SAML Integration Issue - no user email

We are using SSO for our licensed Zoom accounts. Our University’s IDP does not always provide an email address in the returned SAML attributes. Only users who have flagged their email as public get the email attribute. For users with a private email address, we get a string of the form “fixedprefix_fe0a516ffd3fb78b1fad2693cd1df353”. This looks like some sort of hash – but of what I don’t know. Is there a way to map this hash string back to the original SAML attributes? My goal is to be able to associate a zoom account back to a user from our IDP.

We are using the API with JWT and various endpoints require us to specify a user by email address or zoom id. For accounts that only have the hash string instead of an email address, we can only use the zoom id. But we don’t have an easy way to get that id from the original user info without a one-to-one mapping from our data to zoom accounts.

Hi @robertom, pardon I’m not entirely sure yet. Are you using the SCIM2 API to List Users? Are these hashed private emails returned for your account?

Pardon my inability to test here, IDP setups being different make it difficult to reproduce this.

Hi @michael.harrington. I’m using the regular Zoom API. I’ll check out the SCIM2 API option, but I’m not totally clear on the difference.

Thanks,
Roberto

The SCIM2 API (System for Cross-identity Management 2.0) provides support for user provisioning with SSO / IDPs. Let me know if your SAML attributes map over here, or if there’s anything I can help with further.