1. Start a Project
  2. Collect Media
    • Ingest

  3. Organize Content
  4. Find Content
  5. Edit Projects
  6. Reviews
  7. Remote Collaboration
  8. Deliver Content
  9. Manage Digital Rights
  10. Using AI
Page Contents

Automatic Federation with customer’s Azure AD


  • You wish to use the B2B cross tenant federation automatically provided by Microsoft Azure AD
  • This article only applies if your Evolphin Zoom MAM is hosted in Evolphin managed cloud instance.
  • Your organization uses an Azure AD tenant to manage their user credentials (password, MFA) for your primary domain. For example.if your primary domain is: mycompany.com and your users’ User principal name (UPN) is in the format: user@mycompany.com
  • You would like Zoom MAM to automatically delegate authentication of user@mycompany.com to your Azure AD
  • If you have external users whose UPN is not in your primary domain you can simply ask Evolphin managed service to add them as external guest users in Evolphin’s own Azure AD. For example, if a guest user’s UPN is external@guest.com instead of external@mycompany.com. 

How does automatic federation work with your Azure AD?

Surprisingly this flow (Azure AD B2B federation) is not well understood by even experience Azure AD administrators. Here it goes:

  1. Evolphin Zoom MAM uses by default its own Azure AD to manage users who need access to the customer’s cloud instance.
  2. In other words when you purchase a subscription to Evolphin Zoom MAM cloud instance, it comes pre-configured with Evolphin’s Azure AD tenant.
  3. Many SMB customers do not have the skills to manage their own Azure AD or an external IdP. These customers are happy to delegate the user management into Evolphin’s integrated Azure AD. 
  4. Evolphin simply invites the customer’s users as external or guest user from its own Azure AD. The invited external users can then create an account in Evolphin’s Azure AD and setup their credentials & MFA to authenticate into their Zoom MAM in the cloud.
  5. However for many enterprise customers that already have an Azure AD instance for managing users in their primary domain, there is no need to delegate credentials management to Evolphin Zoom’s Azure AD.
  6. For such customers, the only thing that happens in Zoom MAM is user provisioning. Once the customer gets the users invited as external users from Evolphin Zoom’s Azure AD, when they try to sign-in Microsoft Azure AD notices that their primary domain are already hosted in customer’s own Azure AD tenant.
  7. At that point, customer’s Azure AD obtains the consent of the invited users to allow it to be used as the authentication service.
  8. The net result is the enterprise user performs their authentication with their own Azure AD and
  9. Evolphin Zoom’s Azure AD simply delegates the authentication to customer’s Azure AD
  10. Once the authentication succeeds at the customer’s Azure AD, a secure authentication token/assertion is exchange  via OpenID Connect protocol to validate to the Zoom MAM server that the authenticated user is provisioned as a valid user in the Zoom Cloud MAM
  11. Based on the roles setup in the Zoom MAM, the authentication user is then granted access to the specific resources they are entitled to.

In summary, the Evolphin Azure AD to customer Azure AD federation happens in the background using a built-in cross tenant B2B federation model that Azure AD has always supported. It requires no configuration on part of the customer Azure AD administrator. It could not be simpler! Security is never compromised as the Zoom user has to consent to letting their Azure AD be in charge of authenticating the user.

Check this article on how this looks from the end user’s perspective. 

What if my external user's UPN is not in my primary domain?

If the customer works with freelancers or external collaborators chances are their email address does not belong to your company’s primary domain.

Let’s review this by way of the following scenarios:

Guest user with Google email address

Suppose the guest user’s UPN is external@gmail.com instead of external@mycompany.com. Since Evolphin Zoom’s Azure AD  is configured with Google as an external identity provider, Zoom MAM will automatically delegate authentication to Google. Nothing needs to be configured.

Guest user with their own email domain

What if your guest user’s email address is on a completely different custom domain such as external@guest.com instead of external@mycompany.com or external@gmail.com?

You have two options ranging from simplest to more complex:

  1. Option 1: Evolphin can manage the freelancer as an external guest user in its own Azure AD. The initial guest invite will need to be send from Evolphin Zoom MAM as part of the guest user provisioning. Such a user can then create an account with their password in the Evolphin Zoom Azure AD. There is no configuration needed here.
  2. Option 2: You wish to manage even the guest users within your own Azure AD. In other words, you do not wish to let Evolphin Azure AD invite the guest user. In this case you will need to configure your Azure AD to connect with Evolphin Zoom MAM server directly. See this article for the steps involved.

Getting Started Guide For Creators

Learn how to install desktop browser, Adobe CC plugins & more »

Getting Started Guide For Media Managers

Learn how to manage content, metadata, users roles & much more »

Zoom for Business Owners

Learn how Zoom helps Business Owners track job approvals, generate reports »

External Collaboration

Collaborate with Clients, Review & Approvals

Internal Collaboration

Producer-Editor collaboration, repurpose finished content


Trends, Analytics in Real-time from your Content Repository

User Adoption & ROI

Zoom user adoption process, Return on investment

Zoom for Media Manager

Learn how Zoom helps Media Managers acquire, manage & administer their content »

Acquire Media

Migrate archives, Ingest New Media Every Day

Organize Content

Folders, Working Copies, Smart Links Change Thumbnail

Secure Content

Manage Users & Roles, Protect On-premises Storage

Manage Content

Transcoding, Digital Rights, Cleanup, Previews

Archive Content

Configure Cloud Archives, LTO, Auto Tiering Policies


KPI Trends, Periodic Reports, Export CSV


Zapier, REST API, Search & Execute Actions

Distribute Content

Download Media, Cloud to Cloud Transfers Links


Context Indexing, Configure, Logs, Monitor

Zoom for Creators

Learn how Zoom helps Content Creators, Editors & Artists speed up their workflows »

Start a Project

Create New Project, Clone Existing Project

Collect Media

Ingest & Link with Images, High-res Media, Graphics

Organize Content

Folders, Working Copies, Smart Links, Change Thumbnail

Find Content

Ingest & Link with Images, High-res Media, Graphics

Edit Projects

Check-out files, Lock, Sync Projects & links, Check-in Revisions

Review Content

Collaborate with Business Owners, Review & Approvals

Remote Collaboration

Work from home, Remote Ingest, Edit with Low-res Proxies

Deliver Content

Export Projects, Render, Final Conform to High-res media

Using AI

Search using AI, Automatically Create Video Sequences