Confirmation needed on SCIM2 and OAuth/JWT

Hi all,
I’m tasked with connecting zoom to our local IDM system, based on foregerock idm.
SSO based on Shibboleth took 30 minutes, but SCIM seems to be a lost cause.
The way I see it: zoom offers OAuth, but only for user access using the authorization code grant, which is not what should be used for IDM integration. Technically, client credentials would be a better alternative, but is unsupported by zoom.
Zoom expects the use of JWT-based authentication for my use case.

Forgerock offers OAuth-integration (using client credentials) or basic authentication to connect to zoom via SCIM. So I don’t see a way to integrate both products and since the SCIM standards seem to be very abstract about authentication (“use good one…”), I can’t even blame either side.

Am I missing any options? Will probably try to get an API gateway like gravetee to translate…

Best regards
Patrick

Hi @pvdh, I am not aware that we require JWT for SCIM; are there error codes you’re getting which shows this?

To make these requests with OAuth, create an Account-level OAuth App and add the SCIM2 scope to the app. This app will then need to be installed and used by an admin or account user with Single Sign-On edit permissions.

Account-level OAuth Scopes:

Required User permission, set by an Admin (with Role Management permissions):

Hi Michael,

you are missing “The way I see it: zoom offers OAuth, but only for user access using the authorization code grant, which is not what should be used for IDM integration. Technically, client credentials would be a better alternative, but is unsupported by zoom.”

I got zoom and SCIM working with OAuth2, but the way I see it that’s unsuitable for server2server-integration, therefore JWT seems to be the only viable option.

Best regards
Patrick

Hey @pvdh,

Correct, for searver2server use Zoom JWT Tokens.

Thanks,
Tommy