Zoom

Prev Next

Zoom is a remote conferencing service that provides video conferencing, online meetings, chat, and mobile collaboration.

Attributes Axonius Cyber Assets Axonius SaaS Applications
Service Account Required? No Yes
Service Account Permissions None Admin
Required Adapter Fields Zoom Domain, Account ID, OAuth Client ID, OAuth Client Secret, Verify SSL, HTTPS Proxy Zoom Domain, Account ID, Zoom Account ID, OAuth Client ID, OAuth Client Secret, Verify SSL, HTTPS Proxy, User Name and Password, MFA Secret

About This Adapter

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users
  • Licenses
  • Application Settings (To fetch this info you need to configure the Username and Password fields. If 2FA is required for this application, the 2FA key must be provided.)
  • Activities
  • SaaS Applications
  • Accounts/Tenants


APIs

Axonius uses the following APIs:

Note:

Zoom has an API limit per day. See Rate limits by account type.

Set Up the Integration With a Zoom User Account

Note:

These steps are only needed for accounts with Axonius SaaS Applications.

Create a New User Account

  1. In Zoom, in the Admin menu, navigate to User Management > Users.

    1. Click Add Users.
      SaveUsers

    2. Enter the email address for the new account.

    3. Click Add.
      Add1

  2. Access the new email inbox you created and open the verification email from Zoom.

  3. Click Approve the Request.
    ApproveTheRequest

  4. Add a password for the new user. Ensure that the password contains at least 32 characters.

  5. Configure user permissions:

    1. In the Admin menu, navigate to User Management > Roles.
    2. Click Add Role.
    3. Enter a name for the role and click Add.
      AddRole2
  6. Under Role Settings, in User and Permission Management, select the View checkbox for the following permissions:

    • Users
    • User advanced settings
    • Role management
    • Groups
    • Account profile
    • Account setting
    • Single Sign-On
    • Integration
  7. From the left menu, select Billing and then select the View checkbox for the following permissions:

    • Subscription
    • Billing information
  8. Click Save Changes.

RoleSettings

  1. Click the Role Members tab.

    1. Click Add Members.
      AddRoleMembers
  2. Enter the email address that you created and click Add.
    AddMember


Enable 2-Factor Authentication (2FA) With Google Authenticator

  1. Log into the Zoom web portal as an admin (not the newly created user).
  2. Enable 2FA (You can skip this step if 2FA is already enabled for the account/group.):
    1. Navigate to Advanced > Security.
    2. Click the Sign in with Two-Factor Authentication toggle to so it is set to ON.
    3. If a verification dialog appears, click Enable to verify the change.
    4. Select Enable 2FA for users that are in the specified groups, then click the pencil icon and select the group the newly created user belongs to.
    5. Click OK.
  3. Set up 2FA for the user:
    1. Log into the Zoom web portal with the newly created user account.
    2. Install Google Authenticator on your phone or add a Chrome extension.
    3. Select your device type and then click Next. A QR code is displayed.
    4. Click Can't scan QR Code?.
    5. Copy the Secret key.
    6. Back in Axonius, paste the copied secret key in the MFA Secret Key field.
    7. In Zoom, in the wizard, click Back.
    8. Open the Google authenticator (2FA app) on your mobile device.
    9. Tap the option to scan a QR code. Look for a camera or QR code icon.
    10. Scan the QR code on the Zoom web portal. The 2FA app will generate a 6-digit, one-time code.
    11. Click Next.

Permissions

For new Zoom applications, use the Granular scopes. For existing Zoom applications, use Classic scope. For more information, see OAuth Scopes.

Endpoint Classic Scopes Granular Scopes
h323/devices h323:read:admin (No granular scope specified)
Metrics/zoom rooms dashboard_zr:read:admin, dashboard:read:admin dashboard:read:list_zoomrooms:admin
Rooms room:read:admin zoom_rooms:read:list_rooms:admin
rooms/{room_id}/devices room:read:admin zoom_rooms:read:list_devices:admin
metrics/meetings dashboard_meetings:read:admin, dashboard:read:admin dashboard:read:list_meetings:admin
users user:read, user:write, user:read:admin, user:write:admin user:read:list_users:admin
users/{user_id}/settings user:read, user:write, user:read:admin, user:write:admin user:read:settings, user:read:settings:admin
users/{user_id} user:read, user:write, user:read:admin, user:write:admin, user_profile, user_info:read user:read:user, user:read:user:admin
groups group:read:admin, group:write:admin group:read:list_groups:admin
im/groups imgroup:read:admin, imgroup:write:admin contact_group:read:list_groups:admin
meetings/{meeting_uuid}/recordings/analytics_details NA cloud_recording:read:recording_analytics_details, cloud_recording:read:recording_analytics_details:master, cloud_recording:read:recording_analytics_details:admin
users/{user_id}/recordings recording:read:admin, recording:read cloud_recording:read:list_user_recordings, cloud_recording:read:list_user_recordings:master, cloud_recording:read:list_user_recordings:admin
report/operationlogs report:read:admin report:read:operation_logs:admin
report/activities report:read:admin report:read:user_activities:admin
accounts/me/settings account:read:admin account:read:settings:admin, account:read:settings:master
chat/users/{user_id}/messages chat_message:write, chat_message:write:admin team_chat:write:user_message, team_chat:write:user_message:admin
users/{user_id} (DELETE) user:write:admin, user:write user:delete:user, user:delete:user:admin
users (POST) user:write, user:write:admin user:write:user:admin
Licenses billing:read:admin billing:read:plan_information:admin, billing:read:plan_usage:admin, billing:read:billing_information:admin
Zoom phone devices phone:read:admin phone:read:list_devices:admin, phone:read:device:admin

See the Create an OAuth app for more information.

Axonius SaaS Applications

Axonius accounts with Axonius SaaS Applications should ensure that the Zoom service account they create for this adapter is granted the following View permissions:

  • Users
  • User advanced settings
  • Role management
  • Groups
  • Account profile
  • Account setting
  • Single Sign-On
  • Integration
  • Subscription
  • Billing information

Parameters

The parameters that you need to fill out will differ based on the capabilities in your Axonius platform. 'General' pertains to users with Axonius Cyber Assets and/or Axonius SaaS Applications.

ZoomPlatformAdapter2

General

  • Zoom Domain (required, default: https://api.zoom.us) - The hostname or IP address of the Zoom API.
  • Account ID (Required) - Zoom account ID.
  • OAuth Client ID and OAuth Client Secret (Required) - Zoom uses Server-to-Server OAuth authentication method, enter the Account ID, OAuth Client ID, and OAUth Client Secret to be used to authenticate the request. For more details, see Create a Server-to-Server OAuth App
  • Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
  • HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

Axonius SaaS Applications

  • Zoom Account ID - Enter the Zoom Subdomain in the following format: "https//[account].zoom.us"
    Username and Password - The value you enter in the User Name and Password fields in Zoom for the new user you created to allow Axonius to fetch SaaS data.
  • 2FA Secret - The secret generated in Zoom for setting up 2-factor authentication for the Zoom user created for fetching SaaS data.
Note

If some License and Application Settings data is missing, verify the Zoom Account ID, Username, Password, and/or 2FA Secret Key.

These fields are required for Interactive Login and are needed to fetch this data. This issue is not related to API permissions.



To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

Note:

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

  • Days of meetings data (required, default: 7) - Specify the number of days of meeting data for this adapter will fetch.
  • Fetch devices only with hostname and MAC address (required, default: true) - Select this option to fetch devices that have both hostname and MAC address details.
  • Fetch devices (required, default: true) - Select this option to fetch device assets from Zoom.
  • Fetch inactive users (default: false) - By default, the Zoom API returns only users with a status of 'active'. Enable this option to also fetch users with a status of 'inactive'.
  • Skip service accounts (default: false) - Select this option to not fetch devices whose account type is a service account (such as ‘Google Service Account’)
  • Fetch asset types - Specify which asset types to fetch from Zoom.
  • Activity logs (default: false) - Select this option to fetch operation logs from Zoom and parse as Activities assets in Axonius.
    Note:

    This option is only available when Axonius SaaS Applications is enabled and the connected Zoom account has the Pro plan or higher.
    In addition, the account in the adapter must have the report:read:admin permission scope.

  • Enrich the user last logon from the last join to a meeting - Select this option to enrich the user last logon from the last join to a meeting by fetching the last join to a meeting and updating the user last logon accordingly. This setting works only if you have joined a meeting in the last 30 days.
  • Fetch recordings download activities - Select this option to fetch recordings of download activities.
  • Fetch application settings and licenses (only for accounts with Axonius SaaS Applications) - Select this option to enable the fetch of settings and licenses from Zoom.
    Note:

    This option is only available when Axonius SaaS Applications is enabled. In addition, you must enter the username and password for the Zoom account in the Adapter Connection to fetch application settings and licenses. If 2FA is required for this application, the 2FA key must be provided.)

  • Exclude calendar room entries (default: false) - Select to not fetch information about rooms on the Zoom calendar.
Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Axonius SaaS Applications Best Practices

In order to fetch SaaS data set the following:

  • Activity Logs
  • Fetch application settings and licenses


Related Enforcement Actions

Zoom - Send Message
Zoom - Delete User
Zoom - Create User
Zoom - Update User Group