--- title: Adding Zoom to Your PingOne for Enterprise Dock description: Add the Zoom application to your PingOne for Enterprise dock from the application catalog. component: pingoneforenterprise page_id: pingoneforenterprise:pingone_for_enterprise_app_catalog:p14eapps_zoom canonical_url: https://docs.pingidentity.com/pingoneforenterprise/pingone_for_enterprise_app_catalog/p14eapps_zoom.html revdate: October 4, 2023 section_ids: about-this-task: About this task steps: Steps next-steps: Next steps zoom-connection-configuration: Zoom Connection Configuration steps-2: Steps choose-from: Choose from: choose-from-2: Choose from: next-steps-2: Next steps zoom-provisioning: Zoom Provisioning about-this-task-2: About this task steps-3: Steps zoom-attribute-mapping: Zoom Attribute Mapping about-this-task-3: About this task steps-4: Steps choose-from-3: Choose from: next-steps-3: Next steps zoom-customization: Zoom Customization steps-5: Steps next-steps-4: Next steps zoom-group-access: Zoom Group Access about-this-task-4: About this task steps-6: Steps next-steps-5: Next steps zoom-saml-connection: Zoom SAML Connection steps-7: Steps examplehttpssso-connect-pingidentity-comssoidpsso-saml2idpididpid-value: Example:https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid= --- # Adding Zoom to Your PingOne for Enterprise Dock Add the Zoom application to your PingOne for Enterprise dock from the application catalog. ## About this task | | | | - | -------------------------------------------------------------------------------------- | | | Single sign-on (SSO) is only available to paid business and educational Zoom accounts. | ## Steps 1. In the PingOne for Enterprise admin console, go to **Applications > Application Catalog**. 2. **Optional:** In the **Search** field, search for the application. 3. Click the **Zoom** application line to expand it and click **Setup**. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | As of June 2023, Zoom no longer allows the creation of new JSON Web Token (JWT) *(tooltip: \
\

An IETF standard container format for a JSON object used for the secure exchange of content, such as identity or entitlement information. You can find the industry standard in \RFC 7519\.\

\
)* applications.If you want to enable user provisioning for Zoom, select the **Zoom - OAuth** application in the PingOne for Enterprise Application Catalog.Learn more in [JWT App Type Deprecation](https://developers.zoom.us/changelog/platform/jwt-app-type-deprecation/) in the Zoom documentation. | 4. In a separate tab, go to and sign on to your account as an administrative user. 5. In the Zoom admin console, click **Single Sign-On**. 6. On the **Vanity URL** line, click **Apply**. 7. In the **Vanity URL** field, enter a vanity URL for your organization and click **Apply**. For more information, see [Guidelines for Vanity URL requests](https://support.zoom.us/hc/en-us/articles/215062646-Guidelines-for-Vanity-URL-Requests) in the Zoom documentation. | | | | - | ------------------------------------------------------------ | | | Zoom takes 1-2 business days to process vanity URL requests. | ## Next steps After Zoom approves your vanity URL request, return to the Zoom app catalog application and click **Continue to Next Step**. ## Zoom Connection Configuration ### Steps 1. Import the metadata for Zoom: #### Choose from: * To upload the metadata file: Click **Select File**. * To enter the URL of the metadata: Click **Or use URL**. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you upload a metadata file, the **Entity ID** field is automatically populated to include the `https` prefix. Leaving this prefix intact can cause configuration errors.After you upload the metadata file, you should verify that the **Entity ID** value is in the format `.zoom.us`. | 2. **Required:** In the **ACS URL** and **Entity ID** fields, replace the *${vanity}* variables with your Zoom vanity URL. 3. In the **Target Resource** field, enter a URL to redirect the user to after identity provider (IdP)-initiated SSO. 4. In the **Single Logout Endpoint** field, enter a URL for PingOne for Enterprise to send single logout (SLO) requests to. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------- | | | If you enter a value in the **Single Logout Endpoint** field, it should be in the format `https://.zoom.us/saml/SingleLogout`. | 5. In the **Single Logout Response Endpoint** field, enter a URL for PingOne for Enterprise to send SLO responses to. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Using the https\://*\*.zoom.us/saml/singlelogout SLO endpoint for both **Single Logout Endpoint** and **Single Logout Response Endpoint** improves your security by ending the user session in the application when the user's SSO session ends. | 6. To add a **Primary Verification Certificate**, click **Browse** to locate and upload a local certificate file used to verify SLO requests and responses coming from Zoom. 7. To add a **Secondary Verification Certificate**, click **Browse** to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails. 8. To require your identity bridge to re-authenticate users with an active SSO session, select the **Force Re-authentication** checkbox . 9. If you want PingOne for Enterprise to pass the `RequestedAuthnContext` request to the IdP for your account, select **Pass-Thru RequestedAuthnContext to IdP**. | | | | - | ------------------------------------------------------------------------------- | | | This option is available only if you upload a primary verification certificate. | 10. To encrypt outgoing SAML assertions, select the **Encrypt Assertion** checkbox. 11. On the **Signing** line: #### Choose from: * To have PingOne for Enterprise sign outgoing SAML assertions: Click **Sign Assertion**. This is the default option. * To have PingOne for Enterprise sign responses to incoming SAML assertions: Click **Sign Response**. 12. In the **Signing Algorithm** list, select an algorithm with which to sign SAML assertions. 13. To enter a custom URL to launch Zoom from the dock, select the **Use Custom URL** checkbox. 14. To enable user provisioning, select the **Set Up Provisioning** checkbox. ### Next steps Click **Continue to Next Step**. ## Zoom Provisioning ### About this task | | | | - | ------------------------------------------------------------------------------------------------------------------ | | | If you don't need to set up user provisioning, proceed to [Zoom Attribute Mapping](p14eapps_zoom_attributes.html). | ### Steps 1. Sign on to the [Zoom App Marketplace](https://marketplace.zoom.us/) as an administrator. 2. Click **Develop > Build App**. 3. On the **Choose your app type** page, in the **Server-to-Server OAuth** tile, click **Create**. 4. In the **App Name** field, enter a name for your application and click **Create**. 5. On the **App credentials** tab, copy the **Account ID**, **Client ID**, and **Client Secret** values, then click **Continue**. You will enter these values into PingOne for Enterprise later. 1. On the **Information** tab, complete the following information: 1. In the **Short description** field, enter a description for the application. 2. In the **Company Name** field, enter the name of your organization. 3. In the **Name**, enter the name of the contact for your Zoom account administrator. 4. In the **Email address** field, enter to company email address of your Zoom account administrator. | | | | - | ----------------------------------------------------------------------------- | | | The information on this tab is required for you to activate your application. | 2. On the **Features** tab, click **Continue**. 3. On the **Scopes** tab: 1. Click **Add Scopes**. 2. On the **Add Scopes** dialog, select the checkboxes to add the following scopes: * **User** * **View and manage sub account's user information** (user:master) * **View all user information** (user:read:admin) * **View users information and manage users** (user:write:admin) * **Account** * **View and manage sub accounts** (account:master) * **View account info** (account:read:admin) * **View and manage account info** (account:write:admin) * **SCIM2** * **Call Zoom SCIM2 API** (scim2) 3. Click **Done** to add the selected scopes. 4. On the **Activation** tab, click **Activate**. 5. In PingOne for Enterprise, click **Continue to Next Step** until you see the **Application Configuration** tab. 6. On the **Application Configuration** tab, configure your Zoom connection. 1. Review the values for the **SCIM\_URL** and **OAUTH\_TOKEN\_URL** fields, and change if necessary. | | | | - | ------------------------------------------------ | | | The default values will work for most customers. | 2. In the **OAUTH\_ACCOUNT\_ID** field, enter your Zoom account ID. 3. In the **OAUTH\_CLIENT\_ID** field, enter your Zoom client ID 4. In the **OAUTH\_CLIENT\_SECRET** field, enter your Zoom client secret. 5. From the **REMOVE\_ACTION** list, select one of the following options: * If you select **Disable**, a user you disable or delete in PingOne for Enterprise will be disabled in Zoom. * If you select **Delete**, a user you disable or delete in PingOne for Enterprise will be deleted in Zoom. 6. Click **Continue to Next Step**. ## Zoom Attribute Mapping ### About this task PingOne for Enterprise automatically populates required SAML attributes. For Zoom, the required attribute is `SAML_SUBJECT`. Map this to the attribute of the user's email address, usually `SAML_SUBJECT` or `email`. ### Steps 1. To add an additional optional attribute, click **Add new attribute**. 2. In the **Application Attribute** field, enter the attribute name as it appears in the application. 3. In the **Identity Bridge Attribute or Literal Value** field, choose one of the following: #### Choose from: * To map to the application attribute: Enter or select a directory attribute. * To assign to the application attribute: Select **As Literal**, then enter a literal value. 4. To create advanced attribute mappings, click **Advanced**. Learn more in [Creating advanced attribute mappings](../pingone_for_enterprise/p14e_creating_advaced_attribute_mappings.html). ### Next steps Click **Continue to Next Step**. ## Zoom Customization ### Steps * To change the application icon, click **Select image** and upload a local image file. The image file must be: * PNG, GIF, or JPG format * 312 x 52 pixels maximum * 2 MB maximum file size | | | | - | ------------------------------------------------ | | | Images are scaled to 64 x 64 pixels for display. | * To change the name of the application displayed on the dock, in the **Name** field, enter a new name. * To change the description of the application, in the **Description** field, enter the new description text. * To change the category to which the application is assigned on the dock, in the **Category** list, select a category. Learn more in [Creating a custom application category](../pingone_for_enterprise/p14e_creating_custom_application_category.html). ### Next steps Click **Continue to Next Step**. ## Zoom Group Access ### About this task The **Group Access** tab shows every user group that you have created. Learn more in [Adding user groups](../pingone_for_enterprise/p14e_add_groups.html). ### Steps * To add a group's access to the application, on the line for that group, click **Add**. * To remove a group's access, on the line for that group, click **Remove**. * When you're finished assigning groups, click **Continue to Next Step**. ### Next steps On the **Review Setup** tab, review your configuration, and click **Finish** to add the application to your PingOne for Enterprise Dock. ## Zoom SAML Connection ### Steps 1. On the **Review Setup** tab: 1. On the **Signing Certificate** line, click **Download** to download the signing certificate. 2. On the **SAML Metadata** line, click **Download** to download the metadata file. 2. In a separate tab, sign on to the Zoom admin console and go to the **Single Sign-On** tab. 3. In Zoom, set the **Sign-in Page URL** value: 1. Open the metadata file in a text editor. 2. Copy the `SingleSignOnService` `Location` value. #### Example:`https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=` 3. In the Zoom admin console, paste the `Location` value into the **Sign-in Page URL** field. 4. **Optional:** In the **Sign-Out page URL** field, enter `https://.zoom.us/saml/SingleLogout`. | | | | - | ----------------------------------------------------------------------------------------------- | | | An SLO URL improves security by ending a user session in Zoom when the user's SSO session ends. | 5. In the **Service Provider (SP) Entity ID** list, select the non-HTTPS option. 6. In the **Enter Issuer** field, paste the *entityID* value from the metadata file. 7. Enter the **Identity provider certificate** value: 1. Open the signing certificate file in a text editor. 2. Copy the contents of the signing certificate file, excluding the `BEGIN CERTIFICATE` and `END CERTIFICATE` lines. 3. In the Zoom admin console, paste the certificate contents into the **Identity provider certificate** field. 8. On the **Binding** line, click either **HTTP-POST** or **HTTP-Redirect**. | | | | - | ------------------------------------------------------------------------------------------------------------------ | | | **HTTP-POST** is the more secure option, because it doesn't expose the SAML token as a query parameter in the URL. | 9. On the **Signature Hash Algorithm** line, click **SHA-256**. 10. On the **Security** line, select the checkboxes of the security policies to implement. | | | | - | --------------------------------------------------------------------------------------------------------- | | | Improve your security by selecting **Sign SAML request** and **Save SAML response logs on user sign-in**. | 11. Click **Save Changes**.