SAML Response Mapping for "Employee Unique ID" | Community
Skip to main content
DBlankenship
Newcomer
DBlankenship
Newcomer
February 11, 2022
Question

SAML Response Mapping for "Employee Unique ID"

  • February 11, 2022
  • 2 replies
  • 0 views

Use Case:

I have a requirement to add a SAML Response Mapping to Employee Unique ID to avoid duplicate account creations when end users names change, specifically their email address.  This causes duplicate account creation and consumes a Zoom pro license.

 

Question:

If I enter <NameID> into the SAML Response Mapping for Employee Unique ID, what is the net effect to the end users when signing into their Zoom account using SSO?  Does <NameID> impact how end users authenticate using SSO or if they attempt to sign in with their email address and password at sign-on?

 

Thank you

Doug

      2 replies

      C
      Community Champion | Employee
      colegs
      Community Champion | Employee
      February 11, 2022

      Doug,

       

      So using <NameID> (or anything else for that is constant and unique for the user) will have not impact on the user experience.  The logic works like this:

       

      1) First time the user signs in after you have mapped the Unique Id, it will associate that value to the user as their unique identifier.

      2) User continues to use their email address to sign into SSO.

      3) If in the future you change the user's email in your IdP, the user will start signing in using that email address.  When the response comes back with a different email but the known Unique Id, it will update the user's email in Zoom.

      4) If for some reason you have to change the unique id (e.g. you switch IdPs), the user has to sign in with the known email address and the new Unique Id will be associated to their account.

       

      I hope this helps.  If it answers your question, please click on 'Accept as Solution' below.

        J
        Newcomer
        JEMtech
        Newcomer
        April 14, 2023

        We are working on implementing this and I have a follow-up question. On Step one, We already have 1,200 users and about 1,000 of them are SSO users. When we map the Unique ID, will it create a new account for those 1,000 SSO users? Or will it just sync their new Unique ID to their existing account and moving forward, should a name change occur, it will sync based off the Unique ID?

          C
          Community Champion | Employee
          colegs
          Community Champion | Employee
          June 8, 2023

          Sorry for the delay.  The logic works that if it finds and existing user with the same email address, it will map the unique id to that user.  If there is no matching email, it creates a new user.

           

            S
            Newcomer
            strapanese
            Newcomer
            January 4, 2023

            What unique ID is typically used in a windows Active Directory domain to keep duplicate accounts from being created? Putting <NameID> in the Unique ID field is not preventing the duplicate accounts from being created. I would think that a guid or sid or something like that would be preferred, but how do I reference that mapping?

              C
              Community Champion | Employee
              colegs
              Community Champion | Employee
              January 16, 2023

              @strapanese NameId would only work if that is guaranteed unique in the IdP.  If you want to use some other forma GUID, you need to pass it on the IdP side, them map it on the Zoom Attributes.

              S
              Newcomer
              strapanese
              Newcomer
              January 21, 2023

              That worked!! Thank you so much.

              Terms & ConditionsAccessibility statement
              Copyright © Zoom Communications, Inc. All rights reserved.