I was sent here from Zoom support (ticket # TS1682680) to seek help for an issue we are seeing for terminated/disabled users in our Entra>Zoom provisioning logs. The application is scoped down to a security group that the users have been removed from, and I have also deleted their Zoom accounts within the Zoom Admin console. Below is the error for one of these provisioning failures:
#### Error code: SystemForCrossDomainIdentityManagementServiceIncompatible Error message: Received response from Web resource. Resource: https://api.zoom.us/scim/Users/ovbZKpmCR56HST0lBCq8jA Operation: GET Response Status Code: BadRequest Response Headers: Connection: keep-alive x-zm-trackingid: v=2.0;clid=us06;rid=WEB_ea23c51ff35984bf5166fc2f93dc0ee1 x-content-type-options: nosniff pragma: no-cache x-zm-zoneid: VA CF-Cache-Status: DYNAMIC Cache-Control: no-store, no-transform, must-revalidate, no-cache Date: Fri, 21 Feb 2025 00:14:34 GMT Set-Cookie:'[Redacted]'; HttpOnly zm_haid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly zm_tmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly zm_htmaid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly cred=6894B27D7A40CBB870456F23DC12C89A; Path=/; Secure; HttpOnly _zm_ctaid=Vls6Ga9YR5SMxdVMkFbOhQ.1740096874181.6a534d4b60a46dfe54b4c84d079f6522; Max-Age=7200; Expires=Fri, 21 Feb 2025 02:14:34 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly _zm_chtaid=596; Max-Age=7200; Expires=Fri, 21 Feb 2025 02:14:34 GMT; Domain=zoom.us; Path=/; Secure; HttpOnly _zm_mtk_guid=1297a3f2bb1d47dbbe1f8ce6cd612c85; Max-Age=63072000; Expires=Sun, 21 Feb 2027 00:14:34 GMT; Domain=zoom.us; Path=/; Secure __cf_bm=rP_FATrALlOYwDy3n7vQhe02kgIKicUVY.9HuTvzEQQ-1740096874-1.0.1.1-72TSu2n3g_eJ506qOpRWn.1xxJmu19pSVKujOOuOoi6mQiz882eY3LxHUSGXRKJm8lqjpBRrhM3Qi7dXfcuyDQ; path=/; expires=Fri, 21-Feb-25 00:44:34 GMT; domain=.zoom.us; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CWhgZawGPtphC71LPuykCGLxDJ%2Bmv8HVFSgi4v9RzJbTShH36apjt%2FkT29IWVL%2Bute83mwHg6CWIk37%2FQj1xz33nlDJVUkbZHHx34p40MqvpD2PTI3OXd7bvyNoj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 915289771b6682e7-IAD a... This operation was retried 2 times. It will be retried again after this date: 2025-02-21T12:14:34.2773730Z UTC
I believe it may have something to do with our attribute mappings since we have 2 attribute mappings for userPrincipalName:
sername | userPrincipalName
active | Not([IsSoftDeleted])
emails[type eq “work”].value | userPrincipalName
name.givenName | givenName
name.familyName | surname
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department | department
userType | SingleAppRoleAssignment([appRoleAssignments])