Ask Zac
Security & SSO advanced 30 minutes

How to set up SCIM provisioning for Zoom with Azure AD

Learn how to set up scim provisioning for zoom with azure ad. Step-by-step guide for Zoom administrators with prerequisites, detailed instructions, and troubleshooting tips.

Published February 26, 2026

Setting up SCIM (System for Cross-domain Identity Management) provisioning for Zoom with Azure Active Directory (Azure AD) allows you to automate user account creation, modification, and deactivation. To configure SCIM, you’ll need to create a Zoom application in Azure AD, configure SCIM settings within Azure AD using your Zoom SCIM base URL and token, and map the necessary user attributes between Azure AD and Zoom. This guide walks you through the complete setup process.

Prerequisites

  • A Zoom Business or Enterprise account.
  • Global Administrator access to your Azure AD tenant.
  • Owner or Admin privileges in Zoom.
  • A Zoom vanity URL to enable SCIM, if required by your Zoom account configuration.

Create the Zoom Application in Azure AD

  1. Sign in to the Azure portal (portal.azure.com) as a Global Administrator.
  2. Navigate to Azure Active Directory > Enterprise applications.
  3. Click New application.
  4. Click Create your own application.
  5. In the Name field, enter a descriptive name for the application (e.g., “Zoom SCIM Provisioning”).
  6. Select Non-gallery application and click Create.

Configure SCIM Provisioning in Azure AD

  1. Once the application is created, navigate to Provisioning in the left-hand menu.
  2. Click Get started.
  3. Select Automatic as the Provisioning Mode.
  4. In the Admin Credentials section:
    • For Tenant URL, enter your Zoom SCIM base URL. This is typically https://api.zoom.us/scim2. If you use a vanity URL, it will be something like https://yourvanityurl.zoom.us/scim2
    • For Secret Token, retrieve your SCIM token from the Zoom web portal. To do this:
      1. Sign in to the Zoom web portal as an admin.
      2. Navigate to User Management > Users.
      3. Click Group.
      4. Click Add Group.
      5. Enter the group name, description, and group type.
      6. Enable the SCIM toggle.
      7. Click Save.
      8. Copy the Secret Token provided in the SCIM section. Note: Save this token securely.
    • Paste the SCIM token into the Secret Token field in Azure AD.
  5. Click Test Connection to verify that Azure AD can connect to Zoom. If the connection fails, double-check your SCIM base URL and token.
  6. Click Save at the top of the screen to save the admin credentials.

Configure Attribute Mappings

  1. In the Provisioning section, expand the Mappings section.
  2. Click Provision Azure Active Directory Users.
  3. Examine the default attribute mappings. Ensure the following mappings exist and are configured correctly:
    • userPrincipalName maps to userName
    • displayName maps to displayName
    • givenName maps to name.givenName
    • surname maps to name.familyName
    • mail maps to emails[type eq "work"].value
  4. If needed, add or modify attribute mappings to align with your Zoom configuration. Click Add New Mapping to create a new mapping.
    • Source attribute: The Azure AD attribute.
    • Target attribute: The Zoom attribute. Refer to the Zoom SCIM2 API documentation for the supported attributes if needed. Common attributes include: userName, displayName, name.givenName, name.familyName, emails[type eq "work"].value, phoneNumbers[type eq "work"].value.
    • Ensure the ImmutableId property is mapped. Azure AD typically uses the objectId for this purpose.
  5. Click Save at the top of the screen to save the attribute mappings.
  6. Return to the Mappings screen and click Provision Azure Active Directory Groups.
  7. Ensure that ‘displayName’ maps to ‘displayName’ and ‘members’ maps to ‘$ref’.
  8. Click Save to save the attribute mappings.

Configure Provisioning Settings

  1. In the Settings section:
    • Select All users and groups to provision all users and groups from Azure AD to Zoom. Alternatively, select Only assigned users and groups to provision only those users and groups that are explicitly assigned to the Zoom application. The “Only assigned users and groups” option is generally recommended for production environments.
  2. Click Save to save the provisioning settings.

Start Provisioning

  1. Navigate back to the Provisioning screen.
  2. Click Start provisioning to begin the initial synchronization.
  3. Monitor the provisioning progress on the Provisioning screen. The Provisioning logs section displays detailed information about each provisioning operation.
  4. To enable on-demand provisioning, navigate to your Azure AD application, select Provisioning, and then select Provision on demand.

Assign Users and Groups to the Zoom Application (If Using “Only Assigned Users and Groups”)

  1. Navigate to Users and groups in the left-hand menu of the Zoom application in Azure AD.
  2. Click Add user/group.
  3. Select the users and groups that you want to provision to Zoom.
  4. Click Assign.

Common Issues

  • Connection Failure: Double-check the SCIM base URL and token. Ensure that the token is valid and has not expired.
  • Attribute Mapping Issues: Verify that the attribute mappings are correct and that the required attributes are being passed from Azure AD to Zoom. If a user is not being created, check that at least userName and displayName are correctly mapped.
  • Provisioning Stalled: Check the provisioning logs for errors. Review any error messages and take corrective action based on the guidance provided. Common issues include incorrect attribute values or missing required fields.
  • Users Not Being Deactivated: Ensure that the “Delete users out of scope” option is enabled in the provisioning settings if you want Azure AD to automatically deactivate users in Zoom when they are removed from the assigned users and groups in Azure AD.
  • Rate Limiting: SCIM API calls are subject to rate limits. If you encounter rate limiting errors, consider reducing the scope of the provisioning process or implementing retry logic in your application. Contact Zoom support if rate limiting continues to be a problem after optimization.

Frequently Asked Questions

What user attributes are synchronized from Azure AD to Zoom using SCIM?

Typically, attributes like user email, first name, last name, and user status (active/inactive) are synchronized. You can usually configure which attributes are synchronized within the Azure AD provisioning settings.

How long does it take for a user's profile to update in Zoom after a change in Azure AD?

The synchronization time depends on several factors, including the size of your directory and the provisioning cycle frequency configured in Azure AD. Generally, changes should reflect in Zoom within a few minutes to a few hours.

What happens to a Zoom user when their account is disabled in Azure AD?

When a user account is disabled in Azure AD, the SCIM integration should automatically deactivate the corresponding user account in Zoom. This removes the user's access to Zoom resources.

How do I troubleshoot errors during the SCIM provisioning process?

Azure AD provides provisioning logs that detail any errors encountered during synchronization. Reviewing these logs will often provide specific error messages and guidance on how to resolve the issue, such as attribute mapping problems or connectivity issues.

Need help configuring this?

Ask Zac can walk you through the setup step by step, or configure it for you automatically.

Try Ask Zac →