cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAML User Group Mapping Ideas

Peaches379
Participant
Participant

‎2024-08-27 10:44 AM

Looking for some suggestions.  I try to map as much as possible through SAML.  I've got user groups mapped for license types and some Zoom Phone rights.  Now I need to add another group for a marketplace app.  Looking at my mapping, I keep thinking there has to be a better way of doing this.  I thought maybe I could be clever and pass a different attribute name, but no dice.  A group is a group.

 

So today, I have my mapping like this to account for host / basic and call recording rights or no.

 

Attribute         SAML Value                                   Zoom Group

CallRights     ZoomCall_Recording_Hosts     Zoom_Hosts  Zoom_CallRecording
UserGroup    Zoom_Hosts                                  Zoom_Hosts
CallRights      ZoomCall_Recording_Basic      Zoom_Basic  Zoom_CallRecording
UserGroup    Zoom_Basic                                    Zoom_Basic

 

If I wanted to add another permission for this marketplace app, this strategy starts to get complicated.  The only way I can think to do it is to pass a SAML value for every possible rights config.

 

Attribute         SAML Value                                   Zoom Group

AppRights     ZoomApp_Recording_Hosts    Zoom_Hosts  Zoom_CallRecording  Zoom_MrktApp
AppRights     ZoomApp_NoRecording_Hosts    Zoom_Hosts  Zoom_MrktApp
CallRights     ZoomCall_Recording_Hosts     Zoom_Hosts  Zoom_CallRecording
UserGroup    Zoom_Hosts                                  Zoom_Hosts
AppRights     ZoomApp_Recording_Basic    Zoom_Basic  Zoom_CallRecording  Zoom_MrktApp
AppRights     ZoomApp_NoRecording_Basic    Zoom_Basic  Zoom_MrktApp
CallRights      ZoomCall_Recording_Basic      Zoom_Basic  Zoom_CallRecording
UserGroup    Zoom_Basic                                    Zoom_Basic

 

Is this really the only way to do it or am I missing something?

Topics:
0 Likes
3 REPLIES 3

Stevenboffman
Newcomer
Newcomer

‎2024-08-29 01:48 AM

Hey Peaches, I feel your pain! Managing user groups with SAML can get messy. Have you looked into Zoom JWT (JSON Web Token) API? It might offer more flexibility for assigning app-specific permissions. (This reply empathizes with Peaches and suggests an alternative approach)

0 Likes

Peaches379
Participant
Participant
In response to Stevenboffman

‎2024-08-29 02:48 PM

I hadn't thought about using APIs to populate groups....  That is an idea.  Originally I'd thought we could populate our core groups through SAML and just manually populate the one off groups.  Support dashed my dreams and informed me it's an all or nothing situation.  Either all your groups are SAML mapped or none of them are.  So if we did go the API route to populate groups, I'm assuming this would fall into that all or nothing situation and I'd need to set all groups this way.  Worth checking out tho.  Thanks for the idea!

0 Likes

Peaches379
Participant
Participant
In response to javiercarpenter

‎2024-08-29 02:52 PM

Can you explain that a little more?  Are you saying mycompany.zoom.us is where you live and then mycompanyapps.zoom.us is where marketplace apps are assigned?

0 Likes