO in Zoom
- In the Zoom web portal, go to Advanced > Single Sign-On.
- Enable SSO and enter:
| Setting | Value |
|---|---|
| Sign-in page URL | Okta’s Identity Provider SSO URL from Step 3 |
| Sign-out page URL | https://yourcompany.okta.com (your Okta domain) |
| Identity provider certificate | Upload the X.509 certificate from Step 3 |
| Issuer (IDP Entity ID) | Okta’s Identity Provider Issuer URL from Step 3 |
| Binding | HTTP-Redirect |
| Signature hash algorithm | SHA-256 |
- Click Save Changes.
Step 6: Assign Users
Back in Okta, assign users to the Zoom app:
- Go to the Zoom app > Assignments tab.
- Click Assign > choose one:
- Assign to People — individual users
- Assign to Groups — entire Okta groups (recommended)
- Select the users or groups > click Assign > Save and Go Back.
Only assigned users can authenticate to Zoom via Okta SSO.
Step 7: Test the Configuration
- Open an incognito/private browser window.
- Navigate to
https://yourcompany.zoom.us. - You should be redirected to the Okta sign-in page.
- Sign in with an assigned Okta account.
- You should land in Zoom, authenticated.
Test the full flow:
- Sign in via SSO — confirms SAML assertion works
- Check user profile — confirms attribute mapping (name, email)
- Sign out of Zoom — confirms sign-out URL redirects to Okta
- Test MFA (if configured) — confirms Okta sign-on policy applies
Step 8: Configure Sign-In Methods
After confirming SSO works:
- In Zoom admin portal, go to Advanced > Security > Sign-in methods.
- Recommended: disable password-based login and require SSO for all managed users.
- Set managed domains so that any email from your domain is forced through SSO.
Next: Set Up SCIM Provisioning
SSO handles authentication. For automated user lifecycle (auto-create accounts, auto-deactivate on departure, group-based licensing), configure SCIM next.
Set up SCIM provisioning with Okta →
Common Issues
- SSO redirect loop — The most common cause is an Entity ID mismatch. Copy the exact Issuer URL from Okta’s SAML setup instructions and paste it into Zoom. Check for trailing slashes, protocol differences (http vs https), or extra whitespace.
- “SAML response is not valid” error — The X.509 certificate in Zoom doesn’t match what Okta is signing with. Re-download the certificate from Okta and re-upload to Zoom. Also check that the certificate hasn’t expired.
- User can’t sign in (“Not assigned”) — The user isn’t assigned to the Zoom app in Okta. Go to the Zoom app > Assignments and verify the user or their group is listed.
- SSO works but user gets a new Zoom account — The email in the SAML assertion doesn’t match the existing Zoom account email. Verify attribute mapping sends
user.emailas theemailclaim. If the user signed up with a different email, update their Zoom account email to match their Okta email. - MFA not prompting — Check the sign-on policy for the Zoom app in Okta. MFA policies are per-app — you may need to add a policy rule specifically requiring MFA for the Zoom application.
- Mobile SSO not working — The Zoom mobile app supports SAML SSO. Users tap “Sign in with SSO,” enter the vanity URL domain, and are redirected to Okta’s mobile sign-in. If Okta blocks mobile browsers, check your Okta device trust policies.