Hello, I recently set up SSO in Entra and the Zoom Admin portal. I followed the instructions provided by both Zoom and Microsoft (https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0064121 and https://learn.microsoft.com/en-us/entra/identity/saas-apps/zoom-tutorial). I got every piece of required information set up, such as the vanity URL, the certificate, the sign-in and sign-out URLs, IDP Entity ID, changed the binding to HTTP-Redirect, and so on. However, when any user tries logging in via SSO, they get an generic error saying something went wrong. When I look at the SAML response logs, I get the following information:

Error Code: 1020
Error Message: The user is not an SSO user and has been blocked for SSO login by the "Prior to Sign-in" option, please manually import the SSO user.

I should note that I also set up the "Provision User" setting to "Prior to Sign-In". We've already set up all of our users in Zoom using their emails. I used one of our users to test this out, and despite their email that they used for SSO and their email already used for Zoom being the same, the error still occurs. I was reading you can import new users using a CSV file and check a box that says "SSO User" when importing. I'd rather not have to recreate everyone's Zoom accounts. Is there something I'm missing?