Zoomtopia is here. Unlock the transformative power of generative AI, helping you connect, collaborate, and Work Happy with AI Companion.
Register nowEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Learn moreKeep your Zoom app up to date to access the latest features.
Download Center Download the Zoom appDownload hi-res images and animations to elevate your next Zoom meeting.
Browse Backgrounds Zoom Virtual BackgroundsEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Zoom AI Companion2022-02-11 07:33 AM
Use Case:
I have a requirement to add a SAML Response Mapping to Employee Unique ID to avoid duplicate account creations when end users names change, specifically their email address. This causes duplicate account creation and consumes a Zoom pro license.
Question:
If I enter <NameID> into the SAML Response Mapping for Employee Unique ID, what is the net effect to the end users when signing into their Zoom account using SSO? Does <NameID> impact how end users authenticate using SSO or if they attempt to sign in with their email address and password at sign-on?
Thank you
Doug
2022-02-11 01:00 PM
Doug,
So using <NameID> (or anything else for that is constant and unique for the user) will have not impact on the user experience. The logic works like this:
1) First time the user signs in after you have mapped the Unique Id, it will associate that value to the user as their unique identifier.
2) User continues to use their email address to sign into SSO.
3) If in the future you change the user's email in your IdP, the user will start signing in using that email address. When the response comes back with a different email but the known Unique Id, it will update the user's email in Zoom.
4) If for some reason you have to change the unique id (e.g. you switch IdPs), the user has to sign in with the known email address and the new Unique Id will be associated to their account.
I hope this helps. If it answers your question, please click on 'Accept as Solution' below.
2023-02-20 07:08 PM - edited 2023-02-20 08:09 PM
If I want the Azure EmployeeID attribute to be the Zoom Employee Unique ID how do I complete that mapping? I'm unclear on what needs to be entered in the Zoom Employee Unique ID field under SAML Response Mapping to make that happen.
Do I need to do some work on the Azure end first (e.g. create an additional claim)? Note, I've already followed the basic instructions and SSO is setup in Zoom but have yet to add any users via SSO.
2023-04-14 08:16 AM
We are working on implementing this and I have a follow-up question. On Step one, We already have 1,200 users and about 1,000 of them are SSO users. When we map the Unique ID, will it create a new account for those 1,000 SSO users? Or will it just sync their new Unique ID to their existing account and moving forward, should a name change occur, it will sync based off the Unique ID?
2023-06-08 12:00 PM
Sorry for the delay. The logic works that if it finds and existing user with the same email address, it will map the unique id to that user. If there is no matching email, it creates a new user.
2023-01-04 08:47 AM
What unique ID is typically used in a windows Active Directory domain to keep duplicate accounts from being created? Putting <NameID> in the Unique ID field is not preventing the duplicate accounts from being created. I would think that a guid or sid or something like that would be preferred, but how do I reference that mapping?
2023-01-16 09:18 AM
@strapanese NameId would only work if that is guaranteed unique in the IdP. If you want to use some other forma GUID, you need to pass it on the IdP side, them map it on the Zoom Attributes.
2023-01-21 08:39 AM
That worked!! Thank you so much.