I would like my mobile app to offer SSO based login capabilities, similar to how standard Zoom client provides them.
Users should either provide a Zoom domain or email and should be taken to the domain-specific SSO page.
My understanding is that from the SDK perspective, it’s only interested in the SSO token that is returned by the SSO page of the specific domain. It’s the app’s responsibility to present the SSO page and to accept redirects that bring back the token, correct?
Assuming that the above is correct, I have three questions:
If the user provides a domain name (let’s say xxx.zoom.us), what URL should I open to the user? Is there any API or convention for constructing these URLs?
If the user provides an email address, how do I find out the user’s domain? Alternatively, is there a way to retrieve the SSO URL directly from the email address?
How do I provide my own redirect URL for the SSO service to return the token to me?
Thanks for the post and pardon the late response. Regarding your questions:
Yes, you are correct. And regarding your other questions, you will need to set up an SSO integration with us on Zoom web portal, and the process varies based on your IDP. The following support pages could be helpful:
Please correct me if I am wrong, but the provided link is for the companies that want to integrate their SSO to Zoom.
What I need is the way for my independent Android app to allow its users to log into any user account (any domain) using the same mechanisms that the regular Zoom app provides - direct email/password or any SSO that is integrated with Zoom (not with the app directly).
I saw quite a few similar threads on the forums, but none had a definitive guidance on how to make it happen
Thanks for the reply. I understand, for the SSO login on the regular Zoom client, in order to use it, the company needs to have SSO integration with Zoom first, otherwise it won’t work. You will need to first enter your company/3rd party(like Google) domain:
Then it will redirect to your company/3rd party login page to login; After a successful login, the service provider will return a response with the zoom token, in which is what the loginWithSSO is looking for. Here is a screenshot of SSO login with Google, and the one in red box is the SSO token you could pass to the interface:
Browsing to https://some_company.zoom.us doesn’t forward to the company login page.
Try https://linkedin.zoom.us as an example (I am not related to linkedin in any way. Just using them as an example).
I recorded HTTP transactions on the regular Zoom webpage and the way it works when you specify linkedin domain, is that the page executes POST https://zoom.us/web/sso/login with domain:linkedin.com in the form data. Then it receives 302, redirecting it to linkedin.okta.com and the rest is the way you mentioned.
Similar process for email based SSO: POST https://zoom.us/web/sso/email_login with email:blabla@blabla.com in the form data.
My problem is to reproduce this process from my own client.
Obviously I can’t go through your website URLs - a) it’s not documented, thus not supposed to be used b)it will automatically redirect from the URL with the token to the user profile page, which I have no interest in.
Do you have a code example (like in the Android samples) that shows the right process that app developers like me can copy from?
thanks a lot for the patience and the willingness to help.
Thanks for the reply. Based on my understanding, I think the way you are mentioning might not work in the Zoom SSO login since:
If a company has SSO integration with Zoom, then you will have a company login page(We called it vanity URL) and all the corresponding settings and configurations will be provided upon successful integration.
I do not have any code example in hand for this. I will try to poke around and see if I could find more resources for you. The SSO integration part is actually not a part of SDK integration so I do not have too many resources in hand.
Will get back to you once I found anything. Thanks!
How do I test SSO authentication? It’s my understanding that in order to test it for real, I would need a business account which is $200/mo. Free/Pro accounts don’t have SSO.
Is my understanding correct?
Is there any other, cheaper option for the developers?
Thanks for the reply and pardon the late response. I don’t think there is any public resource available to test SSO authentication. For the price and plans regarding SSO, you might need to contact our sales at https://zoom.us/contactsales
I figured out how to manually get the SSO token. Navigate to https://<your org>.zoom.us/saml/login?from=desktop. Then login. The resulting page will contain a link with id “sso-button” and href"zoommtg://<your org>.zoom.us/sso?token=<The SSO token>"
It would be nice if there were some automated way to get SSO tokens, and I would have appreciated it if there were some documentation about this. It took me a while to figure out. But this seems to work (at least for now).
@Roger I am also working on SSO login using Android SDK 5.2.x but I am not able to login successfully using the SSO token the way you suggested. I am using the SSO token received in “zoommtg://.zoom.us/sso?token=” url and passing the token in loginwithSSOToken method. Can you please help?
Yes, the application works as expected with normal zoom user having email/password. However the app is supposed to serve enterprise users and the SSO is mandatory. One more observation is that users are able to do SSO login into official zoom application. So I think the SSO configuration and token works fine with official zoom application but the SDK gives error. Not sure if we need to do any account level settings or SDK app level configuration or something related to SDK permission to use SSO login with SDK. Unfortunately there isn’t enough documentation/guide around this.
Yeah, the SSO login method really just seems to be there because they had to support this for the official Android client. Even if you did get it working, you’d still have the issue of getting the SSO token from the webpage into your app.
