Login using SSO

I would like my mobile app to offer SSO based login capabilities, similar to how standard Zoom client provides them.
Users should either provide a Zoom domain or email and should be taken to the domain-specific SSO page.

My understanding is that from the SDK perspective, it’s only interested in the SSO token that is returned by the SSO page of the specific domain. It’s the app’s responsibility to present the SSO page and to accept redirects that bring back the token, correct?

Assuming that the above is correct, I have three questions:

  1. If the user provides a domain name (let’s say xxx.zoom.us), what URL should I open to the user? Is there any API or convention for constructing these URLs?
  2. If the user provides an email address, how do I find out the user’s domain? Alternatively, is there a way to retrieve the SSO URL directly from the email address?
  3. How do I provide my own redirect URL for the SSO service to return the token to me?

Hi grey-bit,

Thanks for the post and pardon the late response. Regarding your questions:

Yes, you are correct. And regarding your other questions, you will need to set up an SSO integration with us on Zoom web portal, and the process varies based on your IDP. The following support pages could be helpful:

Hope this helps. Thanks!

Please correct me if I am wrong, but the provided link is for the companies that want to integrate their SSO to Zoom.

What I need is the way for my independent Android app to allow its users to log into any user account (any domain) using the same mechanisms that the regular Zoom app provides - direct email/password or any SSO that is integrated with Zoom (not with the app directly).

I saw quite a few similar threads on the forums, but none had a definitive guidance on how to make it happen :frowning:

Hi @grey-bit,

Thanks for the reply. I understand, for the SSO login on the regular Zoom client, in order to use it, the company needs to have SSO integration with Zoom first, otherwise it won’t work. You will need to first enter your company/3rd party(like Google) domain:

Then it will redirect to your company/3rd party login page to login; After a successful login, the service provider will return a response with the zoom token, in which is what the loginWithSSO is looking for. Here is a screenshot of SSO login with Google, and the one in red box is the SSO token you could pass to the interface:

Other than the above process, there is no other way to do SSO login with SDK.

Hope this helps. Thanks!

Thanks @Carson_Chen,

Browsing to https://some_company.zoom.us doesn’t forward to the company login page.
Try https://linkedin.zoom.us as an example (I am not related to linkedin in any way. Just using them as an example).
I recorded HTTP transactions on the regular Zoom webpage and the way it works when you specify linkedin domain, is that the page executes POST https://zoom.us/web/sso/login with domain:linkedin.com in the form data. Then it receives 302, redirecting it to linkedin.okta.com and the rest is the way you mentioned.
Similar process for email based SSO: POST https://zoom.us/web/sso/email_login with email:blabla@blabla.com in the form data.

My problem is to reproduce this process from my own client.
Obviously I can’t go through your website URLs - a) it’s not documented, thus not supposed to be used b)it will automatically redirect from the URL with the token to the user profile page, which I have no interest in.

Do you have a code example (like in the Android samples) that shows the right process that app developers like me can copy from?

thanks a lot for the patience and the willingness to help.

1 Like

Hi @grey-bit,

Thanks for the reply. Based on my understanding, I think the way you are mentioning might not work in the Zoom SSO login since:

If a company has SSO integration with Zoom, then you will have a company login page(We called it vanity URL) and all the corresponding settings and configurations will be provided upon successful integration.

I do not have any code example in hand for this. I will try to poke around and see if I could find more resources for you. The SSO integration part is actually not a part of SDK integration so I do not have too many resources in hand.

Will get back to you once I found anything. Thanks!

Thanks @Carson_Chen.

How do I test SSO authentication? It’s my understanding that in order to test it for real, I would need a business account which is $200/mo. Free/Pro accounts don’t have SSO.

Is my understanding correct?
Is there any other, cheaper option for the developers?

Hi @grey-bit,

Thanks for the reply and pardon the late response. I don’t think there is any public resource available to test SSO authentication. For the price and plans regarding SSO, you might need to contact our sales at https://zoom.us/contactsales

Hope this helps. Thanks!

I figured out how to manually get the SSO token. Navigate to https://<your org>.zoom.us/saml/login?from=desktop. Then login. The resulting page will contain a link with id “sso-button” and href"zoommtg://<your org>.zoom.us/sso?token=<The SSO token>"

It would be nice if there were some automated way to get SSO tokens, and I would have appreciated it if there were some documentation about this. It took me a while to figure out. But this seems to work (at least for now).