Use Case : Setup SAML based SSO for Zoom using Okta as the IDP
Documents referred :
Pre-requisites :
- Zoom owner or admin privileges
- Business or Education account with approved Vanity URL
- Okta admin privileges
Note :
Zoom is a Big Bang App (account needs to exist in SAML IDP) when using the vanity URL
A backdoor URL can be used : https://zoom.us/signin where users can login with their username and password
A backdoor URL can be used : https://zoom.us/signin where users can login with their username and password
Issue : When doing SP-init (using vanity URL) or doing IDP-init (using Okta chiclet), we get the following error -
Troubleshooting Steps- Checked SAML response was valid using SAML Tracer in Firefox
- No errors in Okta Logs
- Verified that Username being passed in SAML assertion from Okta to Zoom existed in Zoom
- Created a custom SAML template App in Okta instead of using the App in Okta Integration Network (OIN)
Solution :
Issue was in the Zoom SSO Configuration.
We need to change the "Default user type:" from None to either Basic or Pro on the SSO configuration page (SAML Response mapping). The SSO service is currently passing the user over but since "None" was selected, it was not assigning a user type and resulted in them not being authorized
