Zoom
Last reviewed: 4 months ago
This guide covers how to configure Zoom ↗ as a SAML application in Cloudflare Zero Trust.
Prerequisites
- An identity provider configured in Cloudflare Zero Trust
- Admin access to a Zoom Business, Education, or Enterprise account
- An associated domain ↗ configured in your Zoom account
- A vanity URL ↗ configured in your Zoom account
1. Add a SaaS application to Cloudflare Zero Trust
- In Zero Trust ↗, go to Access > Applications.
- Select Add an application > SaaS > Select.
- For Application, select Zoom.
- For the authentication protocol, select SAML.
- Select Add application.
- Fill in the following fields:
- Entity ID:
https://<your-vanity-url>.zoom.us
- Assertion Consumer Service URL:
https://<your-vanity-url>.zoom.us/saml/SSO
- Name ID format: Email
- Entity ID:
- Copy the Access Entity ID or Issuer, Public key, and SSO endpoint.
- Select Save configuration.
- Configure Access policies for the application.
- Select Done.
2. Add a SAML SSO provider in Zoom
- In Zoom, go to Advanced > Single Sign-On.
- For Vanity URL, select the vanity URL you want to configure SSO for.
- Fill out the following fields:
- Sign in page URL: SSO endpoint from application configuration in Cloudflare Zero Trust
- Identity Provider Certificate: Public key from application configuration in Cloudflare Zero Trust
- Service Provider (SP) Entity ID:
yourvanityurl.zoom.us
(nohttps://
) - Issuer (DP Entity ID): Access Entity ID or Issuer from application configuration in Cloudflare Zero Trust
- For Binding, select http-redirect.
- For Signature Hash Algorithm, ensure SHA-256 is selected.
- Under Security, turn off Sign SAML request and Sign SAML logout request.
- Select Save Changes.
- Go to Advanced > Security.
- Under Sign-in Methods, ensure Allow users to sign in with Single Sign-On (SSO) is turned on.
3. Test the integration
Open an incognito browser window, go to your Zoom vanity URL, and select Sign in. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
Once this is successful, you can require SSO for users in your associated domain(s) by completing the following steps:
- In Zoom, go to Advanced > Security.
- Under Sign-in Methods, turn on Require users to sign in with SSO if their e-mail address belongs to one of the domains below.
- Under Select Domains, turn on the domains that you want to require SSO for.
- (Optional) Under Specify users who can bypass SSO sign-in, add your desired users.
- Select Save.