cancel
Showing results for 
Search instead for 
Did you mean: 

Azure AD automatic user provisioning

Gandolf
Listener

Hello Zoom Community,

 

Our group supports a very large user base of 5,000 and looking for the best method for automatic account provisioning tasks. We currently run a hybrid method JIT (Just in time) with Okta and API calls to disable accounts.  

 

I'm looking for feedback from a Zoom admin that has deployed Azure AD automatic user provisioning. If you could please depict any pros or cons it would be greatly appreciated!

 

Link Below:

Tutorial: Configure Zoom for automatic user provisioning with Azure Active Directory | Microsoft Doc...

1 ACCEPTED SOLUTION

colegs
Community Champion | Zoom Employee
Community Champion | Zoom Employee

Gandolf,

 

Both Okta and Azure support automatic provisioning through SCIM, and they are fairly similar in nature.  The primary benefit to both of them is that they let your IdP be the source of truth for your user status since it will create the new users when they are added to the Zoom application in the IdP (immediately in Okta and within 45 minutes in Azure), and will deactivate them when they are removed from the application as well (same timeframes).  Additionally, if you enable the SCIM updates, if you update the email in the IdP, it will push the update to Zoom.

 

Since SCIM works in conjunction with SSO (pushing data vs. pulling data), there is no real negative to adding it.  The only thing to be aware of is that any of the fields that are in the SSO advanced mapping section will still need to be managed through SSO since the SCIM parameters only update the basic mapping attributes.

 

If this answers you question, please feel free to go ahead and click on 'Accept as Solution'

View solution in original post

3 REPLIES 3

colegs
Community Champion | Zoom Employee
Community Champion | Zoom Employee

Gandolf,

 

Both Okta and Azure support automatic provisioning through SCIM, and they are fairly similar in nature.  The primary benefit to both of them is that they let your IdP be the source of truth for your user status since it will create the new users when they are added to the Zoom application in the IdP (immediately in Okta and within 45 minutes in Azure), and will deactivate them when they are removed from the application as well (same timeframes).  Additionally, if you enable the SCIM updates, if you update the email in the IdP, it will push the update to Zoom.

 

Since SCIM works in conjunction with SSO (pushing data vs. pulling data), there is no real negative to adding it.  The only thing to be aware of is that any of the fields that are in the SSO advanced mapping section will still need to be managed through SSO since the SCIM parameters only update the basic mapping attributes.

 

If this answers you question, please feel free to go ahead and click on 'Accept as Solution'

Does Zoom also allow Azure AD to also delete a user account from zoom? For e.g. if a user is removed deleted or removed from provisioning scope, will the zoom account also get deleted? 

Gandolf
Listener

Thanks to @colegs for clarifying these points!