grouper-users - Re: [grouper-users] Provision to Zoom Groups
Subject: Grouper Users - Open Discussion List
List archive
- From: Pascal Rigaux <>
- To:
- Subject: Re: [grouper-users] Provision to Zoom Groups
- Date: Sat, 2 May 2020 20:26:14 +0200
For information, if you do not force SSO for all your users ("Managed
Domains" : https://support.zoom.us/hc/en-us/articles/203395207-Managed-domain ),
users can log either using their non SSO account (created before SSO) or SSO
(zoom merges the 2 accounts using mail as id)
SAML2 provisioning will only apply when users use SSO.
And it seems first SSO login for users having created their account before
SSO,
will not apply SAML2 group memberships :'-(
I created a ticket to zoom support 4 days ago, no answer yet. The ticket:
> SAML group mapping not working on first SSO login
>
> On first SSO login for an existing mail user, the SAML group mapping fails
to apply: the user has no group whereas our SAML mapping puts all users in a
group.
Good luck !
On 02/05/2020 19:23, Black, Carey M. wrote:
Some one claimed ( on
<> ) that
“Zoom supports SAML2 SSO, so can rely on your InC federated IdP for authN of
users, including consuming attributes.”
I have no details on how Zoom “supports/works/does not work with suppling
group memberships” as part of the SAML attributes.
However, if that works, then I would strongly suggest that approach over
“provisioning to ZOOM”.
SAML is “just in time”.
Which means:
No overhead for: “constant sync”/”sync delays”/”errors in sync events”
You get there and you get what you are authorized for every time you get
there. ( or you don’t get there and Zoom does not know you even exist. )
And there is a good (IMHO) example of how to model Grouper to IdP entity ID
too. REF:
https://wiki.shibboleth.net/confluence/display/KB/Grouper+Integration+Example
That being said, we are not ( to my knowledge ) sending group data to Zoom
via our IdP. And I know our IdP operator has real issues with “custom
attributes” per application. So YMMV on that part of the implementation too.
--
Carey Matthew
*From:*
<> *On Behalf Of *Hyzer, Chris
*Sent:* Saturday, May 2, 2020 12:26 PM
*To:*
*Cc:* Mailing List <>
*Subject:* RE: [grouper-users] Provision to Zoom Groups
I don’t know of a currently solution to that but im interested in working on
one if that works for you
*From:*
<> *On Behalf Of *Andre Daniels
*Sent:* Wednesday, April 29, 2020 6:30 PM
*To:* Grouper-Users <
<>>
*Subject:* [grouper-users] Provision to Zoom Groups
All,
What is the best way to provision groups to Zoom?
Andre
--
Andre Daniels
Sr. Developer/Security Analyst
University of California Santa Cruz
(831) 459-1980
<>
--
Pascal Rigaux
Expert en développement et déploiement d'applications
DSIUN-SAS (service applications et services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 407 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 82 09 08 74 - 06 74 55 57 67
- RE: [grouper-users] Provision to Zoom Groups, Hyzer, Chris, 05/02/2020
- RE: [grouper-users] Provision to Zoom Groups, Black, Carey M., 05/02/2020
- Re: [grouper-users] Provision to Zoom Groups, Pascal Rigaux, 05/02/2020
- RE: [grouper-users] Provision to Zoom Groups, Black, Carey M., 05/02/2020
Archive powered by MHonArc 2.6.19.