Ask Zac
Security & SSO intermediate 20 minutes

How to configure SSO with SAML 2.0 for Zoom

Learn how to configure sso with saml 2.0 for zoom. Step-by-step guide for Zoom administrators with prerequisites, detailed instructions, and troubleshooting tips.

Published February 26, 2026

Configuring Single Sign-On (SSO) with SAML 2.0 for Zoom involves setting up a connection between your Identity Provider (IdP) and Zoom to allow users to authenticate with their existing credentials. The process includes configuring your IdP with Zoom’s SAML settings and configuring Zoom with your IdP’s metadata or settings. Key steps include accessing the SSO settings in Zoom, providing your IdP’s information (URL and certificate), and configuring SAML attribute mapping.

Prerequisites

  • Administrator access to your Zoom account.
  • Administrator access to your SAML 2.0 compliant Identity Provider (IdP).
  • A verified associated domain in Zoom. See Getting started with associated domains.
  • Familiarity with SAML concepts such as Metadata, Assertion Consumer Service (ACS) URL, and Entity ID.

Configure Your Identity Provider (IdP)

  1. Gather Zoom’s SAML Information: You will need the following information from Zoom to configure your IdP:
    • Sign-in page URL: This is the URL where users will initiate the SSO login from Zoom. It will be auto-generated by Zoom in a later step.
    • Sign-out page URL: This is the URL where users will be redirected after signing out.
    • Identity provider issuer: This is a unique identifier for your Zoom account.
    • Public certificate: This validates the authentication request.
  2. Configure Your IdP Application: Log in to your IdP’s administration console (e.g., Okta, Azure AD, ADFS, etc.).
  3. Create a New Application: Create a new application within your IdP specifically for Zoom. This application will represent the connection between your IdP and Zoom. The process may vary depending on your IdP.
  4. Configure SAML Settings in Your IdP:
    • Assertion Consumer Service (ACS) URL: This URL tells your IdP where to send the SAML assertion after authentication. This URL will be auto-generated by Zoom in a later step.
    • Entity ID: This unique identifier is for Zoom and is typically zoom.us.
    • Name ID Format: Set the Name ID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
    • Name ID: Usually the user’s email address.
  5. Configure SAML Attributes: Configure the attributes that will be passed from your IdP to Zoom. At a minimum, you should include:
  6. Download IdP Metadata or Obtain Required URLs and Certificate: Your IdP will provide either:
    • Metadata URL: A URL pointing to an XML file containing your IdP’s configuration.
    • Identity Provider Single Sign-On URL: The URL that users will be redirected to for authentication.
    • Identity Provider Issuer: The unique identifier of your IdP.
    • X.509 Certificate: The public certificate used to verify SAML assertions.

Configure Zoom for SAML SSO

  1. Sign in to the Zoom web portal as an administrator.
  2. Navigate to Single Sign-On (SSO): In the navigation menu, click Advanced, then Single Sign-On. The direct link is https://zoom.us/account/sso.
  3. Enter IdP Information:
    • Identity provider issuer: Enter the Identity Provider Issuer from your IdP.
    • Sign-in page URL: Enter the Identity Provider Single Sign-On URL from your IdP.
    • Sign-out page URL: Enter the URL that users will be redirected to after signing out of Zoom. This URL may also be provided by your IdP, or it can be a custom URL.
    • X.509 Certificate: Upload the X.509 certificate you obtained from your IdP. Alternatively, you can copy and paste the certificate contents.
  4. Specify SAML Attributes:
    • In the Attributes section, map the SAML attributes from your IdP to the corresponding Zoom user profile fields.
      • Email Address: Select the SAML attribute that contains the user’s email address (e.g., email).
      • First Name: Select the SAML attribute that contains the user’s first name (e.g., firstName).
      • Last Name: Select the SAML attribute that contains the user’s last name (e.g., lastName).
  5. Configure Basic or Advanced SAML Mapping:
  6. Configure Security Settings:
    • Binding: Select the appropriate binding type (typically HTTP Redirect or HTTP POST). Consult your IdP documentation for the recommended binding type.
    • Signature Algorithm: Select the signature algorithm used by your IdP (e.g., SHA-256).
  7. Specify Associated Domains: Verify and add your associated domains in the associated domains section. See Getting started with associated domains. This allows you to manage users with your organization’s email domain.
  8. Save Configuration: Click Save to save your SAML SSO configuration. The automatically generated Service Provider (SP) Metadata (including the ACS URL and Entity ID) will be displayed. You may need to copy the ACS URL to paste into your IdP settings.

Test Your SSO Configuration

  1. Enable SSO Login: After saving the configuration, enable the “Sign in with SSO” option on the Zoom sign-in page.
  2. Test SSO: Instruct a user to log in to Zoom using the SSO option. They should be redirected to your IdP’s login page. After successful authentication, they should be redirected back to Zoom and logged in.
  3. Verify User Profile: Verify that the user’s profile information (email address, first name, last name) is correctly populated in Zoom based on the SAML attributes.

Common Issues

  • Invalid ACS URL: The ACS URL in your IdP configuration does not match the ACS URL generated by Zoom. Solution: Double-check and update the ACS URL in your IdP settings.
  • Certificate Mismatch: The X.509 certificate uploaded to Zoom does not match the certificate used by your IdP. Solution: Ensure you are using the correct and up-to-date certificate from your IdP.
  • SAML Attribute Mapping Incorrect: The SAML attributes are not mapped correctly in Zoom, resulting in incorrect user profile information. Solution: Verify and adjust the SAML attribute mapping in Zoom to match the attributes being sent by your IdP.
  • SSO Login Fails: Users are unable to log in using SSO. Solution: Check the IdP logs for any authentication errors. Verify that the user is assigned to the Zoom application in your IdP. Confirm that the NameID format is correct.
  • Just-In-Time (JIT) provisioning is not working: If user accounts are not created automatically, ensure JIT provisioning is enabled. If you prefer to create your accounts via REST API or CSV, see SSO Pre-provisioning.

Frequently Asked Questions

What information do I need from my Identity Provider (IdP) to configure SSO in Zoom?

You'll need the IdP's SSO URL (also known as the SAML endpoint), the IdP Entity ID (or Issuer URL), and the X.509 certificate. These details are crucial for establishing the secure connection between Zoom and your IdP.

What is the Zoom Service Provider Entity ID (Issuer), and where do I find it?

The Zoom Service Provider Entity ID (Issuer) is a unique identifier for your Zoom account used by the IdP. You can find it within the Zoom SSO settings page, usually in the 'SAML' section, after initiating the SSO configuration.

How do I test the SSO configuration after setting it up?

After configuring SSO, Zoom provides a test URL, or you can instruct a test user to attempt to log in to Zoom via your IdP's application portal. Successful login verifies that the SAML configuration is working correctly.

What happens if a user is provisioned in Zoom but doesn't exist in the Identity Provider?

If a user is provisioned in Zoom but not in the IdP, they will likely be unable to log in via SSO. Ensure user accounts are synchronized between Zoom and your Identity Provider for seamless authentication.

Need help configuring this?

Ask Zac can walk you through the setup step by step, or configure it for you automatically.

Try Ask Zac →