**End of support notice**: On February 20, 2026, AWS will end support for the Amazon Chime service. After February 20, 2026, you will no longer be able to access the Amazon Chime console or Amazon Chime application resources. For more information, visit the [blog post](https://aws.amazon.com/blogs/messaging-and-targeting/update-on-support-for-amazon-chime/). **Note:** This does not impact the availability of the [Amazon Chime SDK service](https://aws.amazon.com/chime/chime-sdk/).
# Managing your Amazon Chime accounts
You can use Amazon Chime as an individual user or as a group with no administrators. But if you want to add administrator functionality or purchase Amazon Chime Pro, you must create an Amazon Chime account in the AWS Management Console. To learn how to create an Amazon Chime administrator account, or for more information about purchasing Amazon Chime Pro, see [Getting started](getting-started.md).
For more information about the different types of Amazon Chime administrator accounts, see [Choosing between an Amazon Chime Team account or Enterprise account](choose-team-enterprise-account.md). For more information about managing an existing administrator account, see the following topics.
**Topics**
+ [Choosing between an Amazon Chime Team account or Enterprise account](choose-team-enterprise-account.md)
+ [Claiming a domain](claim-domain.md)
+ [Converting a Team account to an Enterprise account](convert-team-to-enterprise.md)
+ [Renaming your account](rename-account.md)
+ [Deleting your account](enterprise-account.md)
+ [Managing meeting settings](mtg-settings.md)
+ [Managing chat retention policies](archive-retention.md)
+ [Restoring chat messages](restore-delete-chat-data.md)
+ [Deleting chat messages](delete-individual-messages.md)
+ [Connecting to your Active Directory](active_directory.md)
+ [Connecting to Okta SSO](okta_sso.md)
+ [Deploying the Amazon Chime Add-In for Outlook](deploy-addin.md)
+ [Setting up the Amazon Chime Meetings App for Slack](config-slack.md)
# Choosing between an Amazon Chime Team account or Enterprise account
When you create an Amazon Chime administrator account, you choose whether to create a Team account or an Enterprise account. For more information about creating an Amazon Chime administrator account, see [Getting started](getting-started.md).
**Team account**
With a Team account, you can invite users and grant them Amazon Chime Pro permissions without claiming an email domain. For more information about Pro and Basic permissions, see [Plans and pricing](https://aws.amazon.com/chime/pricing).
You can invite users from any email domain that hasn't been claimed by another organization. You only pay for users when they host meetings. Users in your Team account can use the Amazon Chime app to search for and contact other Amazon Chime users who are registered to the same account. We also recommend a Team account for paying for Pro users outside of your organization.
**Enterprise account**
With an Enterprise account, you have more control over the users from your organization's domains. You can choose to connect to your own identity provider or Okta SSO to authenticate and assign Pro or Basic permissions. Amazon Chime also supports Microsoft Active Directory.
To create an Enterprise account, you must claim at least one email domain. This ensures that all users who sign in to Amazon Chime using your claimed domains are included in your centrally managed Amazon Chime account. Enterprise accounts are required for managing your users through a supported directory integration. For more information, see [Claiming a domain](claim-domain.md) and [Connecting to your Active Directory](active_directory.md).
You can also manage user activation and suspension from your Enterprise account. For more information, see [Managing user permissions and access](manage-access.md).
# Claiming a domain
To create an Enterprise account and benefit from the greater control that it provides over your account and users, you must claim at least one email domain.
**To claim a domain**
1. Open the Amazon Chime console at [https://chime.aws.amazon.com/](https://chime.aws.amazon.com).
1. On the **Accounts** page, select the name of the Team account.
1. In the navigation pane, choose **Identity**, **Domains**.
1. On the **Domains** page, choose **Claim a new domain**.
1. For **Domain**, type the domain that your organization uses for email addresses. Choose **Verify this domain**.
![\[The Verify a new domain dialog box in the Amazon Chime console\]](http://docs.aws.amazon.com/chime/latest/ag/images/verify_new_domain_dialog2.png)
1. Follow the directions on the screen to add a TXT record to the DNS server for your domain. In general, the process involves signing in to your domain's account, finding the DNS records for your domain, and adding a TXT record with the name and value provided by Amazon Chime. For more information about updating the DNS records for your domain, see the documentation for your DNS provider or domain name registrar.
Amazon Chime checks for the existence of this record to verify that you own the domain. After the domain is verified, its status changes from **Pending verification** to **Verified**.
**Note**
Propagation of the DNS change and verification by Amazon Chime can take up to 24 hours.
1. If your organization uses additional domains or subdomains for email addresses, repeat this procedure for each domain.
For more information about troubleshooting domain claims, see [Why isn't my domain claim request getting verified?](https://answers.chime.aws/questions/618/why-isnt-my-domain-claim-request-getting-verified.html).
# Converting a Team account to an Enterprise account
To convert an existing Team account to an Enterprise account, claim one or more email domains in the Amazon Chime console. For more information about the differences between Team and Enterprise accounts, see [Choosing between an Amazon Chime Team account or Enterprise account](choose-team-enterprise-account.md). For more information about claiming a domain, see [Claiming a domain](claim-domain.md).
**To convert a Team account to an Enterprise account**
1. Open the Amazon Chime console at [https://chime.aws.amazon.com/](https://chime.aws.amazon.com).
1. For **Accounts**, choose the name of the account.
1. For **Identity**, choose **Getting Started**.
1. Follow the steps in the console to claim your domain.
1. (Optional) Follow the steps in the console to set up your identity provider and configure your directory group.
After your account is converted to an Enterprise account, you can decide whether to connect an Active Directory instance through Directory Service. Connecting to an Active Directory instance allows your users to sign in to Amazon Chime using their Active Directory credentials. For more information, see [Connecting to your Active Directory](active_directory.md).
If you don't connect to an Active Directory instance, your users can continue to sign in to Amazon Chime using Login with Amazon (LWA) or their Amazon.com account credentials.
# Renaming your account
The following steps explain how to rename the Amazon Chime team and enterprise accounts that you administer. The name you choose appears in the emails that invite users to join Amazon Chime.
**To rename your account**
1. Open the Amazon Chime console at [https://chime.aws.amazon.com/](https://chime.aws.amazon.com).
The **Accounts** page appears by default.
1. In the **Account name** column, select the account that you want to rename.
1. In the left-hand pane, under **Settings**, choose **Account**.
The **Account summary** page appears.
1. Open the**Account actions** list and choose **Rename account**.
The **Rename account** dialog box appears.
1. Enter the new account name and choose **Save**.
# Deleting your account
If you delete your AWS account in the AWS Management Console, your Amazon Chime accounts are automatically deleted. Alternatively, you can use the Amazon Chime console to delete an Amazon Chime Team or Enterprise account.
**Warning**
Users who aren't managed on a Team or Enterprise account can request to be deleted using the Amazon Chime Assistant "Delete me" command. For more information, see [Using the Amazon Chime Assistant](https://docs.aws.amazon.com/chime/latest/ug/chime-using-assistant.html) in the *Amazon Chime User Guide*.
**To delete a Team account**
1. Open the Amazon Chime console at [https://chime.aws.amazon.com/](https://chime.aws.amazon.com).
1. Select the account in the **Account name** column and select **Account** under **Settings**.
1. In the navigation pane, the **Users** page is displayed.
1. Select the users and choose **User actions**, **Remove user**.
1. In the navigation pane, choose **Accounts**, **Account actions**, and **Delete account**.
1. Confirm that you want to delete your account.
When you remove users from a Team account, they will continue to be able to sign in, have access to their messaging data and chat rooms, and be able to join meetings. If these users would like to delete all their data and their Amazon Chime account, they can choose to request to be deleted using the Amazon Chime Assistant "Delete me" command. For more information, see [Using the Amazon Chime Assistant](https://docs.aws.amazon.com/chime/latest/ug/chime-using-assistant.html) in the *Amazon Chime User Guide*.
After removing all your users, you can delete your Amazon Chime Team account and delete all non-user data. This includes termination of an AWS account, individual Amazon Chime accounts, or unmanaged Amazon Chime users. This excludes non-content data related to user accounts and Amazon Chime usage (Service Attributes covered under the Customer Agreement) that is generated by Amazon Chime.
**To delete an Enterprise account**
1. Remove the domains.
**Note**
When you remove a domain, the following occurs:
Users associated with the domain are immediately signed out of all devices and lose access to all contacts, chat conversations, and chat rooms.
Meetings scheduled by users from this domain no longer start.
Suspended users continue to be displayed as **Suspended** status on the **Users** and **User detail** pages and can't access their data. They can create a new Amazon Chime account with their email address.
Registered users are displayed as **Released** on the **Users** and **User detail** pages and can't access their data. They can create a new Amazon Chime account with their email address.
If you have an Active Directory account, and you remove a domain that is associated with a user’s primary email address, the user can't access Amazon Chime and their profile is deleted. If you remove a domain that is associated with a user’s secondary email address, they can't log in with that email address, but they retain access to their Amazon Chime contacts and data.
If you have an Enterprise OpenID Connect (OIDC) account, and you remove a domain that is associated with a user’s primary email address, the user can no longer access Amazon Chime and their profile is deleted.
1. Open the Amazon Chime console at [https://chime.aws.amazon.com/](https://chime.aws.amazon.com).
1. On the **Accounts** page, select the name of the Team account.
1. In the navigation pane, choose **Settings**, **Domains**.
1. On the **Domains** page, choose **Remove domain**.
1. In the navigation pane, choose **Accounts**, **Account actions**, and **Delete account**.
1. Confirm that you want to delete your account.
Amazon Chime deletes all user data when you delete your account. This includes termination of an AWS account, individual Amazon Chime accounts, or unmanaged Amazon Chime users. This excludes non-content data related to user accounts and Amazon Chime usage (Service Attributes covered under the Customer Agreement) that is generated by Amazon Chime.
To complete deletion of your account data, remember to delete any Business Calling call detail records and Amazon Chime usage reporting that has been published to Amazon S3. For more information, see [Managing global settings in Amazon Chime](manage-global.md).
# Managing meeting settings
Manage your meeting settings from the Amazon Chime console.
## Meeting policy settings
Manage account policies in the Amazon Chime console under **Settings**, **Meetings**. Choose from the following policy options.
**Enable shared control in screen sharing**
Choose whether users in your organization can grant shared control of their computers while in meetings. Attendees who request shared control of your users' computers receive an error message indicating that remote control isn't available.
**Enable outbound calling to join meetings**
Turns on the Amazon Chime call me feature. Provides the option for meeting attendees to join meetings by receiving a phone call from Amazon Chime.
## Meeting application settings
Manage meeting application access under **Settings**, **Meetings** in the Amazon Chime console. You can choose the following option:
**Allow users to sign in to Amazon Chime using the Amazon Chime Meetings App for Slack**
This option lets users in your organization sign in to Amazon Chime from the Amazon Chime Meetings App for Slack. For more information, see [Setting up the Amazon Chime Meetings App for Slack](config-slack.md).
## Meeting Region settings
To improve meeting quality and reduce latency, Amazon Chime processes meetings in the optimal AWS Region for all participants. You can choose whether to let Amazon Chime select the optimal Region for a meeting from all available Regions, or to use only the Regions that you select.
You can update this setting from your account **Meetings** settings at any time. From your **Meetings** settings, you can also view the percentage of your Amazon Chime meetings that are being processed in each Region.
**To update meeting Region settings**
1. Open the Amazon Chime console at [https://chime.aws.amazon.com/](https://chime.aws.amazon.com).
1. On the **Accounts** page, select the name of your account.
1. In the navigation pane, choose **Settings**, **Meetings**.
1. For **Regions**, choose one of the following options:
+ **Use all available Regions to ensure meeting quality** – Allows Amazon Chime to optimize meeting processing for you.
+ **Use only the Regions that I select** – Allows you to select Regions from the dropdown menu.
1. Choose **Save**.
# Managing chat retention policies
If you administer one or more Amazon Chime Enterprise accounts, you can set chat retention policies for the following:
+ Chat conversations that include only members of your Enterprise account.
+ Chat rooms created by members of your Enterprise account.
A retention policy automatically deletes messages based on the time period that you set. You can set time periods lasting from one day to 15 years.
**Note**
Amazon Chime Enterprise accounts have a retention period of 90 days. The policy applies to conversations involving users who belong to the account, and to users who don't belong to the account.
Retention policies do not apply to the following:
Chat conversations that do not include members of Amazon Chime Enterprise accounts
Chat rooms created by users who don't belong to an Amazon Chime Enterprise account
# How retention policies affect Amazon Chime users
The retention policies that Enterprise account administrators set affect Amazon Chime users differently, depending on whether the users are part of the same Enterprise account, a different Enterprise account, a Team account, or whether the users are not members of any account.
**Enterprise member chat conversations**
The following table shows how retention policies affect chat conversations for Enterprise account members.
| If the chat conversation includes... | The retention policy is... |
| --- | --- |
| Only other members of the user’s Enterprise account | Set by the user’s administrator |
| Anyone outside of the user’s Enterprise account | Automatically set to 90 days |
**Enterprise member chat rooms**
The following table shows how retention policies affect chat rooms for Enterprise account members.
| If the chat room is created by... | The retention policy is... |
| --- | --- |
| A member of the user’s Enterprise account | Set by the user’s administrator |
| Another Enterprise account member | Set by the other account’s administrator |
| A non-Enterprise account member | Not applicable |
**Team member chat conversations**
The following table shows how retention policies affect chat conversations for Team account members.
| If the chat conversation includes... | The retention policy is... |
| --- | --- |
| Only users who are not members of an Enterprise account | Not applicable |
| At least one member of an Enterprise account | Automatically set to 90 days |
**Team member chat rooms**
The following table shows how retention policies affect chat rooms for Team account members.
| If the chat room is created by ... | The retention policy is... |
| --- | --- |
| A Team account user | Not applicable |
| Anyone who is not an Enterprise account member | Not applicable |
| A member of an Enterprise account | Set by the Enterprise account’s administrator |
Amazon Chime users who are not members of an Enterprise or Team account are only subject to chat room retention policies in chat rooms that are created by a member of an Enterprise account.
**Chat conversations with recipients who do not belong to an Enterprise or Team account**
The following table shows how retention policies affect chat conversations for users who are not members of an Amazon Chime Enterprise or Team account.
| If the chat conversation includes... | The retention policy is... |
| --- | --- |
| Only users who are not members of an Enterprise account | Not applicable |
| At least one member of an Enterprise account | Automatically set to 90 days |
**Chat rooms created by users who do not belong to an Enterprise or Team account**
The following table shows how retention policies affect chat rooms for users who are not members of an Amazon Chime Enterprise or Team account.
| If the chat room is created by ... | The retention policy is... |
| --- | --- |
| A user who is not a member of an Enterprise or Team account | Not applicable |
| A Team account user | Not applicable |
| A member of an Enterprise account | Set by the Enterprise account’s administrator |
# Turning on chat retention
Amazon Chime Enterprise account administrators can use the Amazon Chime console to turn chat retention on for chat conversations and chat rooms in their account. You can also use the console to update chat retention periods or turn off chat retention at any time.
**To turn on chat retention**
1. Open the Amazon Chime console at [https://chime.aws.amazon.com/](https://chime.aws.amazon.com).
1. On the **Accounts** page, select the name of the account.
1. In the navigation pane, under **Settings**, choose **Retention**.
1. On the **Retention** page, under **Chat conversation retention**, move the slider to **On**.
1. Under **Retention period**, enter a number in the first box, then open the list next to the box and choose **Days**, **Weeks**, or **Years**.
1. Under **Chat room retention**, repeat steps 4-5. When finished, choose **Save**.
Within one day of setting a retention period, users in your account lose access to the messages sent outside of the retention period.
# Restoring chat messages
**Note**
You must be an Amazon Chime Enterprise account administrator to complete these steps.
You can restore chat messages within 30 days of setting a chat retention period. When you restore chat messages, you restore all the messages sent by all the users in your Amazon Chime account.
Within that 30-day period, you can do either of the following to restore messages:
+ Use the Amazon Chime Console to turn off data retention.
—OR—
+ Lengthen the retention period.
After the 30-day grace period, all chat messages that fall under the retention period are permanently deleted. New chat messages are permanently deleted as soon as they pass the retention period.
For information about setting or changing a retention period, see [Turning on chat retention](turn-on-chat-retention.md), earlier in this section.
Chat messages are also permanently deleted from Amazon Chime when you or an account member perform either of the following actions:
+ Delete an Amazon Chime chat room. For more information about deleting chat rooms, see [Deleting chat rooms](https://docs.aws.amazon.com/chime/latest/ug/delete-chat-room.html), in the *Amazon Chime User Guide*.
+ End an Amazon Chime meeting in which chat messages are present.
**Note**
As needed, you can manually copy and save chat messages from a meeting, but you must do so before the meeting ends. For more information, see [Using in-meeting chat](https://docs.aws.amazon.com/chime/latest/ug/meeting-chat.html), in the *Amazon Chime User Guide*.
# Deleting chat messages
To comply with data retention policies, Amazon Chime retains all chat messages, and it prevents end users from deleting the messages that they send. However, Amazon Chime system administrators can use a pair of APIs to delete individual messages from conversations and chat rooms. The messages must reside in the administrator's Amazon Chime account.
Users can request message deletion by sending you a message ID and a corresponding conversation or chat room ID. The topic [Using chat features](https://docs.aws.amazon.com/chime/latest/ug/chat-features.html), in the *Amazon Chime User Guide*, explains how.
When you get a deletion request, you can write code or use the AWS CLI to invoke the following APIs.
**To remove a message**
+ Do one of the following:
+ **For conversation messages** – Use the [RedactConversationMessage](https://docs.aws.amazon.com/chime/latest/APIReference/API_RedactConversationMessage.html) API.
In the CLI, run the following command:
`aws chime redact-conversation-message --conversation-id id_string --message-id id_string`
+ **For chat room messages** – Use the [RedactRoomMessage](https://docs.aws.amazon.com/chime/latest/APIReference/API_RedactRoomMessage.html) API.
In the CLI, run the following command:
`aws chime redact-room-message --room-id id_string --message-id id_string`
# Connecting to your Active Directory
When you connect your Amazon Chime administrative account to an Active Directory, you can benefit from the following capabilities:
+ Your Amazon Chime users can sign in with their Active Directory credentials.
+ As an Amazon Chime administrator, you choose which credential security features to add, including password rotation, password complexity rules, and multi-factor authentication.
+ When you remove user accounts from your Active Directory, their Amazon Chime accounts are also removed.
+ You can specify which Active Directory groups receive Amazon Chime Pro permissions.
+ Multiple groups can be configured to receive Basic or Pro permissions.
+ Users must be a member of either group to sign in to Amazon Chime.
+ Users in both groups receive a Pro license.
For more information about managing user permissions, see [Managing user permissions and access](manage-access.md).
## Prerequisites
Before you can connect to your Active Directory in Amazon Chime, you must complete the following prerequisites:
+ Make sure that you have the correct AWS Identity and Access Management permissions to configure domains, active directories, and directory groups. For more information, see [Identity and access management for Amazon Chime](security-iam.md).
+ Create a directory with AWS Directory Service that is configured in the US East (N. Virginia) Region. For more information, see the [AWS Directory Service Administration Guide](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/). Amazon Chime can connect using AD Connector, Microsoft AD, or Simple AD.
+ Claim a domain in order to create an Amazon Chime Enterprise account, or convert your existing Team account to an Enterprise account. If your users have work email addresses from more than one domain, make sure to claim all of those domains. For more information, see [Claiming a domain](claim-domain.md) and [Converting a Team account to an Enterprise account](convert-team-to-enterprise.md).
## Connecting to your Active Directory in Amazon Chime
After you connect your Active Directory to Amazon Chime, your users are prompted to sign in with their directory credentials when they use an email address from one of the domains you claimed in your Amazon Chime Enterprise account.
**To connect to your Active Directory in Amazon Chime**
1. Open the Amazon Chime console at [https://chime.aws.amazon.com/](https://chime.aws.amazon.com).
1. In the navigation pane, for **Identity**, choose **Active directory**.
1. For **Cloud directory ID**, select the Directory Service directory to use for Amazon Chime, and then choose **Connect**.
**Note**
You can find your directory ID using the [Directory Service console](https://console.aws.amazon.com/directoryservice/).
1. After your directory connects, choose **Add a new group**.
1. For **Group**, enter the group name. The name must exactly match an Active Directory group in the target directory. Active Directory Organization Units (OUs) are not supported.
1. For **Permissions**, choose **Basic** or **Pro**.
1. Choose **Add group**.
1. (Optional) Repeat this procedure to create additional directory groups.
## Configuring multiple email addresses
After you connect to your Active Directory in Amazon Chime, users can sign in to Amazon Chime using their Active Directory credentials. Your users can have multiple email addresses assigned to them in your Active Directory. To allow your users to sign in to Amazon Chime using their Active Directory credentials, you must claim each applicable email domain in your Amazon Chime administrative account. For more information, see [Claiming a domain](claim-domain.md).
**Note**
If your users attempt to sign in using an email address from an unclaimed domain, they are prompted to sign in using **Log in with Amazon**. They are not able to sign in to your administrative account when using an email address from an unclaimed domain.
When viewing user details in the Amazon Chime console, Amazon Chime uses the single email address in the `EmailAddress` attribute from your Active Directory as each user’s primary email address. This is the only email address that you can see for the user in the Amazon Chime console. However, users can sign in with any additional addresses listed in the `ProxyAddress` attribute, as long as you claim those domains in your Amazon Chime account.
### Incorrect configuration example
A user with the **username** shirley.rodriguez is a member of an Amazon Chime account that has claimed two domains: example.com and example.org. In Active Directory, this user has the following three email addresses:
+ Primary email address: shirley.rodriguez@example.com
+ Proxy email address 1: shirley.rodriguez@example2.com
+ Proxy email address 2: srodriguez@example.org
This user can sign into Amazon Chime using shirley.rodriguez@example.com or srodriguez@example.org and shirley.rodriguez. If they attempt to sign in using shirley.rodriguez@example2.com, they are asked to **Log in with Amazon**, and they are not part of your managed account. This is why it's important to claim all of your users' email domains.
Other Amazon Chime users can add this user as a contact, invite them to meetings, or add them as a delegate using either the shirley.rodriguez@example.com or srodriguez@example.org email address.
### Correct configuration example
A user with the **username** shirley.rodriguez is a member of an Amazon Chime account that has claimed three domains: example.com, example2.com, and example.org. In Active Directory, this user has the following three email addresses:
+ Primary email address: shirley.rodriguez@example.com
+ Proxy email address 1: shirley.rodriguez@example2.com
+ Proxy email address 2: srodriguez@example.org
This user can sign into Amazon Chime using any of their work email addresses. Other users can also add them as a contact, invite them to meetings, or add them as a delegate using any of their work email addresses.
# Connecting to Okta SSO
If you have an Enterprise account, you can connect to Okta SSO to authenticate and assign user permissions.
**Note**
If you need to create an Enterprise account, which allows you to manage all users within a given set of email address domains, see [Claiming a domain](claim-domain.md).
Connecting Amazon Chime to Okta requires configuring two applications in the Okta Administration Console. The first application is manually configured, and uses OpenID Connect to authenticate users to the Amazon Chime service. The second application is available as **Amazon Chime SCIM Provisioning** in the Okta Integration Network (OIN). It is configured to push updates to Amazon Chime about changes to users and groups.
**To connect to Okta SSO**
1. Create the Amazon Chime application (OpenID Connect) in the **Okta Administration Console**:
1. Sign in to the **Okta Administration Dashboard**, then choose **Add Application**. In the **Create New Application** dialog box, choose **Web**, **Next**.
1. Configure the **Application Settings**:
1. Name the application **Amazon Chime**.
1. For **Login Redirect URI**, enter the following value: **https://signin.id.ue1.app.chime.aws/auth/okta/callback**
1. In the **Allowed Grant Types** section, select all of the options to enable them.
1. On the **Login initiated by** drop-down menu, choose **Either (Okta or App)**, and select all the related options.
1. For the **Initiate Login URI**, enter the following value: **https://signin.id.ue1.app.chime.aws/auth/okta**
1. Choose **Save**.
1. Keep this page open, because you'll need the **Client ID**, **Client secret**, and **Issuer URI** information for Step 2.
1. In the Amazon Chime console, follow these steps:
1. On the **Okta single-sign on configuration** page, at the top of the page, choose **Set up incoming keys**.
1. In the **Setup incoming Okta keys** dialog box:
1. Paste the **Client ID** and **Client secret** information from the **Okta Application Settings** page.
1. Paste the appropriate **Issuer URI** from the **Okta API** page. The **Issuer URI** must be an Okta domain, such as `https://example.okta.com`.
1. Set up the **Amazon Chime SCIM Provisioning** application in the **Okta Administration Console** to exchange select identity and group membership information with Amazon Chime:
1. In the **Okta Administration Console**, choose **Applications**, **Add Application**, search for **Amazon Chime SCIM Provisioning**, and add the application.
**Important**
During the initial setup, choose both **Do not display application to users** and **Do not display application icon in the Okta Mobile App**, then choose **Done**.
1. On the **Provisioning** tab, choose **Configure API Integration**, and select **Enable API Integration**. Keep this page open, because you'll need to copy an API access key to it for the following step.
1. In the Amazon Chime console, choose **Create access key** to create an API access key. Copy it to the **Okta API Token** field in the **Configure API Integration** dialog box, choose **Test the Integration**, then choose **Save**.
1. Configure the actions and attributes that Okta will use to update Amazon Chime. On the **Provisioning** tab, under the **To App** section, choose **Edit**, choose from **Enable Users**, **Update User Attributes**, and **Deactivate Users**, and choose **Save**.
1. On the **Assignments** tab, grant users permissions to the new SCIM app.
**Important**
We recommend granting permissions through a group that contains all the users who should have access to Amazon Chime, regardless of license. The group must be the same as the group used to assign the user-facing OIDC application in step 1 previously. Otherwise, end users will not be able to sign in.
1. On the **Push Groups** tab, configure which groups and memberships are synced to Amazon Chime. These groups are used to differentiate between Basic and Pro users.
1. Configure directory groups in Amazon Chime:
1. In the Amazon Chime console, navigate to the **Okta single-sign on configuration** page.
1. Under **Directory groups**, choose **Add new groups**.
1. Enter the name of a directory group to add to Amazon Chime. The name must be an exact match of one of the **Push Groups** configured previously in step 3-f.
1. Choose whether users in this group should receive **Basic** or **Pro** capabilities, and choose **Save**. Repeat this process to configure additional groups.
**Note**
If you receive an error message stating that the group is not found, the two systems might not have completed the sync. Wait for a few minutes, and choose **Add new groups** again.
Choosing **Basic** or **Pro** capabilities for the users in your directory group affects the license, capabilities, and cost of those users in your Amazon Chime Enterprise account. For more information, see [Pricing](https://aws.amazon.com/chime/pricing/).
# Deploying the Amazon Chime Add-In for Outlook
Amazon Chime provides two add-ins for Microsoft Outlook: the Amazon Chime Add-In for Outlook on Windows and the Amazon Chime Add-In for Outlook. These add-ins offer the same scheduling features, but support different types of users. Microsoft Office 365 subscribers and organizations using on-premises Microsoft Exchange 2013 or later can use the Amazon Chime Add-In for Outlook. Windows users with an on-premises Exchange server running Exchange Server 2010 or earlier and Outlook 2010 users must use the Amazon Chime Add-in for Outlook on Windows.
Windows users who do not have permissions to install the Amazon Chime Add-in for Outlook should opt for the Amazon Chime Add-in for Outlook on Windows.
For information about which add-in is right for you and your organization, see [Choosing the Right Outlook Add-In](https://answers.chime.aws/articles/663/choosing-the-right-outlook-add-in.html).
If you choose the Amazon Chime Add-In for Outlook for your organization, you can deploy it to your users with centralized deployment. For more information, see the [Amazon Chime Add-In for Outlook Installation Guide for Administrators](https://answers.chime.aws/articles/671/amazon-chime-add-in-for-outlook-installation-guide.html).
# Setting up the Amazon Chime Meetings App for Slack
If you use [ Slack Enterprise Grid Organizations ](https://slack.com/help/articles/360000281563-Manage-apps-on-Enterprise-Grid), and you own or administer a Slack organization, you can set up the Amazon Chime Meetings App for Slack for your organizations. If you're a Slack workspace administrator, you can set up the Amazon Chime Meetings App for Slack for your workspaces.
The steps in the following sections explain how to perform both types of setups, and how to complete additional tasks such as migrating a workspace to an organization.
**Topics**
+ [Installing the Amazon Chime Meetings App for Slack on an organization](#install-org)
+ [Installing the Amazon Chime Meetings App for Slack on workspaces](#install-workspace)
+ [Migrating workspaces to organizations](#migrate-workspace)
+ [Associating workspaces with Amazon Chime Team accounts](#associate-with-team-acct)
## Installing the Amazon Chime Meetings App for Slack on an organization
Installing the Amazon Chime Meetings App for Slack on a Slack organization enables users to start instant meetings and calls with other users in the various workspaces in that organization. It also enables workspace administrators to install the Amazon Chime Meetings App for Slack meetings application automatically on any new workspaces. The following steps explain how.
**Note**
The following steps assume that you are an organization owner or administrator, and that you can log in to the Slack management console.
**To set up the Amazon Chime Meetings App for Slack on an organization**
1. In the left-hand pane of the Slack management console, choose **Apps**.
The **Apps** page appears and lists the organization's installed apps, if any.
1. Choose **Manage Apps**, located in the upper-right corner of the page, then choose **Install an app**.
The **Find an app to install** dialog box appears.
1. Search on **Amazon Chime Meetings**, then select it in the search results.
The **Add Amazon Chime Meetings to workspaces** dialog box appears and lists the workspaces in the organization.
1. Choose the workspace or workspaces on which you want to install Amazon Chime Meetings App for Slack.
1. Optionally, choose **Default for future workspace** if you want to automatically install the Amazon Chime Meetings App for Slack in all new workspaces, then choose **Next**.
The **Review this app’s requested permissions** dialog box appears and displays the permissions and actions for the Amazon Chime Meetings App for Slack.
1. Choose **Next**.
1. If you chose to install the Amazon Chime Meetings App for Slack on new workspaces by default, choose **I’m ready to set this app as a default for future workspaces**, and then choose **Save**. Otherwise, just choose **Save**.
**Note**
You can also use OAuth to install apps in your organizations. For more information, see [ Installing with OAuth ](https://api.slack.com/authentication/oauth-v2) in the Slack help.
## Installing the Amazon Chime Meetings App for Slack on workspaces
Installing the Amazon Chime Meetings App for Slack on a workspace enables users to start instant meetings and calls with other users in that workspace. Users don't need an Amazon Chime user profile to use the Amazon Chime Meetings App for Slack. They can log in with their Slack user profiles and start calls or meetings at any time. If users need to conduct meetings with more than one other person, you must setup an Amazon Chime Team account and grant those additional users Pro permissions. For more information about starting Amazon Chime calls and meetings, see [Using the Amazon Chime Meetings App for Slack](https://docs.aws.amazon.com/chime/latest/ug/using-slack.html) in the *Amazon Chime User Guide*. For more information about setting up an Amazon Chime Team account, see [Associating workspaces with Amazon Chime Team accounts](#associate-with-team-acct) in this guide.
**To install the Amazon Chime Meetings App for Slack for Slack workspaces**
1. Navigate to the Slack App Directory and locate the Amazon Chime Meetings App.
1. Choose [https://signin.id.ue1.app.chime.aws/auth/slack?purpose=app_authz](https://signin.id.ue1.app.chime.aws/auth/slack?purpose=app_authz) to install the Amazon Chime Meetings App for Slack from the Slack App Directory.
1. Configure your Slack workspace **Calls** setting to **Enable calling in Slack, using Amazon Chime**.
## Migrating workspaces to organizations
If you own a Slack organization, you can migrate workspaces into that organization. For more information about migrating workspaces, see [ Migrate workspaces to Enterprise Grid](https://slack.com/help/articles/115002532808-Migrate-workspaces-to-Enterprise-Grid) in the Slack help.
## Associating workspaces with Amazon Chime Team accounts
Associate your workspace with an Amazon Chime Team account to manage your users' permissions. You can upgrade meeting hosts to Amazon Chime Pro so that they can start meetings with up to 250 attendees and 25 video tiles, and include phone numbers to dial in for audio. Assign users Amazon Chime Basic permissions so they can start one-on-one meetings or join Amazon Chime meetings. For more information, see [Amazon Chime Pricing](https://aws.amazon.com/chime/pricing/).
**Note**
If you associate an Amazon Chime Team account with your Slack workspace, users can sign in to Amazon Chime from the Amazon Chime Meetings App for Slack. You can change this setting at any time. For more information, see [Managing meeting settings](mtg-settings.md).
Before you can associate your Slack workspace with an Amazon Chime Team account, you must create an AWS account. For more information about how to create an AWS account, see [Prerequisites for Amazon Chime system administrators](prereqs.md).
**To associate your Slack workspace with an Amazon Chime Team account when installing the Amazon Chime Meetings App for Slack**
1. Immediately after installing the Amazon Chime Meetings App for Slack in your Slack workspace, choose **Upgrade now**.
1. Follow the prompts to sign in to the Amazon Chime console using your AWS account credentials.
1. Follow the prompts to create a new Team account in Amazon Chime or choose an existing one.
+ **Create a new account** – Create a new Amazon Chime account to which to invite your Slack users. Enter an account name, choose whether to invite your Slack users, then choose **Create**.
+ **Choose an existing account** – Select an existing Amazon Chime account to invite your Slack users to. Select the account, then choose **Invite**.
When you invite your Slack users to join Amazon Chime, they receive an email invitation. When they accept the invitation, they are automatically upgraded to Amazon Chime Pro.
If you did not associate your Slack workspace with an Amazon Chime Team account when you installed the Amazon Chime Meetings App for Slack, you can do so after the fact by using the following steps.
**To associate your Slack workspace with an Amazon Chime Team account after installing the Amazon Chime Meetings App for Slack**
1. Sign in to your AWS account.
1. Sign in to your Slack workspace as an administrator.
1. Go to [ https://signin.id.ue1.app.chime.aws/auth/slack?purpose=app\$1authz](https://signin.id.ue1.app.chime.aws/auth/slack?purpose=app_authz).
1. Follow the prompts to create a new Team account in Amazon Chime or choose an existing account.
+ **Create a new account** – Create a new Amazon Chime account to which to invite your Slack users. Enter an account name, choose whether to invite your Slack users, then choose **Create**.
+ **Choose an existing account** – Select an existing Amazon Chime account to invite your Slack users to. Select the account, then choose **Invite**.