Zoom

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) and user provisioning for Zoom.

About Zoom

Zoom provides remote conferencing services using cloud computing. Offering both meeting and webinar software, Zoom combines video conferencing, online meetings, and mobile collaboration.

After integrating Zoom with Oracle Identity Cloud Service:

  • Users can access Zoom using their Oracle Identity Cloud Service login credentials.
  • Users can launch Zoom using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the Zoom app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • A pre-provisioning SSO enabled Zoom account with authorization rights to configure federated authentication and user provisioning. Contact the Zoom support team to enable the pre-provisioning SSO.
  • Make sure that the email ID of each user in Zoom matches the primary email ID of the Oracle Identity Cloud Service account.
  • Identity Provider metadata. You can use the following URL to access the metadata: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata and save the metadata in a text file. Use this file later to obtain the identity provider certificate in the "Obtaining the Identity Provider Certificate" section.

Obtaining the Identity Provider Certificate

Use this section to obtain the Identity Provider Certificate in a format that is suitable for Zoom.

  1. Use the following URL to access the identity provider metadata: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata.

  2. In the metadata file, locate the dsig:X509Certificate tags.

  3. Copy the content between the dsig:X509Certificate tags into a text file. This content is the Oracle Identity Cloud Service signing certificate.

    Image img1.png displays the metadata content with md:IDPSSODescriptor and dsig:X509Certificate tags highlighted.

  4. Paste the certificate in a text file. This is the identity provider certificate.

    Tip: Use this certificate content later during Zoom configuration in the "Configuring SSO for Zoom" section.

Obtaining Tenant, IDCS Domain, and Domain Name

A dedicated Tenant, IDCS Domain, and Domain Name is required before you can register and activate the Zoom app.

  1. The tenant and IDCS Domain values appear in the Oracle Identity Cloud Service My Profile console URL: https://<IDCS_Service_Instance>.<identity.oraclecloud.com>/ui/v1/myconsole.

    Tip: Use the value entered for IDCS_Service_Instance as Tenant, and the value entered for identity.oraclecloud.com as IDCS Domain during Zoom registration in the "Registering and Activating the Zoom App" section.

  2. Access Zoom as an administrator using the URL: https://zoom.us/signin. The Zoom Profile page appears.

  3. Locate the Personal Meeting ID, and make note of the domain name from the URL: https://<Domain_Name>.zoom.us/j/<Personal_Meeting_ID>.

    Tip: Use the domain name value later while you register Zoom in the "Registering and Activating the Zoom App" section.

Configuring SSO for Zoom

  1. On the Zoom Profile page, in the left navigation menu, locate and click Advanced under the ADMIN section, and then click Single Sign-On.

  2. Click Enable Single Sign-On. The Configure SSO Manually page displays the SAML tab.

  3. Use the table to update the federated authentication attributes, and then click Save Changes. A success message is displayed stating that single-sign on is updated successfully.

    Attribute Value
    Sign-in page URL Enter the Sign-in URL/SSO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso.
    Sign-out page URL Enter the Sign-out URL/SLO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/slo.
    Identity provider certificate Paste the identity provider certificate content that you obtained earlier in the "Obtaining the Identity Provider Certificate" section.
    Service Provider (SP) Entity ID Select a URN-based entity ID from the drop-down list.
    Issuer (IDP Entity ID) Enter the Entity ID/Issuer URL. Use the metadata file that you downloaded earlier to obtain the Entity ID/Issuer URL. The Entity ID/Issuer URL information is located in the first line of the metadata. See the "What Do You Need?" section.
    Binding Make sure that HTTP-POST is selected.
    Signature Hash Algorithm Make sure that SHA-256 is selected.
    Provision User Select Prior to Sign-In from the drop-down list.

  4. In the left navigation menu, locate Advanced under the ADMIN section, and then click Zoom for Developers. The App Marketplace appears in an another tab.

  5. Hover over Develop in the header, and then select Build App from the drop-down list. The Choose your app type page appears.

  6. Under JWT, click Create. The Create a JWT app pop-up window appears.

  7. Enter your App Name, and then click Create. The <App_Name> page appears.

    Note: The JWT app can be created only once for an account by the user.

  8. Under the Basic Information section, enter your Company Name.

  9. Under the Developer Contact Information section, enter your Name and Email Address, and then click Continue.

  10. Under the App Credentials section, click Copy and make note of both API Key and API Secret values, and then click Continue.

    Note: It is noted that the API Key value does not expire but the existing API Secret value expires when the user tries to regenerate a new API Secret value. Use these API Key and API Secret values later while enabling user provisioning for the Zoom app in Oracle Identity Cloud Service. See the "Enabling Provisioning" section.

  11. Under the Add Feature section, click Continue.

  12. Click Activate your app. A success message is displayed stating that the app is now activated on the account.

Configuring Zoom in Oracle Identity Cloud Service

Use this section to register and activate Zoom, and to enable provisioning and synchronization for Zoom.

Registering and Activating the Zoom App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for Zoom, and then click Add.

  4. In the App Details section, enter your Tenant, IDCS Domain, and Zoom Domain Name values, and then click Next.

    Note: These are the values that you obtained while performing the steps in the "Obtaining Tenant, IDCS Domain, and Domain Name" section.

  5. Click Next to enable provisioning and synchronization for Zoom. Oracle Identity Cloud Service displays the Provisioning page.

Enabling Provisioning and Synchronization for Zoom

Use this section to enable provisioning and synchronization for managing user accounts in Zoom through Oracle Identity Cloud Service.

Enabling Provisioning

  1. On the Provisioning page, select Enable Provisioning.

  2. Under Configure Connectivity, enter the API Key and API Secret values.

    Note: These are the values that you obtained while performing the steps in the "Configuring SSO for Zoom" section.

  3. Click Test Connectivity. A success message is displayed stating that the connection is successful.

  4. To view predefined attribute mappings between the user account fields defined in Zoom and the corresponding fields defined in Oracle Identity Cloud Service, click Attribute Mapping, and then click OK.

    Note: To add a new attribute for provisioning, click Add Row, specify the attributes in the User and Zoom Account columns, and then click OK. For example, if you want to add the External ID field, enter $(user.externalId) in the User column, and then select the corresponding field from the drop-down list in the Zoom Account column.

    Make sure that the Type attribute is set to either 'Basic' or 'Pro' or 'Corporate'. For more information about Zoom attributes, go to https://marketplace.zoom.us/docs/guides/guides/Creating-and-Managing-Users.

  5. Specify the provisioning operations that you want to enable for Zoom:

    Note: By default, the Create Account, Update Account, De-activate Account, and Delete Account check boxes are selected.

    Create Account: Automatically creates a Zoom account when Zoom access is granted to the corresponding user in Oracle Identity Cloud Service.

    Update Account: Automatically updates a Zoom account when the corresponding user account is edited in Oracle Identity Cloud Service.

    De-activate Account: Automatically deactivates or activates a Zoom account when Zoom access is deactivated or activated for the corresponding user in Oracle Identity Cloud Service.

    Delete Account: Automatically removes an account from Zoom when Zoom access is revoked from the corresponding user in Oracle Identity Cloud Service.

Enabling Synchronization

  1. On the Provisioning page, select Enable Synchronization.

  2. From the User Identifier drop-down list, select the Oracle Identity Cloud Service user attribute that you want to match with the corresponding record fetched from Zoom:

    Note: By default, the Primary Email Address option is selected from the drop-down list. It is recommended to leave this default attribute for accurate synchronization of user records.

    Primary Email Address: Primary email address of the Oracle Identity Cloud Service user.

    User Name: User name of the Oracle Identity Cloud Service user.

  3. To match a Zoom account attribute with the existing Oracle Identity Cloud Service user, select an attribute from the Application Identifier drop-down list.

    Note: By default, the name option is selected that represents the Email attribute of the Zoom account. It is recommended not to change this default option.

  4. From the When exact match is found drop-down list, select one of the following actions to be performed when a matching Oracle Identity Cloud Service user is found for an account:

    Link and confirm: Automatically links and confirms the matched account to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields. 

    Link but do not confirm: Automatically links all the matched accounts to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields. You need to manually confirm the linked accounts. 

  5. In the Max. number of creates field, enter a number that is greater than or equal to 10. This value limits the number of accounts to be created during the synchronization run.

  6. In the Max. number of deletes field, enter a number that is greater than or equal to 10. This value limits the number of accounts to be deleted during the synchronization run.

    After enabling provisioning and synchronization for Zoom, you can synchronize the existing account details from Zoom and link them to the corresponding Oracle Identity Cloud Service users. For more information on performing synchronization tasks, see the Importing User Accounts from a Software as a Service Application section in Administering Oracle Identity Cloud Service.

    You can also manage Zoom accounts through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see the Managing Oracle Identity Cloud Service Users and Managing Oracle Identity Cloud Service Groups sections in Administering Oracle Identity Cloud Service.

  7. Click Finish, and Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Verifying the Integration

Use this section to verify that SSO/SLO works when initiated from Oracle Identity Cloud Service (IdP initiated SSO) and Zoom (SP initiated SSO/SLO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Services My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the Zoom app. Oracle Identity Cloud Service displays a shortcut to Zoom under My Apps.

  3. Click Zoom. The Zoom Profile page appears.

  4. On the Zoom Profile page, confirm that the user that is logged in is the same for both Zoom and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from Zoom

  1. Access Zoom using the URL: https://<Domain_Name>.zoom.us. The Zoom website page appears.

  2. Click Sign in. You are redirected to the Oracle Identity Cloud Service login page.

  3. Log in using credentials for a user that is assigned to the Zoom app. The Zoom Profile page appears.

  4. On the Zoom Profile page, confirm that the user that is logged in is the same for both Zoom and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Zoom works.

Verifying Single Log-Out (SLO) from Zoom

  1. Access Zoom following the steps from the "Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service" or "Verifying Service Provider Initiated SSO from Zoom" sections.

  2. In the upper-right corner of the Zoom Profile page, click SIGN OUT. The Zoom Sign In page appears.

    Note: If the user has already logged in to Oracle Identity Cloud Service My Profile console in the browser, that session is logged out, and then the Oracle Identity Cloud Service login page appears.

    This confirms that SLO that is initiated from Zoom works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Zoom displays the message, "Contact administrator's email address, who can enable you to use Zoom meeting service"

Cause 1: The user account assigned to Zoom is deactivated in Zoom under the Zoom Users tab, and the user attempts to initiate single sign-on.

Solution 1: Ensure that the user account is activated under the Users tab in the Zoom application.

Cause 2: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in Zoom.

Solution 2: Ensure that the user that you assign to the Zoom app has an account in both Oracle Identity Cloud Service and Zoom with the same email address.

Oracle Identity Cloud Service displays the message, "You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration and user provisioning between the Oracle Identity Cloud Service Zoom app and Zoom is deactivated.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select Zoom.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the Zoom app using Oracle Identity Cloud Service.

Solution 2:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select Zoom.
  • In the App Details section, select Users, and then click Assign to re-assign the user.

Cause 3: The user account assigned to Zoom is deactivated in Oracle Identity Cloud Service under the Zoom application's Users tab, and the user attempts to initiate single sign-on from Zoom.

Solution 3:

  • Ensure that the user account is activated under the Users tab of the Zoom application in Oracle Identity Cloud Service.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.