Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Provision to Zoom Groups

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Provision to Zoom Groups


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Black, Carey M." <>
  • To: "Hyzer, Chris" <>, "" <>
  • Cc: " Mailing List" <>
  • Subject: RE: [grouper-users] Provision to Zoom Groups
  • Date: Sat, 2 May 2020 17:23:35 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=osu.edu; dmarc=pass action=none header.from=osu.edu; dkim=pass header.d=osu.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s3J34LvQNhmP2jDpw+n8GR7Y+On3tl5A/jS8nQeBioE=; b=ndVzP1SeXTjlEWkkpMIyHMQJQKH82VLFc41y8qV3gXAvdCedLavcY/es/eFJx506t7+zig9lcaCMxaIod1KXvM0WSpmt5RBEqm18PhhFHawajTAsTXEkaCaSYPqoIOhuxBymE1y3b2l469mcDylXFtVXbP8ES2hpfMDSu92CSeVS/EsCtGHqP4HARCcS40Q8VpY9wuQa6vHUjaY4Qc2IhEI4/abkiqSqeNH4VblRbnGBiz2uKfZKQZSD/08ioYKBR3ULsnJ7uZfnqaBFTMsdL81yRBu7wHTWHHT2OC+38NJdGD7ztGSVQzJQJnoEMuU5ws5Jtd/k/nazMmYE9OcyWQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rk9hx8T0ukvrjfi6OdCNesIsAk0n3UOOXqn0tuApD4gwMhNWhR3rFFITxCz9IDIINIyGjxhWLuJ/mf0UHJpISDHOUGPeGGUgSn4ZohqWYH5saziJqr2tf8WP7F6Maq7We/c9YCIZNfbkrFA5jaVzMiimuSs0x8FCiNOLi57Z1OeFteY5ZoyNMwO6KcmtwM8EGL3fpUC7BDUatoTRrB8kW5LzM7qA+7+R8deVkymn20NgrjXqyvukRLNG3D0Z9gGKLjBWqV+PuuD3q4j46pCC67I1Z4rRyhw1JwzVhd+yScjcVbqRFefGxnm2KgLn6FGu+D8ytCSPEtTGu/tmzlekeQ==

Some one claimed ( on ) that

Zoom supports SAML2 SSO, so can rely on your InC federated IdP for authN of users, including consuming attributes.”


I have no details on how Zoom “supports/works/does not work with suppling group memberships” as part of the SAML attributes.

    However, if that works, then I would strongly suggest that approach over “provisioning to ZOOM”.

                SAML is “just in time”.
                                Which means:
                                                No overhead for: “constant sync”/”sync delays”/”errors in sync events”

                                                You get there and you get what you are authorized for every time you get there. ( or you don’t get there and Zoom does not know you even exist. )

                And there is a good (IMHO) example of how to model Grouper to IdP entity ID too. REF: https://wiki.shibboleth.net/confluence/display/KB/Grouper+Integration+Example


That being said, we are not ( to my knowledge ) sending group data to Zoom via our IdP. And I know our IdP operator has real issues with “custom attributes” per application. So YMMV on that part of the implementation too.

 

--

Carey Matthew

 

From: <> On Behalf Of Hyzer, Chris
Sent: Saturday, May 2, 2020 12:26 PM
To:
Cc: Mailing List <>
Subject: RE: [grouper-users] Provision to Zoom Groups

 

I don’t know of a currently solution to that but im interested in working on one if that works for you

 

From: On Behalf Of Andre Daniels
Sent: Wednesday, April 29, 2020 6:30 PM
To: Grouper-Users <>
Subject: [grouper-users] Provision to Zoom Groups

 

All,

 

What is the best way to provision groups to Zoom? 

 

Andre

 

--

Andre Daniels 

Sr. Developer/Security Analyst

University of California Santa Cruz

(831) 459-1980


Archive powered by MHonArc 2.6.19.

Top of Page