cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure AD automatic user provisioning

Go to solution
Gandolf
Explorer
Explorer

‎2021-09-16 08:06 AM

Hello Zoom Community,

 

Our group supports a very large user base of 5,000 and looking for the best method for automatic account provisioning tasks. We currently run a hybrid method JIT (Just in time) with Okta and API calls to disable accounts.  

 

I'm looking for feedback from a Zoom admin that has deployed Azure AD automatic user provisioning. If you could please depict any pros or cons it would be greatly appreciated!

 

Link Below:

Tutorial: Configure Zoom for automatic user provisioning with Azure Active Directory | Microsoft Doc...

0 Likes
1 ACCEPTED SOLUTION

Go to solution
colegs
Community Champion | Employee
Community Champion | Employee

‎2021-09-27 09:45 AM

Gandolf,

 

Both Okta and Azure support automatic provisioning through SCIM, and they are fairly similar in nature.  The primary benefit to both of them is that they let your IdP be the source of truth for your user status since it will create the new users when they are added to the Zoom application in the IdP (immediately in Okta and within 45 minutes in Azure), and will deactivate them when they are removed from the application as well (same timeframes).  Additionally, if you enable the SCIM updates, if you update the email in the IdP, it will push the update to Zoom.

 

Since SCIM works in conjunction with SSO (pushing data vs. pulling data), there is no real negative to adding it.  The only thing to be aware of is that any of the fields that are in the SSO advanced mapping section will still need to be managed through SSO since the SCIM parameters only update the basic mapping attributes.

 

If this answers you question, please feel free to go ahead and click on 'Accept as Solution'

View solution in original post

3 REPLIES 3

Go to solution
colegs
Community Champion | Employee
Community Champion | Employee

‎2021-09-27 09:45 AM

Gandolf,

 

Both Okta and Azure support automatic provisioning through SCIM, and they are fairly similar in nature.  The primary benefit to both of them is that they let your IdP be the source of truth for your user status since it will create the new users when they are added to the Zoom application in the IdP (immediately in Okta and within 45 minutes in Azure), and will deactivate them when they are removed from the application as well (same timeframes).  Additionally, if you enable the SCIM updates, if you update the email in the IdP, it will push the update to Zoom.

 

Since SCIM works in conjunction with SSO (pushing data vs. pulling data), there is no real negative to adding it.  The only thing to be aware of is that any of the fields that are in the SSO advanced mapping section will still need to be managed through SSO since the SCIM parameters only update the basic mapping attributes.

 

If this answers you question, please feel free to go ahead and click on 'Accept as Solution'

Go to solution
Ladtohelp
Newcomer
Newcomer
In response to colegs

‎2022-04-27 04:22 PM

Does Zoom also allow Azure AD to also delete a user account from zoom? For e.g. if a user is removed deleted or removed from provisioning scope, will the zoom account also get deleted? 

Go to solution
Gandolf
Explorer
Explorer

‎2021-09-29 04:21 PM

Thanks to @colegs for clarifying these points! 

0 Likes