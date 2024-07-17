Connect to Zoom through Access

This guide covers how to configure Zoom External link icon Open external link as a SAML application in Cloudflare Zero Trust.

​​ 1. Add a SaaS application to Cloudflare Zero Trust

In Zero Trust External link icon Open external link , go to Access > Applications. Select Add an application > SaaS > Select. For Application, select Zoom. For the authentication protocol, select SAML. Select Add application. Fill in the following fields: Entity ID : https://<your-vanity-url>.zoom.us

: Assertion Consumer Service URL : https://<your-vanity-url>.zoom.us/saml/SSO

: Name ID format: Email Copy the Access Entity ID or Issuer, Public key, and SSO endpoint. Select Save configuration. Configure Access policies for the application. Select Done.

​​ 2. Add a SAML SSO provider in Zoom

In Zoom, go to Advanced > Single Sign-On. For Vanity URL, select the vanity URL you want to configure SSO for. Fill out the following fields: Sign in page URL : SSO endpoint from application configuration in Cloudflare Zero Trust

: SSO endpoint from application configuration in Cloudflare Zero Trust Identity Provider Certificate : Public key from application configuration in Cloudflare Zero Trust

: Public key from application configuration in Cloudflare Zero Trust Service Provider (SP) Entity ID : yourvanityurl.zoom.us (no https:// )

: (no ) Issuer (DP Entity ID): Access Entity ID or Issuer from application configuration in Cloudflare Zero Trust For Binding, select http-redirect. For Signature Hash Algorithm, ensure SHA-256 is selected. Under Security, turn off Sign SAML request and Sign SAML logout request. Select Save Changes. Go to Advanced > Security. Under Sign-in Methods, ensure Allow users to sign in with Single Sign-On (SSO) is turned on.

​​ 3. Test the integration

Open an incognito browser window, go to your Zoom vanity URL, and select Sign in. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.

Once this is successful, you can require SSO for users in your associated domain(s) by completing the following steps: