| Warning |
|---|
We have collected the information below from our connected institutions to the best of our knowledge. Sometimes procedures change; we depend on someone notifying us. Sorry if the below info does not work for you. If you have remarks or tips you want to share, please send them to support@surfconext.nl. |
Yes, you can connect your institutional IdP to Zoom using SURFconext. But: Zoom uses a 'single tenant' architecture: for every customer, Zoom instantiates a separate environment. More about what a single tenant is can be found here.
Due to the single tenant nature, both SURF and the institution needs to 'do something' before you can use Zoom using SURFconext.
Institutions need to sign in with the account that comes with their Zoom license. SURF does not have that information, so institutions need to configure part of the connection. After the institution has taken some steps, SURF also needs to take some steps to finish setting up the connection.
- Most information can be found at https://support.zoom.us/hc/en-us/articles/201363003-Getting-Started-with-SSO
- You need to get a 'vanity URL', approved by Zoom can take some time (especially in times of demand for the service). So start this process first at Zoom.
- The 'vanity URL' (which must be at least four characters long) might contain the abbreviation of the institution like 'surf.zoom.com' resulting in the application URL like 'https://surf.zoom.us/'. The location of the SAML metadata then will be 'https://surf.zoom.us/saml/metadata/sp'.
- You need to choose what attributes to use. Best are:
- urn:mace:dir:attribute-def:givenName
- urn:mace:dir:attribute-def:sn
- urn:mace:dir:attribute-def:mail
- eduPersonTargetedID/NameID
with NameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- Decide if you want to connect to our test or our production environment. You must upload the SURFconext IdP metadata file to Zoom to complete the SAML setup.
- To connect to the SURFconext Test Environment use the following metadata and save this as an XML:
- https://metadata.test.surfconext.nl/idp-metadata.xml. If asked, the following applies:
- IdP login url: https://engine.test.surfconext.nl/authentication/idp/single-sign-on/key:20190208
- IdP certificate is the Assertion signing certificate as found on https://metadata.test.surfconext.nl/ (engine.test.surfconext.nl 20190208 certificate)
- IdP issuer: https://engine.test.surfconext.nl/authentication/idp/metadata
- IdP binding: choose "HTTP - Redirect"
- https://metadata.test.surfconext.nl/idp-metadata.xml. If asked, the following applies:
- In case you want to configure the connection for your production IdP, connect to the SURFconext Production Environment using the following data:
- https://metadata.surfconext.nl/idp-metadata.xml
- IdP login url: https://engine.surfconext.nl/authentication/idp/single-sign-on/key:20181213
- IdP certificate is the Assertion signing certificate as found on https://metadata.surfconext.nl/ (engine.surfconext.nl 20181213 certificate)
- IdP issuer: https://engine.surfconext.nl/authentication/idp/metadata
- IdP binding: choose "HTTP - Redirect"
- https://metadata.surfconext.nl/idp-metadata.xml
- To connect to the SURFconext Test Environment use the following metadata and save this as an XML:
- You need to send SURF the metadata you get from Zoom after your URL is approved.