Ask Zac
User Provisioning advanced 30 minutes

How to provision Zoom users with Microsoft Azure AD

Learn how to provision zoom users with microsoft azure ad. Step-by-step guide for Zoom administrators with prerequisites, detailed instructions, and troubleshooting tips.

Published February 26, 2026

Provisioning Zoom users with Microsoft Azure AD (now known as Microsoft Entra ID) allows you to automate user account creation, updates, and deactivation. This guide outlines the steps to configure Zoom with Microsoft Entra ID for user provisioning. The basic steps involve creating an Enterprise Application in Azure AD, configuring provisioning settings with a secret token from Zoom, and assigning users or groups to the application.

Prerequisites

  • Zoom owner or admin privileges on a Business or Education account.
  • A Microsoft Entra ID (Azure AD) tenant with appropriate permissions to create and manage Enterprise Applications.
  • Users in Microsoft Entra ID who have Zoom licenses assigned or are intended to be assigned.
  • A plan that meets the requirements for SCIM provisioning.

Configure Zoom for SCIM Provisioning

  1. Sign in to the Zoom web portal as an administrator with the necessary privileges.
  2. Navigate to Advanced then App Marketplace.
  3. Search for Azure AD or Microsoft Entra ID.
  4. Find the Zoom app listed in the Marketplace.
  5. Click on the app to access the details page.
  6. Click Install to begin the installation process.
  7. Authorize Zoom to access the necessary permissions within your Azure AD tenant by following the on-screen prompts.
  8. Copy the Secret Token: After authorization, Zoom will generate a secret token or SCIM base URL. Make sure to securely store this token, as it will be used in Azure AD for provisioning. This might be located in the “Provisioning” tab of the app in the Zoom Marketplace.
  9. Retrieve SCIM Base URL: Obtain the SCIM Base URL from Zoom, typically formatted like: https://api.zoom.us/scim2. This URL, along with the secret token, will configure the connection in Azure AD.

Create the Enterprise Application in Azure AD

  1. Sign in to the Microsoft Entra admin center (previously Azure portal) as at least a Cloud Application Administrator.
  2. Browse to Identity > Applications > Enterprise applications.
  3. Click New application to create a new application.
  4. Click Create your own application.
  5. Enter a name for the application such as “Zoom User Provisioning”.
  6. Select “Integrate any other application you don’t find in the gallery (Non-gallery)”.
  7. Click Create.

Configure Provisioning in Azure AD

  1. Navigate to Identity > Applications > Enterprise applications.
  2. Select the “Zoom User Provisioning” application you created.
  3. Click on the Provisioning blade in the left-hand menu.
  4. Set the Provisioning Mode to “Automatic”.
  5. Configure Admin Credentials:
    • In the Tenant URL field, enter the SCIM base URL you obtained from Zoom (e.g., https://api.zoom.us/scim2).
    • In the Secret Token field, enter the secret token you copied from Zoom.
    • Click Test Connection to verify that Azure AD can successfully connect to Zoom using the provided credentials. Address any errors before proceeding.
  6. Configure Mappings:
    • Expand the Mappings section.
    • Click on Provision Azure Active Directory Users.
    • Review the default attribute mappings. Common mappings include:
      • userPrincipalName to userName
      • displayName to displayName
      • mail to emails[type eq "work"].value
      • givenName to name.givenName
      • surname to name.familyName
    • Add any additional attribute mappings required by Zoom, referring to the Zoom Phone SCIM attributes article if you are provisioning phone users. This may include department, job title, or other custom attributes.
    • Ensure the “Match objects using this attribute” is set to userPrincipalName for unique user identification.
    • Click Save after reviewing the mappings.
  7. Configure Settings:
    • Under the Settings section, ensure the Scope is set to “Sync only assigned users and groups” (recommended for a controlled rollout). Alternatively, you can choose “Sync all users and groups,” but be aware that this will provision all users in Azure AD to Zoom.
    • Optionally, provide a notification email address to receive notifications about provisioning failures.
  8. Enable Provisioning:
    • Set the Provisioning Status to On.
    • Click Save.

Assign Users and Groups

  1. Navigate to Identity > Applications > Enterprise applications.
  2. Select the “Zoom User Provisioning” application you created.
  3. Click on the Users and groups blade in the left-hand menu.
  4. Click Add user/group.
  5. Select the users and/or groups you want to provision to Zoom.
  6. Click Assign.

Monitor Provisioning

  1. Navigate to Identity > Applications > Enterprise applications.
  2. Select the “Zoom User Provisioning” application you created.
  3. Click on the Provisioning blade in the left-hand menu.
  4. Review the Provisioning logs for details on user and group synchronization. Address any errors or failures as needed.

Common Issues

  • Test Connection Failed: Verify the SCIM base URL and secret token are correct. Ensure there are no typos and that the token has not expired in Zoom. Double check that the Zoom App in Azure AD is properly authorized.
  • Users Not Provisioned: Confirm that the users are assigned to the application in Azure AD. Verify the provisioning status is set to “On”. Review the provisioning logs for errors. Ensure the user has a Zoom license assigned (either directly or through group assignment in Zoom, if applicable).
  • Attribute Mapping Errors: Double-check the attribute mappings for accuracy. Ensure the source and target attributes are compatible. If you are provisioning phone users, make sure to add all required attributes according to the Zoom Phone SCIM documentation.
  • Rate Limiting: Zoom may enforce rate limits on SCIM provisioning. If you encounter rate limiting errors, reduce the frequency of synchronization or contact Zoom support to increase your rate limit.
  • Incorrect License Assignment: If user provisioning is successful but licenses aren’t correctly assigned, double-check license settings within the Zoom admin portal and verify the logic for license assignments based on group membership in Azure AD is working as expected.

Frequently Asked Questions

How often does Azure AD synchronize user data with Zoom?

The synchronization frequency depends on your Azure AD configuration and the provisioning settings. Typically, Azure AD Connect synchronizes on a schedule, which you can customize, and Zoom will then reflect those changes during its own scheduled sync with Azure AD.

What user attributes are synchronized from Azure AD to Zoom?

The user attributes synchronized are configurable within the Azure AD provisioning settings. Common attributes include display name, email address, and user principal name, which Zoom uses to create and manage user accounts.

What happens if a user is disabled or deleted in Azure AD?

When a user is disabled or deleted in Azure AD, the change should be reflected in Zoom depending on your provisioning configuration. You can configure Azure AD to either disable the Zoom user or delete their account entirely.

Can I provision Zoom licenses automatically through Azure AD?

Yes, you can often automatically assign Zoom licenses to users based on their Azure AD group membership. This is typically configured within the Azure AD provisioning settings by mapping user attributes and license assignments.

Need help configuring this?

Ask Zac can walk you through the setup step by step, or configure it for you automatically.

Try Ask Zac →