Facebook

Wednesday, March 28, 2018

Okta SAML SSO with Zoom : Error 1021 : You are not entitled to meeting service

Use Case : Setup SAML based SSO for Zoom using Okta as the IDP

Documents referred :

Pre-requisites :

  • Zoom owner or admin privileges
  • Business or Education account with approved Vanity URL
  • Okta admin privileges

Note :


Zoom is a Big Bang App (account needs to exist in SAML IDP) when using the vanity URL
A backdoor URL can be used : https://zoom.us/signin where users can login with their username and password

Issue : When doing SP-init (using vanity URL) or doing IDP-init (using Okta chiclet), we get the following error -

  • Checked SAML response was valid using SAML Tracer in Firefox
  • No errors in Okta Logs
  • Verified that Username being passed in SAML assertion from Okta to Zoom existed in Zoom
  • Created a custom SAML template App in Okta instead of using the App in Okta Integration Network (OIN) 

Solution :
Issue was in the Zoom SSO Configuration.

We need to change the "Default user type:" from None to either Basic or Pro on the SSO configuration page (SAML Response mapping). The SSO service is currently passing the user over but since "None" was selected, it was not assigning a user type and resulted in them not being authorized