This guide covers the complete Zoom + Okta integration — SSO for authentication, SCIM for automated user lifecycle, group-based license management, and how Okta compares to other identity providers for Zoom.
Each integration has its own detailed setup guide — use this page to understand what’s available, then follow the links for step-by-step instructions.
Integration Overview
| Integration | What It Does | Complexity | Guide |
|---|---|---|---|
| SAML SSO | Users sign into Zoom with Okta credentials | Medium | Setup guide → |
| SCIM Provisioning | Auto-create and deactivate Zoom users from Okta | Medium | Setup guide → |
| Group Push | Map Okta groups → Zoom groups for license assignment | Medium | Included in SCIM guide → |
| Lifecycle Management | Automate onboarding/offboarding across Zoom | Low (after SCIM) | Included in SCIM guide → |
Setup order: SSO first (so users can authenticate), then SCIM provisioning, then group push for license management.
SAML SSO
SSO is the foundation. Users authenticate to Zoom using their Okta credentials, and you get centralized access control, MFA enforcement, and instant deprovisioning.
What you need: Okta (any edition), Zoom Business/Enterprise, a vanity URL.
What it does: Users go to yourcompany.zoom.us, get redirected to Okta, authenticate (with MFA if configured), and land in Zoom. No separate Zoom password. Disable a user in Okta and they lose Zoom access immediately.
Full setup guide: How to set up Zoom SSO with Okta →
SCIM Provisioning + Group Push + Lifecycle
SCIM automates the entire user lifecycle — onboarding, role changes, and offboarding. Group push adds license management on top.
What you need: Okta with provisioning support, Zoom Business/Enterprise, SSO configured.
What it does:
- Onboarding: HR creates user → Okta provisions Zoom account → group push assigns the right license
- Role change: User moves Okta groups → Zoom group and license update automatically
- Offboarding: HR deactivates user → Okta deactivates Zoom account → license freed, recordings preserved
Full setup guide: How to set up Zoom SCIM with Okta →
Identity Provider Comparison
Okta isn’t the only way to manage Zoom identity. Here’s how it compares to alternatives.
SSO Provider Comparison
| Capability | Okta | Microsoft Entra ID | Google Workspace | OneLogin | JumpCloud |
|---|---|---|---|---|---|
| SAML SSO for Zoom | Yes (OIN app) | Yes (gallery app) | Yes (pre-built) | Yes | Yes |
| SCIM provisioning | Yes | Yes | Yes | Yes | Yes |
| Group-based licensing | Via group push | Via group provisioning | Via OU-based provisioning | Via mappings | Via groups |
| MFA for Zoom access | Okta Verify, FIDO2, SMS | Microsoft Authenticator, FIDO2 | Google prompts, FIDO2 | OneLogin Protect | JumpCloud Protect |
| Conditional access | Okta policies | Entra Conditional Access | Context-aware access | SmartFactor | Conditional policies |
| Lifecycle automation | Okta Workflows | Power Automate + Entra | Limited (Apps Script) | SmartHooks | Limited |
| Zoom-specific app | Dedicated, well-maintained | Dedicated, well-maintained | Pre-built | Available | Available |
When to Choose Each
| If Your Organization… | Best Choice | Why |
|---|---|---|
| Is a Microsoft 365 shop | Entra ID | Already included in E3/E5. See Microsoft integration guide → |
| Uses Google Workspace primarily | Google Workspace | SSO included in Workspace. See Google integration guide → |
| Needs a dedicated identity platform | Okta | Best-in-class IdP with the deepest provisioning and lifecycle features |
| Is a small/mid-size org wanting simplicity | JumpCloud | Directory + SSO + device management in one platform |
| Has complex multi-app SSO needs | Okta or OneLogin | Purpose-built for managing SSO across 50+ applications |
Pricing Context
| Provider | SSO Cost for Zoom | Notes |
|---|---|---|
| Okta | $2-6/user/month (SSO) + $4-8/user/month (lifecycle) | Dedicated IdP cost on top of other subscriptions |
| Entra ID | Included in Microsoft 365 E3/E5 | P1 ($6/user/month standalone) for conditional access |
| Google Workspace | Included in Business Standard+ ($14+/user/month) | SSO is part of the Workspace admin console |
| OneLogin | $2-4/user/month (SSO) | Similar positioning to Okta at lower price |
| JumpCloud | Free up to 10 users; $7-15/user/month after | All-in-one directory, SSO, MDM |
Key takeaway: If you already pay for Microsoft 365 E3/E5 or Google Workspace Business Standard+, SSO and SCIM for Zoom is included at no extra cost. Okta makes sense when you need a dedicated identity platform that manages SSO across many applications, or when you need advanced lifecycle automation (Okta Workflows) that bundled providers don’t offer.
Deployment Checklist
- Configure Zoom vanity URL — required before SSO setup
- Set up SAML SSO — add Zoom from OIN, configure SAML, test with a pilot user
- Enable SCIM provisioning — generate SCIM token, configure Okta provisioning
- Set up group push — map Okta groups to Zoom groups for license control
- Set default license type in Zoom as a fallback
- Disable self-signup in Zoom to prevent duplicate accounts
- Set managed domains in Zoom to claim your email domain
- Test user creation — assign a test user, verify Zoom account created with correct license
- Test deprovisioning — unassign a test user, verify deactivation in Zoom
- Document group mappings — record which Okta groups map to which Zoom groups and licenses
Common Issues
- Not sure where to start — Start with SSO. Identity is the foundation — SCIM and group push build on top.
- SSO redirect loop — Entity ID mismatch. See SSO troubleshooting.
- SCIM token expired — Regenerate in Zoom and update in Okta. See SCIM troubleshooting.
- Wrong license assigned — Check Zoom default user type and group push configuration. See SCIM guide.
- Provisioning fails after Zoom license changes — Remove hardcoded
userTypevalues. See SCIM troubleshooting. - Duplicate accounts — Disable self-signup in Zoom. See SCIM troubleshooting.