cancel
Showing results for 
Search instead for 
Did you mean: 

Using active directory for group creation

sywalker
Listener

We are new to Zoom and we're looking to use Active Directory groups to manage groups in Zoom. For an example, we have a group in AD which we've called "Zoom w/ Recording".  We'd like to be able to use this group in ZOOM so we can simply manage recording rights by adding and removing users from the AD group.  

3 ACCEPTED SOLUTIONS

Ian
Community Champion | Zoom Employee
Community Champion | Zoom Employee

Hi sywalker,

 

The easiest way would be to create a group in Zoom that has manage recording rights, then using SSO to update those users groups.

 

https://support.zoom.us/hc/en-us/articles/201363023-SSO-with-Active-Directory

https://support.zoom.us/hc/en-us/articles/115005081403 

 

Make sure you have the group created, then in the Advanced SAML mapping options you can set the SAML attribute for your group, then the value will be the name of the group in AD.

 

Once users log in they'll be assigned to the group, and if you remove them from the AD group, that will be synced the next time that user logs in (which they have to do to manage recordings). 🙂 

 

Hopefully this help!

View solution in original post

Dan_ZoomSE
Community Champion | Zoom Employee
Community Champion | Zoom Employee

Good Morning @sywalker,

 

First you need to create the Group in Zoom and configure the proper settings for that group.  Then you can add a SAML mapping to your SSO configuration to automatically add users to this Zoom Group based upon their membership in the AD Group.

 

Please see the following support document regarding setting up Advanced SAML Mappings:

https://support.zoom.us/hc/en-us/articles/115005081403-Setting-up-advanced-SAML-mapping

 

If this has answered your question, please click the Accept as Solution button at the bottom of this message so that others in the Community may benefit from this as well.

 

Thanks!

View solution in original post

townsendwc
Community Champion | Zoom Employee
Community Champion | Zoom Employee

@sywalker 
Good day.  I assume you are doing SSO with AD/ADFS.  Did you follow this support article for the basic configuration?
https://support.zoom.us/hc/en-us/articles/202374287-Configure-Zoom-With-ADFS
To answer your specific question, you will want to use the SAML Advanced Information Mapping to define the group.  You will then have a matching group to assign the license.

townsendwc_0-1641308540896.png

To ensure that the group is being sent and matched properly, you will likely need to review the SAML Response Logs.
https://support.zoom.us/hc/en-us/articles/360036466191-Accessing-SAML-Response-Logs

Bill

View solution in original post

4 REPLIES 4

Ian
Community Champion | Zoom Employee
Community Champion | Zoom Employee

Hi sywalker,

 

The easiest way would be to create a group in Zoom that has manage recording rights, then using SSO to update those users groups.

 

https://support.zoom.us/hc/en-us/articles/201363023-SSO-with-Active-Directory

https://support.zoom.us/hc/en-us/articles/115005081403 

 

Make sure you have the group created, then in the Advanced SAML mapping options you can set the SAML attribute for your group, then the value will be the name of the group in AD.

 

Once users log in they'll be assigned to the group, and if you remove them from the AD group, that will be synced the next time that user logs in (which they have to do to manage recordings). 🙂 

 

Hopefully this help!

Dan_ZoomSE
Community Champion | Zoom Employee
Community Champion | Zoom Employee

Good Morning @sywalker,

 

First you need to create the Group in Zoom and configure the proper settings for that group.  Then you can add a SAML mapping to your SSO configuration to automatically add users to this Zoom Group based upon their membership in the AD Group.

 

Please see the following support document regarding setting up Advanced SAML Mappings:

https://support.zoom.us/hc/en-us/articles/115005081403-Setting-up-advanced-SAML-mapping

 

If this has answered your question, please click the Accept as Solution button at the bottom of this message so that others in the Community may benefit from this as well.

 

Thanks!

Thank you @Dan_ZoomSE !  

townsendwc
Community Champion | Zoom Employee
Community Champion | Zoom Employee

@sywalker 
Good day.  I assume you are doing SSO with AD/ADFS.  Did you follow this support article for the basic configuration?
https://support.zoom.us/hc/en-us/articles/202374287-Configure-Zoom-With-ADFS
To answer your specific question, you will want to use the SAML Advanced Information Mapping to define the group.  You will then have a matching group to assign the license.

townsendwc_0-1641308540896.png

To ensure that the group is being sent and matched properly, you will likely need to review the SAML Response Logs.
https://support.zoom.us/hc/en-us/articles/360036466191-Accessing-SAML-Response-Logs

Bill