Summary and recommendation
Zoom supports native SCIM 2.0 provisioning, but only on Business plans and above ($18.33/user/month minimum). While this covers most enterprise use cases, Zoom's SCIM implementation has specific requirements that can create friction: your email domain must be pre-associated with your Zoom account, users need existing Zoom accounts with SSO login types for proper provisioning, and recent OAuth2 migration requirements mean existing Bearer auth integrations need reconfiguration.
For smaller teams on Pro plans ($14.99/user/month), upgrading to Business just for SCIM means a 23% price increase purely for provisioning automation. For a 50-person team, that's $1,020/year in additional licensing costs. The domain association requirement can also delay initial deployments, especially for organizations with complex domain structures.
The strategic alternative
Zoom gates SCIM behind Business or Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Business |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Zoom accounts manually. Here's what that costs:
The Zoom pricing problem
Zoom gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | $14.99/user/mo | ||
| Business | $18.33/user/mo | ||
| Enterprise | Custom (250+ licenses) |
Plan Structure (Billed Monthly)
| Plan | Price | SCIM |
|---|---|---|
| Pro | $14.99/user/mo | ❌ |
| Business | $18.33/user/mo | ✓ |
| Enterprise | Custom (250+ licenses) | ✓ |
Note: Free plan includes basic Zoom functionality but has 40-minute meeting limits for groups and no SCIM access.
What this means in practice
Using current list prices (Pro → Business upgrade for SCIM):
| Team Size | Annual Upgrade Cost |
|---|---|
| 25 users | +$1,002/year |
| 50 users | +$2,004/year |
| 100 users | +$4,008/year |
| 200 users | +$8,016/year |
Calculation: ($18.33 - $14.99) × users × 12 months
Additional constraints
Summary of challenges
- Zoom supports SCIM but only at Business tier (Custom (250+ licenses))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Zoom doesn't sell SCIM separately. It's bundled with Business plan features starting at $18.33/user/month:
The reality: most organizations upgrading to Business for SCIM won't use 60-70% of these features. You're paying $3.34 extra per user monthly ($40+ annually) primarily for video conferencing capabilities when you just need identity automation. The OAuth2 requirement also adds technical complexity compared to simpler SCIM implementations—your IT team needs to manage authorization flows rather than just API tokens.
What IT admins are saying
Community sentiment on Zoom's SCIM implementation centers around authentication complexity and setup friction. Common complaints:
- OAuth2 migration breaking existing integrations that used Bearer tokens
- Email domain association requirements causing deployment delays
- Additional complexity for phone user provisioning with SCIM attributes
- SSO prerequisites that complicate initial setup workflows
The OAuth2 migration from Bearer auth caught us off guard - had to completely reconfigure our existing SCIM integration.
Domain association requirement is a pain point during initial rollout. Creates unnecessary friction when you're trying to get users provisioned quickly.
The recurring theme
While Zoom offers native SCIM at a reasonable price point ($18.33/user/month), the technical complexity and authentication requirements create operational headaches that slow down deployments and break existing workflows.
The decision
| Your Situation | Recommendation |
|---|---|
| On Pro plan, need SCIM | Use Stitchflow: avoid the $3.34/user/month Business upgrade |
| On Business/Enterprise, already have SCIM | Use native SCIM: you're paying for it, works well |
| Need OAuth2 migration from Bearer auth | Use Stitchflow: skip the technical debt and auth complexity |
| Domain association issues blocking setup | Use Stitchflow: bypass domain validation requirements |
| Mixed IdP environment or unsupported IdP | Use Stitchflow: works with any identity provider |
| Small team, minimal user changes | Manual may work: but monitor for SSO/provisioning gaps |
The bottom line
Zoom gates SCIM behind Business or Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Zoom workflow gap
Zoom gates SCIM behind Business or Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Business
Prerequisites
SSO must be configured first
Key limitations
- Bearer authentication no longer supported - must use OAuth2
- Email domain must be associated with Zoom for SCIM
- Users need existing Zoom account with SSO login type for SSO provisioning
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Full SCIM support with create, update, deactivate. Supports Group Linking and Schema Discovery.
Zoom gates SCIM behind Business or Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
OAuth2 Authorization Code Grant required. Bearer auth deprecated. SCIM endpoint: https://api.zoom.us/scim
Zoom gates SCIM behind Business or Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the workflow gap in
Zoom
Zoom gates SCIM behind Business or Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack, and it can add a 22% markup just to get there.
Start with the free gap diagnostic
