Zoomtopia is here. Unlock the transformative power of generative AI, helping you connect, collaborate, and Work Happy with AI Companion.
Register nowEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Learn moreKeep your Zoom app up to date to access the latest features.
Download Center Download the Zoom appDownload hi-res images and animations to elevate your next Zoom meeting.
Browse Backgrounds Zoom Virtual BackgroundsEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Zoom AI Companion2024-09-10 12:50 PM
Hello, I recently set up SSO in Entra and the Zoom Admin portal. I followed the instructions provided by both Zoom and Microsoft (https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0064121 and https://learn.microsoft.com/en-us/entra/identity/saas-apps/zoom-tutorial). I got every piece of required information set up, such as the vanity URL, the certificate, the sign-in and sign-out URLs, IDP Entity ID, changed the binding to HTTP-Redirect, and so on. However, when any user tries logging in via SSO, they get an generic error saying something went wrong. When I look at the SAML response logs, I get the following information:
Error Code: 1020
Error Message: The user is not an SSO user and has been blocked for SSO login by the "Prior to Sign-in" option, please manually import the SSO user.
I should note that I also set up the "Provision User" setting to "Prior to Sign-In". We've already set up all of our users in Zoom using their emails. I used one of our users to test this out, and despite their email that they used for SSO and their email already used for Zoom being the same, the error still occurs. I was reading you can import new users using a CSV file and check a box that says "SSO User" when importing. I'd rather not have to recreate everyone's Zoom accounts. Is there something I'm missing?
Solved! Go to Solution.
2024-09-18 01:33 PM
I found the issue. All we had to do is change the Provision User setting to At Sign-In.
2024-09-10 03:55 PM - edited 2024-09-10 03:58 PM
@salle01 - Is the user you are adding already a member of your account, or do they exist outside of your account? I believe this error indicates they are outside of your account, and they would need to accept an invite (sent via email) to join your account. It could also be that since you are saying that they need to be preprovisioned, but they do not have SSO as a sign-on method already, it would require you to run in the CSV file to add their SSO credentials, or turn on SCIM/Provisioning so that their current account is in sync with Entra. I would have to test to see what happens if they only have an email sign-in method, but if you see them in your account, that would be my guess...
2024-09-18 01:33 PM
I found the issue. All we had to do is change the Provision User setting to At Sign-In.