How to integrate Office 365 calendar with SSO in Zoom
To enable and authorize calendar and contacts integration for all users, admins can use Single Sign-On (SSO) configuration to collect the access token to Outlook and use it to enable and authorize both features for the users. If the end user authorizes this integration, Zoom will automatically populate their calendar and contact details in their Zoom desktop client after authorizing this integration. Zoom’s meeting list appears in the Zoom Contacts directory, and Zoom calendar events also appear in the Zoom meeting list.
Implementing single sign-on for the account and connecting the account’s identity provider to Azure Active Directory is required to configure this integration.
Learn more about integrating your calendar and contacts with the web portal by viewing account-level settings.
Prerequisites for Office 365 integration when signing in with SSO
- Permissions to own or manage an account
- Role as an administrator in Office 365
- An Office 365 environment that is either full or hybrid
Note: Implementing a fully on-premises solution is not supported.
- Configuring SSO with Zoom
- An integration between the IDP and Azure Active Directory through the use of federation
- See how Okta can help.
- Check out how to do this with ping by clicking here
- Contact and calendar integration must be configured for integration with Office 365
How to enable Ask users to integrate Office 365 with SSO credentials
- You must log in to the Zoom web portal.
- Click Account Management in the navigation menu, and then click Account Settings in the Account Management section.
- Click the Meetings tab on the left side of the screen.
- When a user logs in with their SSO credentials for the first time, the Ask user to integrate their Office 365 calendar option can be selected using the toggle switch under Calendar and Contacts.
- To have Zoom redirect your users to the Office 365 OAuth URL via SSO the first time they sign in, you must select Prompt users to do so on first sign-in. The users can only set up calendars and contact the integration manually if they don’t accept the OAuth request or if an error occurs.
- If you redirect your users to the Office 365 OAuth URL every time they sign in with SSO, and they haven’t yet set up calendar and contacts integration, Zoom will redirect them to the Office 365 OAuth URL every time they sign in with SSO.
- Click Enable or Disable when a confirmation dialog box appears.
Note: The option must be changed at the account level if it is greyed out. The option must be changed at the account level if it has been blocked.
- Click the lock icon and then click Lock to confirm that you want the setting to be mandatory for all users in the group. If you want to make this setting mandatory for all users in the group, click the lock icon.
How to grant permission to use the Zoom app in Microsoft Azure
For the Zoom app to integrate users’ calendars and contacts from Azure, the Office 365 administrator must grant Zoom permission to do so. There is an option to either grant permissions to all applications if you want to allow integration, or only Zoom if you want to allow integration.
This is how the Office 365 admin grants permission to all apps
- Make sure you’re signed in with an Azure account that has permission to grant admin consents.
- You can then see a list of enterprise applications under Azure Active Directory.
- You must select Allow user consent for apps in the User consent for applications section of the page.
Note: This change will take approximately 30 minutes to propagate.
How the Office 365 admin only grants permission to the Zoom apps
- If you have been assigned an admin role in the Azure portal, simply sign in with that role.
- In Azure Active Directory, select Enterprise Applications, and then select Azure Active Directory.
- You must select Zoom from the app list.
- In the Security section, select Permission, and then in the Permission section, click Grant admin consent.
What to do if the Office 365 admin hasn’t granted permissions to use the Zoom app in Azure
At login time, when trying to integrate their calendar and contacts, users receive an error message stating that they need admin approval to do so. A user may find that this is because their Office 365 admin account is configured to disable the option that allows apps to access corporate data in Azure on their behalf.
Office 365 admin to add the calendar service to Zoom
Follow these steps to resolve the issue that causes you to receive the “Admin Approval Required” notification during the sign-up process:
- Sign in to your account via the Zoom web portal.
- Click the Room Management link in the navigation menu, and then click the Calendar Integration link.
- In the Calendar integration section, click the Add calendar service link.
- Select Office 365 from the list of calendar services in the Select Calendar Service window.
- Depending on your needs, you can choose to authorize with EWS or OAuth 2.0.
- For more information on these options, see this Microsoft documentation if you want to learn more about them.
- For more information about account permission type, see Set up Zoom Rooms with Office 365.
- Check the box next to Admin authorization that says I’m an Office 365 admin and agree on behalf of the company under I’m an Office 365 admin.
- Please click the Authorize button to start the process.
To sign in to your account, you will be redirected to Microsoft’s sign-in page where you can enter your password.
Note: The calendar integration process must be completed before going into the profile and setting up the calendar integration.
Office 365 admin to grant permission in Microsoft Azure
The Office365 admin can grant permissions to use the Zoom app in Azure according to the instructions in the article Grant permissions to use the Zoom app in Azure.
Office 365 admin to approve the calendar integration for the user
Account admins can require their users to provide admin consent before allowing them to integrate their calendars with their accounts. The following permission must be provided by an administrator when authorizing a change to an entire account:
- To access the Zoom web portal, you must log in.
- In the navigation pane, click Account Management, and then in the Account Management section, click Account Settings.
- Click the Meeting tab at the top of the page.
- It is required to enable consent to the Office 365 calendar integration on behalf of the entire account under Calendars and Contacts in order to use the integration.
In this case, during the admin authorization process below, you will have the opportunity to indicate that you are the Office 365 admin and consent on behalf of the company.
During the authorization process, users must be able to consent to the calendar and contacts integration on their behalf through an Office365 admin. Once they have activated the integration, they have to wait for the admin to approve it:
- Sign in to the Zoom web portal by entering your email address and password.
- From the navigation menu at the top of the page, click Profile.
- Click “Configure Calendar and Contacts Service” in the “Other” section of the “Calendar and Contacts Integration” section of the page.
- You can select Office 365 by clicking Next button.
- You can then click Authorize because at the bottom of the page you’ll see the option I’m the Office 365 admin and I agree on behalf of the company.
- To grant the user permission, you need to enter the Office 365 admin credentials.
Use a hybrid Office 365 environment
There are some circumstances where an Office 365 hybrid environment should use the EWS URL to authorize OAuth because Microsoft Graph is required for an Office 365 hybrid server that is older than Exchange 2016 Cumulative Update 3 (CU3) released in September 2016 because you have an on-premises Exchange 2016 server older than CU3 (released September 2016). For more information, see Microsoft’s support site.
- To integrate Office 365 calendar and contacts, you need to set up the following:
- Make sure the Authorize with EWS URL option is selected.
- Click the Save button after entering your EWS URL.
When an admin tries to configure calendar and contacts integration for Office 365, he or she cannot change the permissions.
- To integrate your calendar and contacts with Office 365, you must:
- In the Authorize with EWS URL field, make sure you don’t select Authorize with EWS URL.
- After changing the permissions, click the Save button to save the changes.