Summary
This document will guide you through the steps to enable multi-factor authentication for Zoom meeting platform.
Requirements
- PhenixID Authentication Services 4.0 or higher
- Zoom Vanity URL, see https://support.zoom.us/hc/en-us/articles/215062646-Guidelines-for-Vanity-URL-Requests
- Business or Education Zoom account
Instruction
Configure PhenixID Authentication Services as Identity Provider
- Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
- Configure the AssertionProvider valve to use any unique identifier linked to nameID such as email or edupersonTargetedID.
- Optional accepted Zoom attributes are: email, sn and givenName.
- In the below configuration example the PhenixID IdP entityID and SSO-Service are configured as https://your.pas.url/saml/authenticate/zoom
Configure Zoom SAML settings
- Save the IdP metadata information to a file by open a web-browser and browse to https://your.pas.url/saml/authenticate/zoom/?getIDPMeta
- Follow the steps in https://support.zoom.us/hc/en-us/articles/201363003-Quick-start-guide-for-SSO to configure the SSO settings for your Zoom account.
- Sign-in page URL: < https://your.pas.url/saml/authenticate/zoom/>
- Sign-out page URL: < https://your.pas.url/saml/logout/>
- Certificate: <X509Certificate> *Note: Remove the Begin Certificate and End Certificate“
- Issuer: <https://your.pas.url/saml/authenticate/zoom>
- Binding: Choose http-post
- Default user type: Basic or Pro
Add Zoom as a trusted Service Provider to PhenixID Authentication Services
- Login to configuration manager
- Scenarios->Federation
- SAML Metadata upload
- Enter a name. Click Next
- Add the Zoom metadata url https://yourcompany.zoom.us/saml/metadata/sp
Test
- Browse to https://<your-zoom-vanity-url>
- Click Sign in
- You will be redirected to your single sign-on provider to sign in. After signing in, you will be redirected back to the Zoom web portal.
Debug
Verify server.log to make sure the SAML assertion contains the intended identity information and that correct user mapping has been made in Zoom.
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se