cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAML Response Mapping for "Employee Unique ID"

DBlankenship
Listener

‎2022-02-11 07:33 AM

Use Case:

I have a requirement to add a SAML Response Mapping to Employee Unique ID to avoid duplicate account creations when end users names change, specifically their email address.  This causes duplicate account creation and consumes a Zoom pro license.

 

Question:

If I enter <NameID> into the SAML Response Mapping for Employee Unique ID, what is the net effect to the end users when signing into their Zoom account using SSO?  Does <NameID> impact how end users authenticate using SSO or if they attempt to sign in with their email address and password at sign-on?

 

Thank you

Doug

7 REPLIES 7

colegs
Community Champion | Zoom Employee
Community Champion | Zoom Employee

‎2022-02-11 01:00 PM

Doug,

 

So using <NameID> (or anything else for that is constant and unique for the user) will have not impact on the user experience.  The logic works like this:

 

1) First time the user signs in after you have mapped the Unique Id, it will associate that value to the user as their unique identifier.

2) User continues to use their email address to sign into SSO.

3) If in the future you change the user's email in your IdP, the user will start signing in using that email address.  When the response comes back with a different email but the known Unique Id, it will update the user's email in Zoom.

4) If for some reason you have to change the unique id (e.g. you switch IdPs), the user has to sign in with the known email address and the new Unique Id will be associated to their account.

 

I hope this helps.  If it answers your question, please click on 'Accept as Solution' below.

ssc_alex
Listener | Zoom Partner
Listener | Zoom Partner
In response to colegs

‎2023-02-20 07:08 PM - edited ‎2023-02-20 08:09 PM

If I want the Azure EmployeeID attribute to be the Zoom Employee Unique ID how do I complete that mapping?  I'm unclear on what needs to be entered in the Zoom Employee Unique ID field under SAML Response Mapping to make that happen.  

 

Do I need to do some work on the Azure end first (e.g. create an additional claim)?  Note, I've already followed the basic instructions and SSO is setup in Zoom but have yet to add any users via SSO.

JEMtech
Listener
In response to colegs

‎2023-04-14 08:16 AM

We are working on implementing this and I have a follow-up question. On Step one, We already have 1,200 users and about 1,000 of them are SSO users. When we map the Unique ID, will it create a new account for those 1,000 SSO users? Or will it just sync their new Unique ID to their existing account and moving forward, should a name change occur, it will sync based off the Unique ID?

colegs
Community Champion | Zoom Employee
Community Champion | Zoom Employee
In response to JEMtech

‎2023-06-08 12:00 PM

Sorry for the delay.  The logic works that if it finds and existing user with the same email address, it will map the unique id to that user.  If there is no matching email, it creates a new user.

 

strapanese
Listener

‎2023-01-04 08:47 AM

What unique ID is typically used in a windows Active Directory domain to keep duplicate accounts from being created? Putting <NameID> in the Unique ID field is not preventing the duplicate accounts from being created. I would think that a guid or sid or something like that would be preferred, but how do I reference that mapping?

colegs
Community Champion | Zoom Employee
Community Champion | Zoom Employee
In response to strapanese

‎2023-01-16 09:18 AM

@strapanese NameId would only work if that is guaranteed unique in the IdP.  If you want to use some other forma GUID, you need to pass it on the IdP side, them map it on the Zoom Attributes.

0 Likes

strapanese
Listener
In response to colegs

‎2023-01-21 08:39 AM

That worked!! Thank you so much.

0 Likes