Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Provision to Zoom Groups

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Provision to Zoom Groups

Chronological Thread 
  • From: Pascal Rigaux <>
  • To:
  • Subject: Re: [grouper-users] Provision to Zoom Groups
  • Date: Sat, 2 May 2020 20:26:14 +0200

For information, if you do not force SSO for all your users ("Managed
Domains" : ),
users can log either using their non SSO account (created before SSO) or SSO
(zoom merges the 2 accounts using mail as id)

SAML2 provisioning will only apply when users use SSO.

And it seems first SSO login for users having created their account before
will not apply SAML2 group memberships :'-(

I created a ticket to zoom support 4 days ago, no answer yet. The ticket:

> SAML group mapping not working on first SSO login
> On first SSO login for an existing mail user, the SAML group mapping fails
to apply: the user has no group whereas our SAML mapping puts all users in a

Good luck !

On 02/05/2020 19:23, Black, Carey M. wrote:
Some one claimed ( on
<> ) that

“Zoom supports SAML2 SSO, so can rely on your InC federated IdP for authN of
users, including consuming attributes.”

I have no details on how Zoom “supports/works/does not work with suppling
group memberships” as part of the SAML attributes.

However, if that works, then I would strongly suggest that approach over
“provisioning to ZOOM”.

SAML is “just in time”.
Which means:
No overhead for: “constant sync”/”sync delays”/”errors in sync events”

You get there and you get what you are authorized for every time you get
there. ( or you don’t get there and Zoom does not know you even exist. )

And there is a good (IMHO) example of how to model Grouper to IdP entity ID
too. REF:

That being said, we are not ( to my knowledge ) sending group data to Zoom
via our IdP. And I know our IdP operator has real issues with “custom
attributes” per application. So YMMV on that part of the implementation too.


Carey Matthew

<> *On Behalf Of *Hyzer, Chris
*Sent:* Saturday, May 2, 2020 12:26 PM
*Cc:* Mailing List <>
*Subject:* RE: [grouper-users] Provision to Zoom Groups

I don’t know of a currently solution to that but im interested in working on
one if that works for you

<> *On Behalf Of *Andre Daniels
*Sent:* Wednesday, April 29, 2020 6:30 PM
*To:* Grouper-Users <
*Subject:* [grouper-users] Provision to Zoom Groups


What is the best way to provision groups to Zoom?



Andre Daniels

Sr. Developer/Security Analyst

University of California Santa Cruz

(831) 459-1980


Pascal Rigaux

Expert en développement et déploiement d'applications
DSIUN-SAS (service applications et services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 407 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 82 09 08 74 - 06 74 55 57 67

Archive powered by MHonArc 2.6.19.

Top of Page