Ask Zac
Security & SSO advanced 30 minutes

How to set up SCIM provisioning for Zoom with Okta

Learn how to set up scim provisioning for zoom with okta. Step-by-step guide for Zoom administrators with prerequisites, detailed instructions, and troubleshooting tips.

Published February 26, 2026

SCIM (System for Cross-domain Identity Management) provisioning automates user account creation, modification, and deactivation between Okta and Zoom. This guide outlines the steps to configure SCIM provisioning for Zoom using Okta, enabling streamlined user management. The primary steps involve configuring the Zoom SCIM app in Okta and enabling SCIM in your Zoom account.

Prerequisites

  • An Okta administrator account with permissions to manage applications.
  • A Zoom administrator account with privileges to configure SCIM.
  • A Zoom Business or Enterprise account plan is required.
  • Ensure you have a dedicated Okta instance set up and ready for integration.

Configure the Zoom SCIM App in Okta

  1. Add the Zoom Application: In the Okta Admin Console, navigate to Applications > Applications. Click Browse App Catalog.
  2. Search for Zoom: Search for “Zoom” in the app catalog and select the official Zoom SCIM application. Click Add.
  3. General Settings: Configure the general settings for the application. You can customize the application label if needed. Click Done.
  4. Provisioning Settings: Go to the Provisioning tab of the Zoom application.
  5. Configure API Integration: Click Configure API integration. Check the Enable API integration box.
  6. Authentication Credentials: In the API Token field, you will need the SCIM secret token from Zoom. Leave Okta open and proceed to the next section to retrieve the token from Zoom.

Enable SCIM in Zoom

  1. Sign in to the Zoom web portal: As an administrator, sign in to the Zoom web portal.
  2. Navigate to User Management: In the navigation menu, click User Management then User Provisioning.
  3. Configure SCIM: Click the SCIM tab.
  4. Generate Secret Token: Under Secret Token, click Generate Token. A new token will be displayed.
  5. Copy the Secret Token: Copy the generated token. This token is used to authenticate with Zoom’s SCIM API.
  6. Save the Secret Token Securely: Store the token in a secure location. You will not be able to view the token again after closing the window, but you can generate a new one if needed.

Configure API Integration in Okta (Complete)

  1. Return to Okta: Return to the Okta Admin Console and the Zoom application’s Provisioning tab.
  2. Paste the Secret Token: Paste the copied secret token into the API Token field.
  3. Test API Credentials: Click Test API Credentials. If the test is successful, a confirmation message is displayed. Click Save.
  4. Edit Provisioning Settings: Click Edit in the Provisioning to App section.
  5. Enable Provisioning Features: Select the provisioning actions you want to enable:
    • Create Users: Enable this to automatically create new Zoom users from Okta.
    • Update User Attributes: Enable this to update user attributes (e.g., email, first name, last name) in Zoom when they are changed in Okta.
    • Deactivate Users: Enable this to automatically deactivate Zoom users when their Okta accounts are deactivated.
  6. Attribute Mappings: Review and customize the attribute mappings between Okta and Zoom. Ensure that the required attributes (e.g., userName, emails.value, name.givenName, name.familyName) are mapped correctly.
  7. Save Provisioning Settings: Click Save.
  8. Assignment Settings: In Okta, go to the Assignments tab of the Zoom application.
  9. Assign Users or Groups: Assign the Zoom application to individual users or groups in Okta. This will trigger the provisioning process for those users.

Push Groups (Optional)

  1. Enable Push Groups: In the Okta Admin Console, go to the Push Groups tab of the Zoom application.
  2. Create Group Push Rule: Click Push Groups > Push groups by name or Push groups by filter.
  3. Configure Group Push: Specify the Okta groups that you want to push to Zoom. When you push a group, Okta creates a corresponding group in Zoom and automatically adds and removes users based on the group membership in Okta.
  4. Choose Create, Update, and Delete Options: Decide if group membership changes in Okta should create, update, or delete the group in Zoom.
  5. Save Push Group Rule: Save the Push Group rule in Okta.

Common Issues

  • API Token Invalid: Double-check that the API token is copied correctly from Zoom and pasted into Okta. If you suspect the token is compromised, generate a new token in Zoom and update it in Okta.
  • Attribute Mapping Errors: If user attributes are not synchronizing correctly, review the attribute mappings in the Okta Zoom application’s provisioning settings. Ensure that the source and target attributes are correctly mapped.
  • User Not Provisioned: If a user is not being provisioned, verify that they are assigned to the Zoom application in Okta and that the provisioning features (Create Users, Update User Attributes) are enabled. Also, check the Okta System Log for any errors related to the Zoom application.
  • Rate Limiting: Zoom’s SCIM API is subject to rate limits. If you are provisioning a large number of users, you may encounter rate limiting errors. Consider staggering the provisioning process or contacting Zoom support to request an increase in your rate limit.
  • Group Push Errors: Verify that the push group rules are configured properly. Ensure there are no conflicting rules and the proper permissions are set for group creation within Zoom.

Frequently Asked Questions

What Zoom plan do I need to use SCIM provisioning with Okta?

You must have a Zoom Business or Enterprise plan to utilize SCIM provisioning with Okta. Basic (free) accounts do not support SCIM provisioning.

How do I find my Zoom SCIM base URL and API token?

The Zoom SCIM base URL and API token are generated within your Zoom account's SCIM settings. Navigate to the 'App Marketplace,' configure a SCIM app, and then generate the necessary credentials.

What user attributes are synchronized between Okta and Zoom using SCIM?

SCIM synchronizes attributes like username, email, first name, last name, and user status (active/inactive) between Okta and Zoom. You can typically customize attribute mappings within the Okta Zoom application settings.

What happens to a Zoom user account when it's deactivated in Okta?

When a user account is deactivated in Okta, the SCIM integration will typically either deactivate the user in Zoom or remove the user's Zoom license, depending on your configuration settings.

Need help configuring this?

Ask Zac can walk you through the setup step by step, or configure it for you automatically.

Try Ask Zac →