--- title: Creating a Zoom connection description: Use a Zoom connection to enable provisioning from PingOne to the Zoom user directory. component: pingone page_id: pingone:integrations:p1_creating_zoom_connection canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_creating_zoom_connection.html revdate: June 4, 2025 page_aliases: ["p1_zoom_provisioning_features.adoc", "p1_zoom_attribute_mapping.adoc", "p1_creating_an_application_in_zoom.adoc"] section_ids: before-you-begin: Before you begin steps: Steps result: Result: result-2: Result: troubleshooting: Troubleshooting: result-3: Result next-steps: Next steps zoom-provisioning-features: Zoom provisioning features p1_zoom_application: Creating an application in Zoom steps-2: Steps result-4: Result: zoom-attribute-mapping: Zoom attribute mapping --- # Creating a Zoom connection Use a Zoom connection to enable provisioning from PingOne to the Zoom user directory. ## Before you begin Make sure that you have: * Reviewed the following Zoom documentation: * [Accessing SAML Response Logs](https://support.zoom.us/hc/en-us/articles/360036466191-Accessing-SAML-Response-Logs) * [SCIM2 API](https://developers.zoom.us/docs/api/rest/scim-api/) * [SCIM2 API User attributes](https://developers.zoom.us/docs/api/scim2/#tag/user/POST/scim2/Users) * A Zoom system administrator account. * The Account ID, Client ID, and Client secret for a Server-to-Server OAuth application. Learn more in [Creating an application in Zoom](#p1_zoom_application). | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Zoom has deprecated the JWT app type. You should create new apps of Server-to-Server OAuth type. Learn more in the [Create a Server-to-Server OAuth app](https://developers.zoom.us/docs/internal-apps/create/) in the Zoom documentation. | ## Steps 1. In the PingOne admin console, go to **Integrations > Provisioning**. 2. Click **[icon: plus, set=fa]**and then click **New Connection**. 3. On the **Identity Store** line, click the **Select**. 4. On the **Zoom** tile, click **Select**. Click **Next**. 5. Enter a name and description for this provisioning connection. ### Result: The connection name appears in the provisioning list after you save the connection. 6. Click **Next**. 7. In the **Configure Authentication** section, enter the values for the following fields: | | | | - | -------------------------------------------------------------------------------------------------- | | | Learn more about finding these values, in [Creating an application in Zoom](#p1_zoom_application). | | Field | Value | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **SCIM URL** | The fully qualified URL for the SCIM resource, such as `https://api.zoom.us/scim2`. | | **Authentication Method** | Select the available authentication method: **OAuth Bearer Token** for Server-to-Server OAuth applications. The configuration fields will change appropriately. | | **OAuth Token URL** | The fully qualified URL for the token resource, such as `https://zoom.us/oauth/token`. | | **OAuth Account ID** | The account ID to identify the connected Server-to-Server OAuth application in Zoom. | | **OAuth Client ID** | The client ID to identify the connected Server-to-Server OAuth application in Zoom. | | **OAuth Client Secret** | The credentials for the connected Server-to-Server OAuth application in Zoom. | 8. Click **Test connection** to verify that PingOne can establish a connection to Zoom. ### Result: If there are any issues with the connection, a **Test Connection Failed** modal opens. Click **Continue** to resume the setup with an invalid connection. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You can't use the connection for provisioning until you've established a valid connection to Zoom. To retry, click **Cancel** in the **Test Connection Failed** modal and repeat step 7. | ### Troubleshooting: Learn more about troubleshooting your connection in [Troubleshooting test connection failure](p1_provisioning_troubleshooting_test_connection_failure.html). 9. In the **Configure Preferences** and **Users Actions** sections, configure the following: | Field | Description | | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Enable users creation** | Determines whether to create a user in the target identity store when the user is created in the source identity store. | | **Enable users updation** | Determines whether to update user attributes in the target identity store when the user is updated in the source identity store.If **Enable users updation** is selected, you can choose to select **Enable users disable** which determines whether to disable a user in the target identity store when the user is disabled in the source identity store. | | **Enable users deprovision** | Determines whether to deprovision a user in the target identity store when the user is deprovisioned in the source identity store.If Enable users deprovision is selected, the following configurations appear.- **Remove Action**: Determines whether to remove or disable a user in the target identity store when the user is deleted in the source identity store. Select **Delete** or **Disable**. Remove Action is only available if you select Enable users disable. - **Deprovision on rule deletion**: Determines whether to deprovision users if the associated provisioning rule is deleted. | 10. Click **Save**. 11. To enable the connection, click the toggle at the top of the details panel to the right (blue). | | | | - | ------------------------------------------------------------------------- | | | You can disable the connection by clicking the toggle to the left (gray). | ## Result The Zoom provisioning connection is added to the list of connections on the **Provisioning** page. ## Next steps Define which users are provisioned and how attributes are mapped between PingOne and an external identity store, Learn more in [Creating an outbound rule](p1_create_provisioning_rule_outbound.html). ## Zoom provisioning features Provision users from the PingOne identity store to a Zoom identity store. The provisioner offers the following features: * Manages users in Zoom based on changes in an external data store that is attached to PingOne. * Creates, updates, and disables or deletes users. * Enable the create, update, and disable or delete capabilities independently. * Choose to disable or delete users when deprovisioning. ## Creating an application in Zoom Use the Zoom App Marketplace to create a connected application of Server-to-Server OAuth type. You'll copy the Account ID, Client ID, and Client secret, and enter them into PingOne to create a Zoom connection. ### Steps 1. Sign on to the [Zoom App Marketplace](https://marketplace.zoom.us/) as an administrator. 2. On the navigation bar, click **Develop**, and then click **Build App**. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Zoom has deprecated the JWT app type. You should create new apps of Server-to-Server OAuth type. For more information, see the [JWT App Type Deprecation FAQ](https://developers.zoom.us/docs/internal-apps/jwt-faq/) in the Zoom documentation. | 3. On the **Choose your app type** page, in the **Server-to-Server OAuth** tile, click **Create**. 4. On the **Create a Server-to-Server OAuth** page, in the **App Name** field, enter a name and click **Create**. #### Result: The **Account ID**, **Client ID**, and **Client Secret** for your new application are shown on the **App credentials** tab. Remember where this information is stored, because you'll need it to create a provisioning connection. 5. On the **Information** tab, add information about your app, such as a meaningful short description that will help others understand its purpose. 6. Scroll down and enter the company name, which is required to activate your app. 7. Scroll down to the **Developer Contact Information** section of the page, enter your name and email address in the appropriate fields. Click **Continue**. 8. On the **Feature** tab, enable the features you're interested in, such as events, team chats, and multi-platform support. Click **Continue**. 9. On the **Scopes** tab, click **[icon: plus, set=fa]Add Scopes**. On the **Add scopes** page, add the following scopes: * User scopes * **View and manage sub account's user information** (user:master) * **View all user information** (user:read:admin) * **View users information and manage users** (user:write:admin) * Account scopes * **View and manage sub accounts** (account:master) * **View account info** (account:read:admin) * **View and manage account info** (account:write:admin) * SCIM2 scopes * **Call Zoom SCIM2 API** (scim2) 10. Click **Done**, and then click **Continue**. 11. On the **Activation** page, click **Activate your app**. ## Zoom attribute mapping The following table lists common Zoom user attributes that can be mapped to PingOne user attributes for user provisioning. | Attribute | Description | | -------------- | --------------------------------------------------------------------------------------------------------------------------------- | | `Username` | The user's unique username and Zoom login. | | `Given Name` | The user's first name. | | `Family Name` | The user's last name. | | `Email` | The user's email address. | | `Phone` | The phone number for the user, formatted as `+1 5125550123`. | | `Active` | The status of the user account in Zoom. | | `User Type` | The type of account for the user. For example, `Basic`, `Pro`, or `Corp`. | | `Roles` | Roles held by the user, such as `Student` or `Engineer`. | | `Title` | The user's title, such as `Manager` or `CEO`. | | `Department` | The user's department or work group, such as `Marketing`. | | `Organization` | The user's organization, typically a company or school. | | `Locale` | The user's default location for purposes of localizing things like currency, date, and time format, or numerical representations. | | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You should map both `username` and `email` target attributes to the same source attribute in PingOne.This avoids the following inconsistent provisioning behavior when `username` and `email` target attributes in Zoom are mapped to different source attributes in PingOne:- The `username` attribute of a user-created POST API call is the only value read by Zoom, and set to both username and email. - The `email` attribute of a user-updated PUT API call is the only value read by Zoom, and set to both username and email. |