Ask Zac
User Provisioning advanced 30 minutes

How to set up SCIM user provisioning for Zoom

Learn how to set up scim user provisioning for zoom. Step-by-step guide for Zoom administrators with prerequisites, detailed instructions, and troubleshooting tips.

Published February 26, 2026

Configuring SCIM (System for Cross-domain Identity Management) user provisioning for Zoom allows you to automate user account creation, modification, and deactivation using an identity provider (IdP) like Okta or Azure AD. The general process involves enabling SCIM in Zoom, configuring your IdP to connect to Zoom’s SCIM endpoint, and then mapping user attributes between your IdP and Zoom. This streamlined approach centralizes user management and ensures consistent user information across systems.

Prerequisites

  • A Zoom Business or Education account.
  • Zoom owner or admin privileges.
  • A supported Identity Provider (IdP) that supports SCIM 2.0 (e.g., Okta, Azure AD, OneLogin).
  • An understanding of your IdP’s user provisioning features.
  • A plan for how you will map user attributes between your IdP and Zoom (e.g., first name, last name, email, department). Consider the SCIM attributes for provisioning phone users if you intend to provision phone users.

Enable SCIM Provisioning in Zoom

  1. Sign in to the Zoom web portal as an administrator.
  2. In the navigation menu, click Advanced, then App Marketplace.
  3. Search for your Identity Provider (e.g., Okta, Azure AD) in the Marketplace. If a pre-built Zoom app for your IdP exists, it is recommended to install it. Otherwise, continue with the generic SCIM setup.
  4. If installing a pre-built app, follow the instructions provided by Zoom and your IdP for configuring the integration. If not, continue with these steps.
  5. In the Zoom web portal, navigate to User Management then Users.
  6. Click the Provisioning tab (this tab might not appear until SCIM is enabled at the account level via the Marketplace). If you do not see a Provisioning tab, you might need to manually create a SCIM app in your IdP. See your IdP documentation for how to configure a SCIM integration manually.
  7. Find the section related to SCIM. This section will vary depending on your IdP integration method.
  8. Typically, you will be prompted to generate a Secret Token or Bearer Token. This token is crucial for authenticating your IdP with Zoom. Generate this token and store it securely. You will only see it once.
  9. Also locate the SCIM base URL. This URL is needed in the next section. It is usually in the format https://api.zoom.us/scim2.
  10. Keep this page open, as you will need the Secret Token and SCIM base URL in the next section.

Configure SCIM in your Identity Provider (IdP)

The following steps are generalized and will vary significantly based on the specific IdP you are using (Okta, Azure AD, etc.). Consult your IdP’s documentation for precise instructions.

  1. Sign in to your Identity Provider’s admin portal.

  2. Create a new application or integration. Search for a pre-built “Zoom” app in your IdP’s app catalog. Using the pre-built app is the recommended approach if available.

  3. If no pre-built app is available, create a new application using the SCIM 2.0 protocol (or equivalent).

  4. Configure the SCIM base URL or Tenant URL. This is the SCIM base URL you obtained from the Zoom web portal in the previous section.

  5. Enter the Secret Token or Bearer Token in the appropriate field. This is the Secret Token you obtained from the Zoom web portal in the previous section.

  6. Enable SCIM provisioning for the application.

  7. Configure the supported SCIM operations (Create, Read, Update, Delete). Ensure all operations are enabled for full SCIM functionality.

  8. Configure user attribute mappings. This is a critical step. Map the attributes in your IdP to the corresponding attributes in Zoom. At a minimum, you should map:

    • userName (IdP) to userName (Zoom) (typically email address)
    • name.givenName (IdP) to givenName (Zoom) (First Name)
    • name.familyName (IdP) to familyName (Zoom) (Last Name)
    • active (IdP) to active (Zoom) (User Status - enables/disables user)

    You may also map other attributes such as:

    • department (IdP) to department (Zoom)
    • title (IdP) to title (Zoom)
    • For Zoom Phone provisioning, refer to the SCIM attributes for provisioning phone users documentation.

  9. Test the connection between your IdP and Zoom. Most IdPs provide a “Test Connection” button to verify that the SCIM configuration is correct.

  10. Assign users or groups to the Zoom application in your IdP. This will trigger the provisioning process.

Verify User Provisioning

  1. In your IdP, assign a test user to the Zoom application.
  2. In the Zoom web portal, navigate to User Management then Users.
  3. Verify that the test user has been created in Zoom with the correct attributes. It might take a few minutes for the user to appear.
  4. Update the test user’s attributes in your IdP (e.g., change their department).
  5. Verify that the changes are reflected in the Zoom web portal.
  6. Deactivate the test user in your IdP.
  7. Verify that the user is deactivated in the Zoom web portal.

Common Issues

  • Invalid Credentials: Double-check the Secret Token and SCIM base URL. Ensure that the token has not expired or been revoked. Regenerate a new token in the Zoom portal, and update your IdP.
  • Attribute Mapping Errors: Ensure that the attribute mappings are correct and that the data types are compatible between your IdP and Zoom. Review your IdP logs for specific error messages related to attribute mapping.
  • SCIM Not Enabled: Verify that SCIM provisioning is enabled in both your IdP and Zoom account. Some features require explicit activation.
  • Rate Limiting: SCIM requests can be subject to rate limits. If you are provisioning a large number of users, consider implementing batch processing or throttling to avoid exceeding the limits. Consult the Zoom API documentation for details on rate limits.
  • User Already Exists: If a user already exists in Zoom with the same email address, provisioning might fail. Ensure that user accounts are unique and that there are no conflicting accounts. Consider using the userName attribute as the unique identifier for users.

Frequently Asked Questions

What information do I need to gather before I start the SCIM setup process?

You'll need your Zoom account ID, the SCIM base URL for your identity provider (IdP), and a bearer token or API key from your IdP for authentication. Make sure your IdP supports the SCIM 2.0 standard, which Zoom requires.

How often does SCIM provisioning synchronize user data between my IdP and Zoom?

The synchronization frequency depends on your IdP's configuration. Most IdPs offer near real-time synchronization for user creation, updates, and deactivations, but you should check your IdP's documentation for specifics.

What happens to Zoom accounts when a user is deactivated in my IdP?

When a user is deactivated in your IdP, the corresponding Zoom account can be either deactivated or deleted, depending on the SCIM configuration settings you choose in your IdP. Ensure your configuration aligns with your organization's data retention policies.

Can I provision user groups using SCIM?

Yes, SCIM allows you to provision user groups from your IdP to Zoom. This allows you to manage user access and permissions in Zoom based on group memberships defined in your IdP.

Need help configuring this?

Ask Zac can walk you through the setup step by step, or configure it for you automatically.

Try Ask Zac →