Zoom

Types of Assets Fetched

This adapter fetches the following types of assets:

• Devices

• Users

• SaaS data
  
  

  Related Enforcement Actions

  Zoom - Send Message

Axonius uses the following APIs:

• Zoomrooms

• List H323./SIP Devices

• List meetings

• List Zoom Room devices

• List Users

These steps are only needed for accounts with SaaS Management capabilities.

Create a New User Account

1. In Zoom, in the Admin menu, navigate to User Management > Users.

2. Click Add Users.
   

3. Enter the email address for the new account.

4. Click Add.
   

5. Access the new email inbox you created and open the verification email from Zoom.

6. Click Approve the Request.
   

7. Add a password for the new user. Ensure that the password contains at least 32 characters.

8. Configure user permissions:

   1. In the Admin menu, navigate to User Management > Roles.

   2. Click Add Role.

   3. Enter a name for the role and click Add.
      

   4. Select the View checkbox for the following permissions:

      • Users
      • User advanced settings
      • Role management
      • Groups
      • Account profile
      • Account setting
      • Single Sign-On
      • Integration

   5. From the left menu, select Billing and then select the View checkbox for the following permissions:

      • Subscription
      • Billing information

5. Click Save Changes.

6. Click the Role Members tab.
7. Click Add Members.

8. Enter the email address that you created.
9. Click Add.

Enable 2-Factor Authentication (2FA) With Google Authenticator

1. Log into the Zoom web portal as an admin (not the newly created user).
2. Enable 2FA (You can skip this step if 2FA is already enabled for the account/group.):
   1. Navigate to Advanced > Security.
   2. Click the Sign in with Two-Factor Authentication toggle to so it is set to ON.
   3. If a verification dialog appears, click Enable to verify the change.
   4. Select Enable 2FA for users that are in the specified groups, then click the pencil icon and select the group the newly created user belongs to.
   5. Click OK.
3. Set up 2FA for the user:
   1. Log into the Zoom web portal with the newly created user account.
   2. Install Google Authenticator on your phone or add a chrome extension.
   3. Select your device type and then click Next. A QR code is displayed.
   4. Click Can't scan QR Code?.
   5. Copy the Secret key.
   6. Back in Axonius, paste the copied secret key in the MFA Secret Key field.
   7. In Zoom, in the wizard, click Back.
   8. Open the Google authenticator (2FA app) on your mobile device.
   9. Tap the option to scan a QR code. Look for a camera or QR code icon.
   10. Scan the QR code on the Zoom web portal. The 2FA app will generate a 6-digit, one-time code.
   11. Click Next.

• The following permissions are required in order to fetch device and user data.

  • dashboard_zr:read:admin
  • h323:read:admin
  • dashboard_meetings:read:admin
  • room:read:admin
  • user:read:admin
  • report:read:admin
  • account:read:admin
  • device:read:admin
  • device:write:admin

  See the Create an OAuth app for more information.
  
  

• Axonius accounts with SaaS Management should ensure that the Zoom service account they create for this adapter is granted the following View permissions:

  • Users
  • User advanced settings
  • Role management
  • Groups
  • Account profile
  • Account setting
  • Single Sign-On
  • Integration
  • Subscription
  • Billing information

The parameters that you need to fill out will differ based on the capabilities in your Axonius platform. 'General' pertains to users with Cybersecurity Asset Management and/or SaaS Management capabilities.

General

• Zoom Domain (required, default: https://api.zoom.us) - The hostname or IP address of the Zoom API.
• Account ID (Required) - Zoom account ID.
• OAuth Client ID and OAuth Client Secret (Required) - Zoom uses Server-to-Server OAuth authentication method, enter the Account ID, OAuth Client ID, and OAUth Client Secret to be used to authenticate the request. For more details, see Create a Server-to-Server OAuth App
• Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
• HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

SaaS Management

• Zoom Account ID - Enter the Zoom Subdomain in the following format: "https//[account].zoom.us"
  Username and Password - The value you enter in the User Name and Password fields in Zoom for the new user you created to allow Axonius to fetch SaaS data.
• 2FA Secret - The secret generated in Zoom for setting up 2-factor authentication for the Zoom user created for fetching SaaS data.
  
  
  To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

• Days of meetings data (required, default: 7) - Specify the number of days of meeting data for this adapter will fetch.
• Fetch devices only with hostname and MAC address (required, default: true) - Select this option to fetch devices that have both hostname and MAC address details.
• Fetch devices (required, default: true) - Select this option to fetch device assets from Zoom.
• Fetch inactive users (default: false) - By default, the Zoom API returns only users with a status of 'active'. Enable this option to also fetch users with a status of 'inactive'.
• Skip service accounts (default: false) - Select this option to not fetch devices whose account type is a service account (such as ‘Google Service Account’)
• Fetch asset types - Specify which types of asset (h323 devices, meeting devices, zoom rooms, zoom room devices) to tetch from zoom.
• Exclude calendar room entries (default: false) - Select to not fetch information about rooms on the Zoom calendar.