How to get the SSO Token for use with loginWithSSOToken?

I understand, that to use the Windows SDK for SSO signin takes three steps:

(1) register our organization for ZOOM SSO and setup your Zoom SSO provider

(2) in our Windows App, do something that gets the user to login SSO, then get the SSO token

(3) in our Windows App, pass the SSO token to the SDK call loginWithSSOToken

We have done #1, and can login (manually) with SSO using our MS Azure AD.

We know how to do #3 - once we have the SSO token.

The problem is step #2 - how do we get the SSO token? We have scoured the forum postings, the SDK, and have had multiple tickets with Zoom, messages to the developer support and have not gotten any answers.

The only asnwer we get is “the zoom backend returns the SSO token” - can someone please tell us how to call the zoom backend from a Windows App using the Zoom SDK to have it return us the SSO token? A code snippet would be greatly appreciated.

thanks

We have tried using Zoom OAuth - but that token gets rejected by the loginWithSSOToken.

We have tried using Users TOkens - but that gets rejected by the loginWithSSOToken.

We have tried scraping the screen results from an interactive SSO login - but that gets rejected by the loginWithSSOToken.
https://.zoom.us/saml/login?from=desktop

We have contacted customer support many times, sent emails to the development group and posts on this forum - we are getting no answers - can you please directr this to someone who can help?

It looks like we can get the token by going to: https://xxxxx.zoom.us/saml/login?from=desktop, then scraping the token from the launch zoom button. It appears this is a short lived token with one time use.

Is there an option we can put on the URL to have a redirect url? Scraping the screen for the token is a poor practice and we would like to avoid it.

Hey @don_ucw,

Thanks for using the dev forum!

The SSO token is provided by the identity provider after your organization has been configured with Zoom SSO, and your identity provider has also been configured with Zoom SSO. If all went well, the user will login and then at some point in the SSO process the identity provider will provide the token appended to a url. The token will follow “zt=” in the url string. For example, if you used Google, there would be a url that looks like this:

Screen Shot 2020-05-21 at 10.34.04 PM2118×48 11.4 KB

Thanks!
Michael

This isn’t really clear, what exactly is “at some point”? Does this differ for all SSO providers? If this is defined by zoom’s API, is there a “universal” way that we can get this for different SSO providers (just like on the Zoom website)? Is there further documentation on this?

Hey @jackz314,

I apologize, let me clarify. Zoom uses SAML 2.0 for SSO. The “at some point” that I am referring to is the reply URL with the token attached at the end. Check out Microsoft Azure’s explanation of reply URL here: Understand SAML-based single sign-on (SSO) for apps in Azure Active Directory | Microsoft Docs. The SSOToken will be appended to the reply URL after “zt=”.

Thanks
Michael

By going to the https://xxx.zoom.us/saml/login?from=desktop URL, my idp provides a link with a short token (8 characters) with the URL like this https://xxx.zoom.us/saml/mobile_success?status=success&token=xxxxxxxx. How do I exchange that for the actual SSO token?

Hey @jackz314,

Who is your IDP?

Thanks!
Michael

USC (University of Southern California)

Hey @jackz314,

And you have successfully configured that IDP to be compatible with Zoom?

Thanks!
Michael

I didn’t configure it, it was compatible before (I am able to login with SSO on Zoom clients).

Hey @jackz314,

Do you have a vanityURL?

Thanks!
Michael