PingOne

Creating a Zoom connection

Use a Zoom connection to enable provisioning from PingOne to the Zoom user directory.

Before you begin

Make sure that you have:

Steps

  1. In the PingOne admin console, go to Integrations > Provisioning.

  2. Click and then click New Connection.

  3. On the Identity Store line, click the Select.

  4. On the Zoom tile, click Select. Click Next.

  5. Enter a name and description for this provisioning connection.

    Result:

    The connection name appears in the provisioning list after you save the connection.

  6. Click Next.

  7. In the Configure Authentication section, enter the values for the following fields:

    Learn more about finding these values, in Creating an application in Zoom.
    Field Value

    SCIM URL

    The fully qualified URL for the SCIM resource, such as https://api.zoom.us/scim2.

    Authentication Method

    Select the available authentication method: OAuth Bearer Token for Server-to-Server OAuth applications. The configuration fields will change appropriately.

    OAuth Token URL

    The fully qualified URL for the token resource, such as https://zoom.us/oauth/token.

    OAuth Account ID

    The account ID to identify the connected Server-to-Server OAuth application in Zoom.

    OAuth Client ID

    The client ID to identify the connected Server-to-Server OAuth application in Zoom.

    OAuth Client Secret

    The credentials for the connected Server-to-Server OAuth application in Zoom.

  8. Click Test connection to verify that PingOne can establish a connection to Zoom.

    Result:

    If there are any issues with the connection, a Test Connection Failed modal opens. Click Continue to resume the setup with an invalid connection.

    You can’t use the connection for provisioning until you’ve established a valid connection to Zoom. To retry, click Cancel in the Test Connection Failed modal and repeat step 7.

    Troubleshooting:

    Learn more about troubleshooting your connection in Troubleshooting test connection failure.

  9. On the Actions section, enter the following:

    Field Description

    Allow Users to be Created

    Determines whether to create a user in the Zoom user directory when the user is created in the PingOne identity store.

    Allow Users to be Updated

    Determines whether to update user attributes in the Zoom user directory when the user is updated in the PingOne identity store.

    Allow Users to be Disabled

    When a user is disabled in the PingOne identity store, PingOne disables the user in the external identity store.

    Allow Users to be Deprovisioned

    Determines whether to deprovision a user in the Zoom user directory when the user is deprovisioned in the PingOne identity store.

    Remove Action

    Determines the action to take when removing a user from the Zoom user directory.

    Disable: When a user is deprovisioned from the PingOne identity store, PingOne disables the user in the external identity store.

    Delete: When a user is deprovisioned from the PingOne identity store, PingOne deletes the user in the external identity store.

    Deprovision on Rule Deletion

    Determines whether to deprovision users that were provisioned using this rule if the rule is deleted.

  10. Click Save.

  11. To enable the connection, click the toggle at the top of the details panel to the right (blue).

    You can disable the connection by clicking the toggle to the left (gray).

Result

The Zoom provisioning connection is added to the list of connections on the Provisioning page.

Next steps

Define which users are provisioned and how attributes are mapped between PingOne and an external identity store, Learn more in Creating an outbound rule.

Zoom provisioning features

Provision users from the PingOne identity store to a Zoom identity store.

The provisioner offers the following features:

  • Manages users in Zoom based on changes in an external data store that is attached to PingOne.

  • Creates, updates, and disables or deletes users.

  • Enable the create, update, and disable or delete capabilities independently.

  • Choose to disable or delete users when deprovisioning.

Creating an application in Zoom

Use the Zoom App Marketplace to create a connected application of Server-to-Server OAuth type. You’ll copy the Account ID, Client ID, and Client secret, and enter them into PingOne to create a Zoom connection.

Steps

  1. Sign on to the Zoom App Marketplace as an administrator.

  2. On the navigation bar, click Develop, and then click Build App.

    Zoom has deprecated the JWT app type. You should create new apps of Server-to-Server OAuth type. For more information, see the JWT App Type Deprecation FAQ in the Zoom documentation.

  3. On the Choose your app type page, in the Server-to-Server OAuth tile, click Create.

  4. On the Create a Server-to-Server OAuth page, in the App Name field, enter a name and click Create.

    Result:

    The Account ID, Client ID, and Client Secret for your new application are shown on the App credentials tab. Remember where this information is stored, because you’ll need it to create a provisioning connection.

  5. On the Information tab, add information about your app, such as a meaningful short description that will help others understand its purpose.

  6. Scroll down and enter the company name, which is required to activate your app.

  7. Scroll down to the Developer Contact Information section of the page, enter your name and email address in the appropriate fields. Click Continue.

  8. On the Feature tab, enable the features you’re interested in, such as events, team chats, and multi-platform support. Click Continue.

  9. On the Scopes tab, click Add Scopes. On the Add scopes page, add the following scopes:

    • User scopes

      • View and manage sub account’s user information (user:master)

      • View all user information (user:read:admin)

      • View users information and manage users (user:write:admin)

    • Account scopes

      • View and manage sub accounts (account:master)

      • View account info (account:read:admin)

      • View and manage account info (account:write:admin)

    • SCIM2 scopes

      • Call Zoom SCIM2 API (scim2)

  10. Click Done, and then click Continue.

  11. On the Activation page, click Activate your app.

Zoom attribute mapping

The following table lists common Zoom user attributes that can be mapped to PingOne user attributes for user provisioning.

Attribute Description

Username

The user’s unique username and Zoom login.

Given Name

The user’s first name.

Family Name

The user’s last name.

Email

The user’s email address.

Phone

The phone number for the user, formatted as +1 5125550123.

Active

The status of the user account in Zoom.

User Type

The type of account for the user. For example, Basic, Pro, or Corp.

Roles

Roles held by the user, such as Student or Engineer.

Title

The user’s title, such as Manager or CEO.

Department

The user’s department or work group, such as Marketing.

Organization

The user’s organization, typically a company or school.

Locale

The user’s default location for purposes of localizing things like currency, date, and time format, or numerical representations.

You should map both username and email target attributes to the same source attribute in PingOne.

This avoids the following inconsistent provisioning behavior when username and email target attributes in Zoom are mapped to different source attributes in PingOne:

  • The username attribute of a user-created POST API call is the only value read by Zoom, and set to both username and email.

  • The email attribute of a user-updated PUT API call is the only value read by Zoom, and set to both username and email.