Using this template helps us debug your issues more effectively
Description
I’m trying to build a new plugin for our ticketing automation system to create/delete accounts in Zoom (for employee onboarding workflow) via SCIM, and having a lot of issues along the way.
Error
When I do a normal oauth flow, I get back a token with the scopes ‘scim’, but when I try to query https://api.zoom.us/scim2/Users I get 401: Invalid access token. despite the token clearly coming back with the scim scope.
If I instead use the test url from my app developer page, and add in the needed state argument to pass my own checks, I get a token that works, sorta. When I query https://api.zoom.us/scim2/Users I get back 400: Account hasn't enabled Single Sign-On.
But when I go to enable SSO, I’m required to provide a bunch of SAML links that I don’t have because I don’t want to use SAML. I just want to read/create accounts fir the scim2/Users url.
Which App Type (OAuth / Chatbot / JWT / Webhook)?
Oauth/SCIM
We are using the owner account, so that’s covered.
The account is a business one we signed up specifically to build this integration.
We try to enable SSO, but like I said, we are not using SAML. (And there’s no technical requirement to use SAML for a SCIM client. They solve different problems and we’re not supporting SAML We do not have exposed endpoints for SAML. We are not providing IdP services. The requests are sent to SCIM from either a Slack request, or an open ticket in a customer’s ITSM product requesting access to a 3rd party, or part of an onboarding/offboarding flow.)
The only thing preventing us from using the non-SCIM endpoints is a desire to use the open standard which we already support instead of writing a plugin that only works with a single provider. (Exactly the situation that SCIM was authored to solve.)
So, since the RFCs for SCIM don’t require or even suggest a dependency upon SAML, I guess I’m asking how we setup SCIM with Zoom in an RFC-compliant way?
@ash You bring up a good point. I’m not sure we support SCIM2 without SAML but that would certainly be useful and I’m always an advocate for aligning with the RFC. I reached out to our engineering team to get more information on this
@ash Thanks for your patience! Our team got back to me and indicated that our implementation of SCIM2 only supports SSO/IDP flows. When you aren’t using SSO, they recommended using endpoints from our Open API such as the Create a User API.
If you would like this feature to be considered for a future release, I recommend posting in the #feature-requests category.
I hope that helps! Let me know if you have any questions.
