Integrating Office 365 calendar with SSO
Admins can use their Single Sign-On (SSO) configuration to enable and authorize the calendar and contacts integration for all users by collecting access tokens for Outlook. End users are prompted to authorize this integration and have the calendar and contact details automatically populated into their Zoom desktop client. The calendar events are shown in the Zoom meeting list and the contact list is shown in the Zoom contact directory.
To configure this integration, the account must have Single Sign-On configured and their identity provider must be federated with Azure Active Directory.
Note: See the account-level settings in the web portal to learn more about calendar and contacts integration.
This article covers:
Prerequisites for integrating Office 365 when signing in with SSO
- Account owner or admin privileges
- Office 365 administrative role
- Complete or Hybrid Office 365 Environment
Note: Implementations that are entirely on-premise are not supported. - SSO Configured with Zoom
- IDP connected and federated to Azure Active Directory
- Contacts and calendar integration configured for Office 365
How to enable Ask users to integrate Office 365 with SSO credentials
Account
- Sign in to the Zoom web portal.
- In the navigation menu, click Account Management then Account Settings.
- Click the Mail & Calendar tab.
- Under Integrations, click the Ask users to integrate Office 365 calendar when signing in with SSO credentials toggle to enable or disable it.
- Select Ask users the first time they sign in if you want Zoom to redirect your users to the Office 365 OAuth URL they sign in using SSO the first time. If the users don't accept the OAuth request or an error occurs, users can only set up calendar and contacts integration manually.
- Select Ask users every time they sign in until they integrate the calendars if you want Zoom to redirect your users to the Office 365 OAuth URL every time users sign in using SSO and don't have calendar and contacts integration set up.
- If a verification dialog displays, click Enable or Disable to verify the change.
Note: If the option is grayed out, it has been locked at the account level and needs to be changed at that level. - (Optional) If you want to make this setting mandatory for all users in the group, click the lock icon , and then click Lock to confirm the setting.
How to grant permission to use the Zoom app in Microsoft Azure
An Office 365 admin needs to grant permission for the Zoom app to integrate users' calendars and contacts from Azure. You can allow the integration by granting permission to all applications or by granting to the Zoom app only.
How Office 365 admin grant permission to all apps
- Sign in to the Azure portal with a role that allows granting admin consent.
- Select Azure Active Directory then Enterprise applications.
- Under the User consent for applications section, select Allow user consent for apps.
Note: This will take about 30 minutes to propagate.
How Office 365 admin grant permission to the Zoom apps only
- Sign in to the Azure portal with a role that allows granting admin consent.
- Select Azure Active Directory then Enterprise applications.
- Select the Zoom app.
- Under Security, select Permission then click Grant admin consent.
What to do if Office 365 admin did not grant permissions to use the Zoom app in Azure
One known issue with the calendar and contacts integration is users receiving an error Need admin approval at the time of sign in. This occurs because the user's Office 365 admin account has disabled the option Users can consent to apps accessing company data on their behalf in Azure.
Office 365 admin to add the calendar service to Zoom
To correct the issue of receiving the Need admin approval notice during signing in:
- Sign in to the Zoom web portal.
- In the navigation menu, click Room Management then Calendar Integration.
- Under Calendar Integration, click Add a Calendar Service.
- In the Select a Calendar Service window, select Office 365.
- Choose to Authorize with EWS or Authorize with OAuth 2.0.
- Configure the type of Office 365 service.
- Under Admin Authorization, select the I'm the Office 365 admin and I'm consenting on behalf of the company check box.
- Click Authorize.
You will be taken to the Microsoft sign-in page to sign into your account.
Notes:
- This authorization should be performed by a Office 365 global admin, as lesser admins may not have the necessary permissions.
- This process must be done before going to the profile and setting the calendar integration.
Office 365 admin to grant permission in Microsoft Azure
Office365 admins can grant permission in Azure as stated in How to grant permission to use the Zoom app in Microsoft Azure.
Office 365 admin to approve the calendar integration for the user
Account admins can require admin consent to be provided before their users can authorize the calendar integration. To allow an admin to provide this consent for the entire account when authorizing:
- Sign in to the Zoom web portal.
- In the navigation panel, click Account Management then Account Settings.
- Click the Mail & Calendar tab.
- Under Integrations, click the Consent to Office 365 calendar integration permissions on behalf of entire account toggle to enable.
This will provide the I'm the Office 365 admin and I'm consenting on behalf of the company option during the admin authorization process below.
Users can enable the Calendar and Contact Integration, and an Office365 admin will need to consent to the integration on their behalf during the authorization process:
- Sign in to the Zoom web portal.
- In the navigation menu, click Profile.
- Under Others, in the Calendar and Contact Integration section, click Configure Calendar and Contacts Service.
- Select Office 365 then click Next.
- At the bottom of the page, check the option I'm the Office 365 admin and I'm consenting on behalf of the company, then click Authorize.
- Enter the Office 365 admin credentials to give the user permission.
Use an Office 365 hybrid environment
If you are using an Office 365 hybrid environment and your Exchange on-prem server is earlier than Exchange 2016 Cumulative Update 3 (CU3), released in September 2016, Office 365 OAuth should authorize using the EWS URL because Microsoft Graph is required. Learn more on the Microsoft support site.
- Set up calendar and contacts integration for Office 365,
- Make sure to select Authorize with EWS URL.
- Enter your EWS URL, then click Save.
Permission control
Admins can't change permission when configuring calendar and contacts integration for Office 365.
- Set up calendar and contacts integration for Office 365,
- Make sure Authorize with EWS URL is not selected.
- Change the permissions and click Save.