1. Import the metadata for Zoom:
    • To upload the metadata file: Click Select File.
    • To enter the URL of the metadata: Click Or use URL.
    Important:

    If you upload a metadata file, the Entity ID field is automatically populated to include the https prefix. Leaving this prefix intact can cause configuration errors.

    After you upload the metadata file, you should verify that the Entity ID value is in the format <vanity name>.zoom.us.

  2. Required: In the ACS URL and Entity ID fields, replace the ${vanity} variables with your Zoom vanity URL.
  3. In the Target Resource field, enter a URL to redirect the user to after identity provider (IdP)-initiated SSO.
  4. In the Single Logout Endpoint field, enter a URL for PingOne for Enterprise to send single logout (SLO) requests to.
    Note:

    If you enter a value in the Single Logout Endpoint field, it should be in the format https://<vanity name>.zoom.us/saml/SingleLogout.

  5. In the Single Logout Response Endpoint field, enter a URL for PingOne for Enterprise to send SLO responses to.
    Tip:

    Using the https://<your vanity URL>.zoom.us/saml/singlelogout SLO endpoint for both Single Logout Endpoint and Single Logout Response Endpoint improves your security by ending the user session in the application when the user's SSO session ends.

  6. To add a Primary Verification Certificate, click Browse to locate and upload a local certificate file used to verify SLO requests and responses coming from Zoom.
  7. To add a Secondary Verification Certificate, click Browse to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.
  8. To require your identity bridge to re-authenticate users with an active SSO session, select the Force Re-authentication check box .
  9. If you want PingOne for Enterprise to pass the RequestedAuthnContext request to the IdP for your account, select Pass-Thru RequestedAuthnContext to IdP.
    Note:

    This option is available only if you upload a primary verification certificate.

  10. To encrypt outgoing SAML assertions, select the Encrypt Assertion check box.
  11. On the Signing line:
    • To have PingOne for Enterprise sign outgoing SAML assertions: Click Sign Assertion. This is the default option.
    • To have PingOne for Enterprise sign responses to incoming SAML assertions: Click Sign Response.
  12. In the Signing Algorithm list, select an algorithm with which to sign SAML assertions.
  13. To enter a custom URL to launch Zoom from the dock, select the Use Custom URL check box.
  14. To enable user provisioning, select the Set Up Provisioning check box.

Click Continue to Next Step.