Zoom is a remote conferencing service that provides video conferencing, online meetings, chat, and mobile collaboration.
Attributes | Axonius Cyber Assets | Axonius SaaS Applications |
---|---|---|
Service Account Required? | No | Yes |
Service Account Permissions | None | Admin |
Required Adapter Fields | Zoom Domain, Account ID, OAuth Client ID, OAuth Client Secret, Verify SSL, HTTPS Proxy | Zoom Domain, Account ID, Zoom Account ID, OAuth Client ID, OAuth Client Secret, Verify SSL, HTTPS Proxy, User Name and Password, MFA Secret |
About This Adapter
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
- Licenses
- Application Settings (To fetch this info you need to configure the Username and Password fields. If 2FA is required for this application, the 2FA key must be provided.)
- Activities
- SaaS Applications
- Accounts/Tenants
APIs
Axonius uses the following APIs:
Zoom has an API limit per day. See Rate limits by account type.
Set Up the Integration With a Zoom User Account
These steps are only needed for accounts with Axonius SaaS Applications.
Create a New User Account
-
In Zoom, in the Admin menu, navigate to User Management > Users.
-
Click Add Users.
-
Enter the email address for the new account.
-
Click Add.
-
-
Access the new email inbox you created and open the verification email from Zoom.
-
Click Approve the Request.
-
Add a password for the new user. Ensure that the password contains at least 32 characters.
-
Configure user permissions:
- In the Admin menu, navigate to User Management > Roles.
- Click Add Role.
- Enter a name for the role and click Add.
-
Under Role Settings, in User and Permission Management, select the View checkbox for the following permissions:
- Users
- User advanced settings
- Role management
- Groups
- Account profile
- Account setting
- Single Sign-On
- Integration
-
From the left menu, select Billing and then select the View checkbox for the following permissions:
- Subscription
- Billing information
-
Click Save Changes.
-
Click the Role Members tab.
- Click Add Members.
- Click Add Members.
-
Enter the email address that you created and click Add.
Enable 2-Factor Authentication (2FA) With Google Authenticator
- Log into the Zoom web portal as an admin (not the newly created user).
- Enable 2FA (You can skip this step if 2FA is already enabled for the account/group.):
- Navigate to Advanced > Security.
- Click the Sign in with Two-Factor Authentication toggle to so it is set to ON.
- If a verification dialog appears, click Enable to verify the change.
- Select Enable 2FA for users that are in the specified groups, then click the pencil icon and select the group the newly created user belongs to.
- Click OK.
- Set up 2FA for the user:
- Log into the Zoom web portal with the newly created user account.
- Install Google Authenticator on your phone or add a Chrome extension.
- Select your device type and then click Next. A QR code is displayed.
- Click Can't scan QR Code?.
- Copy the Secret key.
- Back in Axonius, paste the copied secret key in the MFA Secret Key field.
- In Zoom, in the wizard, click Back.
- Open the Google authenticator (2FA app) on your mobile device.
- Tap the option to scan a QR code. Look for a camera or QR code icon.
- Scan the QR code on the Zoom web portal. The 2FA app will generate a 6-digit, one-time code.
- Click Next.
Permissions
For new Zoom applications, use the Granular scopes. For existing Zoom applications, use Classic scope. For more information, see OAuth Scopes.
Endpoint | Classic Scopes | Granular Scopes |
---|---|---|
h323/devices | h323:read:admin | (No granular scope specified) |
Metrics/zoom rooms | dashboard_zr:read:admin, dashboard:read:admin | dashboard:read:list_zoomrooms:admin |
Rooms | room:read:admin | zoom_rooms:read:list_rooms:admin |
rooms/{room_id}/devices | room:read:admin | zoom_rooms:read:list_devices:admin |
metrics/meetings | dashboard_meetings:read:admin, dashboard:read:admin | dashboard:read:list_meetings:admin |
users | user:read, user:write, user:read:admin, user:write:admin | user:read:list_users:admin |
users/{user_id}/settings | user:read, user:write, user:read:admin, user:write:admin | user:read:settings, user:read:settings:admin |
users/{user_id} | user:read, user:write, user:read:admin, user:write:admin, user_profile, user_info:read | user:read:user, user:read:user:admin |
groups | group:read:admin, group:write:admin | group:read:list_groups:admin |
im/groups | imgroup:read:admin, imgroup:write:admin | contact_group:read:list_groups:admin |
meetings/{meeting_uuid}/recordings/analytics_details | NA | cloud_recording:read:recording_analytics_details, cloud_recording:read:recording_analytics_details:master, cloud_recording:read:recording_analytics_details:admin |
users/{user_id}/recordings | recording:read:admin, recording:read | cloud_recording:read:list_user_recordings, cloud_recording:read:list_user_recordings:master, cloud_recording:read:list_user_recordings:admin |
report/operationlogs | report:read:admin | report:read:operation_logs:admin |
report/activities | report:read:admin | report:read:user_activities:admin |
accounts/me/settings | account:read:admin | account:read:settings:admin, account:read:settings:master |
chat/users/{user_id}/messages | chat_message:write, chat_message:write:admin | team_chat:write:user_message, team_chat:write:user_message:admin |
users/{user_id} (DELETE) | user:write:admin, user:write | user:delete:user, user:delete:user:admin |
users (POST) | user:write, user:write:admin | user:write:user:admin |
Licenses | billing:read:admin | billing:read:plan_information:admin, billing:read:plan_usage:admin, billing:read:billing_information:admin |
Zoom phone devices | phone:read:admin | phone:read:list_devices:admin, phone:read:device:admin |
See the Create an OAuth app for more information.
Axonius SaaS Applications
Axonius accounts with Axonius SaaS Applications should ensure that the Zoom service account they create for this adapter is granted the following View permissions:
- Users
- User advanced settings
- Role management
- Groups
- Account profile
- Account setting
- Single Sign-On
- Integration
- Subscription
- Billing information
Parameters
The parameters that you need to fill out will differ based on the capabilities in your Axonius platform. 'General' pertains to users with Axonius Cyber Assets and/or Axonius SaaS Applications.
General
- Zoom Domain (required, default: https://api.zoom.us) - The hostname or IP address of the Zoom API.
- Account ID (Required) - Zoom account ID.
- OAuth Client ID and OAuth Client Secret (Required) - Zoom uses Server-to-Server OAuth authentication method, enter the Account ID, OAuth Client ID, and OAUth Client Secret to be used to authenticate the request. For more details, see Create a Server-to-Server OAuth App
- Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
Axonius SaaS Applications
- Zoom Account ID - Enter the Zoom Subdomain in the following format: "https//[account].zoom.us"
Username and Password - The value you enter in the User Name and Password fields in Zoom for the new user you created to allow Axonius to fetch SaaS data. - 2FA Secret - The secret generated in Zoom for setting up 2-factor authentication for the Zoom user created for fetching SaaS data.
If some License and Application Settings data is missing, verify the Zoom Account ID, Username, Password, and/or 2FA Secret Key.
These fields are required for Interactive Login and are needed to fetch this data. This issue is not related to API permissions.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.
- Days of meetings data (required, default: 7) - Specify the number of days of meeting data for this adapter will fetch.
- Fetch devices only with hostname and MAC address (required, default: true) - Select this option to fetch devices that have both hostname and MAC address details.
- Fetch devices (required, default: true) - Select this option to fetch device assets from Zoom.
- Fetch inactive users (default: false) - By default, the Zoom API returns only users with a status of 'active'. Enable this option to also fetch users with a status of 'inactive'.
- Skip service accounts (default: false) - Select this option to not fetch devices whose account type is a service account (such as ‘Google Service Account’)
- Fetch asset types - Specify which asset types to fetch from Zoom.
- Activity logs (default: false) - Select this option to fetch operation logs from Zoom and parse as Activities assets in Axonius.Note:
This option is only available when Axonius SaaS Applications is enabled and the connected Zoom account has the Pro plan or higher.
In addition, the account in the adapter must have thereport:read:admin
permission scope. - Enrich the user last logon from the last join to a meeting - Select this option to enrich the user last logon from the last join to a meeting by fetching the last join to a meeting and updating the user last logon accordingly. This setting works only if you have joined a meeting in the last 30 days.
- Fetch recordings download activities - Select this option to fetch recordings of download activities.
- Fetch application settings and licenses (only for accounts with Axonius SaaS Applications) - Select this option to enable the fetch of settings and licenses from Zoom.Note:
This option is only available when Axonius SaaS Applications is enabled. In addition, you must enter the username and password for the Zoom account in the Adapter Connection to fetch application settings and licenses. If 2FA is required for this application, the 2FA key must be provided.)
- Exclude calendar room entries (default: false) - Select to not fetch information about rooms on the Zoom calendar.
For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.
Axonius SaaS Applications Best Practices
In order to fetch SaaS data set the following:
- Activity Logs
- Fetch application settings and licenses
Related Enforcement Actions
Zoom - Send Message
Zoom - Delete User
Zoom - Create User
Zoom - Update User Group