Zoom
  • 16 Sep 2024
  • 6 Minutes to read
  • Dark
    Light
  • PDF

Zoom

  • Dark
    Light
  • PDF

Article summary

Zoom is a remote conferencing service that provides video conferencing, online meetings, chat, and mobile collaboration.

AttributesCybersecurity Asset ManagementSaaS Management
Service Account Required?NoYes
Service Account PermissionsNoneAdmin
Required Adapter FieldsZoom Domain, Account ID, OAuth Client ID, OAuth Client Secret, Verify SSL, HTTPS ProxyZoom Domain, Account ID, Zoom Account ID, OAuth Client ID, OAuth Client Secret, Verify SSL, HTTPS Proxy, User Name and Password, MFA Secret

About This Adapter

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users
  • Licenses
  • Application Settings - (To fetch this info you need to configure the User name and Password fields. If 2FA is required for this application, the 2FA key must be provided.)
  • Activities
  • SaaS Applications
  • Accounts/Tenants


Related Enforcement Actions

Zoom - Send Message
Zoom - Delete User
Zoom - Create User
Zoom - Update User Group

APIs

Axonius uses the following APIs:

Note:

Zoom has an API limit per day. See Rate limits by account type.

Set Up the Integration With a Zoom User Account


These steps are only needed for accounts with SaaS Management capabilities.

Create a New User Account

  1. In Zoom, in the Admin menu, navigate to User Management > Users.

  2. Click Add Users.
    SaveUsers

  3. Enter the email address for the new account.

  4. Click Add.
    Add1

  5. Access the new email inbox you created and open the verification email from Zoom.

  6. Click Approve the Request.
    ApproveTheRequest

  7. Add a password for the new user. Ensure that the password contains at least 32 characters.

  8. Configure user permissions:

    1. In the Admin menu, navigate to User Management > Roles.

    2. Click Add Role.

    3. Enter a name for the role and click Add.
      AddRole2

    4. Select the View checkbox for the following permissions:

      • Users
      • User advanced settings
      • Role management
      • Groups
      • Account profile
      • Account setting
      • Single Sign-On
      • Integration
    5. From the left menu, select Billing and then select the View checkbox for the following permissions:

      • Subscription
      • Billing information



5. Click Save Changes.
RoleSettings

6. Click the Role Members tab.
7. Click Add Members.
AddRoleMembers

8. Enter the email address that you created.
9. Click Add.
AddMember


Enable 2-Factor Authentication (2FA) With Google Authenticator

  1. Log into the Zoom web portal as an admin (not the newly created user).
  2. Enable 2FA (You can skip this step if 2FA is already enabled for the account/group.):
    1. Navigate to Advanced > Security.
    2. Click the Sign in with Two-Factor Authentication toggle to so it is set to ON.
    3. If a verification dialog appears, click Enable to verify the change.
    4. Select Enable 2FA for users that are in the specified groups, then click the pencil icon and select the group the newly created user belongs to.
    5. Click OK.
  3. Set up 2FA for the user:
    1. Log into the Zoom web portal with the newly created user account.
    2. Install Google Authenticator on your phone or add a chrome extension.
    3. Select your device type and then click Next. A QR code is displayed.
    4. Click Can't scan QR Code?.
    5. Copy the Secret key.
    6. Back in Axonius, paste the copied secret key in the MFA Secret Key field.
    7. In Zoom, in the wizard, click Back.
    8. Open the Google authenticator (2FA app) on your mobile device.
    9. Tap the option to scan a QR code. Look for a camera or QR code icon.
    10. Scan the QR code on the Zoom web portal. The 2FA app will generate a 6-digit, one-time code.
    11. Click Next.

Permissions

  • The following permissions are required in order to fetch device and user data.

    • dashboard_zr:read:admin
    • h323:read:admin
    • dashboard_meetings:read:admin
    • room:read:admin
    • user:read:admin
    • report:read:admin
    • account:read:admin
    • device:read:admin
    • device:write:admin

    See the Create an OAuth app for more information.

  • Axonius accounts with SaaS Management should ensure that the Zoom service account they create for this adapter is granted the following View permissions:

    • Users
    • User advanced settings
    • Role management
    • Groups
    • Account profile
    • Account setting
    • Single Sign-On
    • Integration
    • Subscription
    • Billing information

Parameters

The parameters that you need to fill out will differ based on the capabilities in your Axonius platform. 'General' pertains to users with Cybersecurity Asset Management and/or SaaS Management capabilities.

ZoomPlatformAdapter2

General

  • Zoom Domain (required, default: https://api.zoom.us) - The hostname or IP address of the Zoom API.
  • Account ID (Required) - Zoom account ID.
  • OAuth Client ID and OAuth Client Secret (Required) - Zoom uses Server-to-Server OAuth authentication method, enter the Account ID, OAuth Client ID, and OAUth Client Secret to be used to authenticate the request. For more details, see Create a Server-to-Server OAuth App
  • Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
  • HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

SaaS Management

  • Zoom Account ID - Enter the Zoom Subdomain in the following format: "https//[account].zoom.us"
    Username and Password - The value you enter in the User Name and Password fields in Zoom for the new user you created to allow Axonius to fetch SaaS data.
  • 2FA Secret - The secret generated in Zoom for setting up 2-factor authentication for the Zoom user created for fetching SaaS data.


    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  • Days of meetings data (required, default: 7) - Specify the number of days of meeting data for this adapter will fetch.
  • Fetch devices only with hostname and MAC address (required, default: true) - Select this option to fetch devices that have both hostname and MAC address details.
  • Fetch devices (required, default: true) - Select this option to fetch device assets from Zoom.
  • Fetch inactive users (default: false) - By default, the Zoom API returns only users with a status of 'active'. Enable this option to also fetch users with a status of 'inactive'.
  • Skip service accounts (default: false) - Select this option to not fetch devices whose account type is a service account (such as ‘Google Service Account’)
  • Fetch asset types - Specify which types of asset (h323 devices, meeting devices, zoom rooms, zoom room devices) to tetch from zoom.
  • Activity logs (default: false) - Select this option to fetch operation logs from Zoom and parse as Activities assets in Axonius.
    Note:

    This option is only available when SaaS Management is enabled. In addition, the account in the adapter must have the permission scope: report:read:admin.

  • Fetch application settings and licenses (only for accounts with SaaS Management capabilities) - Select this option to enable the fetch of settings and licenses from Zoom.
    Note:

    This option is only available when SaaS Management is enabled. In addition, you must enter the username and password for the Zoom account in the Adapter Connection to fetch application settings and licenses. If 2FA is required for this application, the 2FA key must be provided.)

  • Exclude calendar room entries (default: false) - Select to not fetch information about rooms on the Zoom calendar.
Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

SaaS Management Best Practices

In order to fetch SaaS Management data set the following:

  • Activity Logs
  • Fetch application settings and licenses



Was this article helpful?