cancel
Showing results for 
Search instead for 
Did you mean: 

ZOOM SSO Certificate Expiring

dlongnecker
Newcomer
Newcomer

Anyone have any decent instructions on what to do when Zoom SSO reports:

 

The certificate will be expired in xx days. Please get a new one from your Identity Provider.


Zoom support has been worthless on this.   Keep pointing me to Microsoft Articles.   I set this up with detailed Zoom instructions which I cannot find anymore.

12 REPLIES 12

mgifford
Newcomer
Newcomer

Unfortunately I do not and Zoom support is as you say worthless.

I agree - Zoom support is terrible.  I used to have decent interactions with them in the past (not amazing), but they have taken a nosedive into seriously horrible.  Support can takes weeks to resolve an issue with back and forth emails until they finally "let" you talk to someone who knows what they are doing.

PHjames
Explorer
Explorer

Hi,

 

I just did this and documented the process. Hopefully it will help others. I am using Azure for SSO.

 

Go to https://portal.azure.com

Select Azure Active Directory

Enterprise Applications on the left

Search for Zoom, select it.

Select Single-Sign-on on the left

Scroll down to SAML Signing Certificate then Edit

Create a new certificate

Next to the new inactive certificate click the ellipsis and download the PEM certificate

Open the file in Notepad or another text editor and copy the text between the begin and end lines

Go to https://zoom.us/account/sso and click Edit on the right

Paste the certificate into the Identify Provider Certificate box

Go back to the Azure Portal, click the ellipsis next to the new certificate and make it active.

Go to your Zoom app on your computer and sign out. Sign back in to make sure it’s working.

Job done

 

Zoom gives you plenty of warning about the expiry of the certificate so it’s best to do this in plenty of time. If you have problems then download the existing PEM of the old certificate and copy and paste that into the Zoom portal to put things back as they were. Then disable the new certificate and re-enable the old certificate.

thank you so much, James, this work for me.
Zoom support is pretty much useless. 

This did not work for me.  I see that the new Azure certificate is showing current and the expiration date is correct in Azure.  I have activayted the new certificate and also pasted into Zoom Identity provider and saved settings.  When i go to login via sso it still shows the old certificate.  Am I supposed to choose replay and assertion for the certificate as i have not chosen that option.  Thank you for the help.  Also is there any delay between Azure and Zoom for the changing of the certifiate?

This did not work for me.  I see that the new Azure certificate is showing current and the expiration date is correct in Azure.  I have activayted the new certificate and also pasted into Zoom Identity provider and saved settings.  When i go to login via sso it still shows the old certificate.  Am I supposed to choose replay and assertion for the certificate as i have not chosen that option.  Thank you for the help.  Also is there any delay between Azure and Zoom for the changing of the certifiate?

DDIT
Explorer
Explorer

Just logged in to say thanks to @PHjames for providing the guide above. Just one thing to mention, when creating the new certificate in Azure, there is a drop-down choice for 'Signing Option'. Here, I chose 'Sign SAML response and assertion', which I assume is the correct option. It's working in my environment.

This is great except for this part:

"Next to the new inactive certificate click the ellipsis and download the PEM certificate"

I don't have the "new inactive certificate" - that's the step I am missing - how do I get that?

PHjames
Explorer
Explorer

Hi,

 

When you click New Certificate, you need to click Save. Then click the 3 dots to the right of the Thumbprint and select 'PEM certificate download' like in my screenshot.

 

lcarrillo
Newcomer
Newcomer

Has Azure changed, as I do not see the following entry on my end?

-Go to https://zoom.us/account/sso and click Edit on the right

-Paste the certificate into the Identify Provider Certificate box

 

jackieasam
Newcomer
Newcomer

Has Azure changed, as I do not see the following entry on my end?

-Go to https://zoom.us/account/sso/and click Edit on the right

-Paste the certificate into the Identify Provider Certificate box

Rupinder
Newcomer
Newcomer

Thanks James for a detailed and clear instructions. I don't see this at my work's Azure account as well. Our last IT set it up via JumpCloud and he left our agency 3 years ago. 

 

So, I have 3 accounts to check- Azure, JumpCloud and Zoom. I don't see the mentioned settings at Azure. I found some at JumpCloud, but don't know how to update them and then I also found SSO settings at Zoom admin login, but I don't know how to update or correct the SSO certificate, or do I even need to update it?

 

I am searching for solutions as Zoom emailed us with SSO certificate to be updated before Jan 1, 2024