# Zoom

### Overview

The Zoom integration enables discovery and analysis of authorization metadata from the Zoom collaboration platform, including users, groups, system roles, and their associated permissions. This allows you to understand who can take privileged action within your Zoom environment and incorporate this data into a broader identity governance strategy.

The integration supports:

* Discovery of Zoom users, groups and roles
* Analysis of group membership and role-based access control (RBAC)
* Tracking user status, last login times and account verification
* Mapping system-level access controls to standardized permissions
* Correlating Zoom users with IdP user accounts with custom identity mappings

### Prerequisites

* A Zoom Pro, Business, or Business Plus account.
* Administrative access to create a Server-to-Server OAuth app in Zoom.
* The Server-to-Server app requires the following API scopes:
  * `group:read:list_groups:admin`
  * `role:read:list_roles:admin`
  * `role:read:role:admin`
  * `user:read:list_users:admin`

### Configuring Zoom

#### Create a Server-to-Server OAuth App

1. Log in to the [Zoom App Marketplace](https://marketplace.zoom.us/)
2. Click **Develop** in the dropdown menu in the top-right corner
3. Select **Build Server-to-Server App**

   ![Create a servier-to-server app.](/files/JywSutDV3rPz8rEUaMUG)
4. Add a name for your app and click **Create**
5. Note the **Account ID**, **Client ID** and **Client Secret** from the App Credentials section. Save these values to use when configuring the integration in Veza.
6. Under **Scopes**, add the API scopes:

   ![Add API scopes for the Zoom integration.](/files/uRPl7zDDW8PRXFt3pQ9A)

   * `group:read:list_groups:admin`
   * `role:read:list_roles:admin`
   * `role:read:role:admin`
   * `user:read:list_users:admin`

#### Configure the Integration in Veza

1. Navigate to **Integrations** in your Veza instance
2. Click **Add Integration** and search for "Zoom"
3. Click the Zoom icon and to open the configuration form.
4. Enter the required information:
   * **Name**: A friendly name to identify this integration
   * **Account ID**: Your Zoom account ID from the app credentials
   * **Client ID**: The client ID from the app credentials
   * **Client Secret**: The client secret from the app credentials
5. Click **Create Integration** to save the configuration

### Notes and Supported Entities

#### Users

Every user in a Zoom account is assigned a system role (owner, administrator, or member) and can be granted additional custom roles. Users can be active, inactive, or in a pending state, and can be assigned different plan types that determine their capabilities within Zoom.

| Veza Field Name | Zoom Field Name   | Description                                                          | Property Type             |
| --------------- | ----------------- | -------------------------------------------------------------------- | ------------------------- |
| `id`            | `id`              | The user's ID                                                        | LocalUser Property        |
| `created_at`    | `user_created_at` | The date and time when this user was created                         | LocalUser Property        |
| `name`          | `display_name`    | The user's display name                                              | LocalUser Property        |
| `email`         | `email`           | The user's email address                                             | LocalUser Property        |
| `last_login_at` | `last_login_time` | The user's last login time. This field has a three-day buffer period | LocalUser Property        |
| `is_active`     | `status`          | True if User is active else false                                    | LocalUser Property        |
| `display_name`  | `display_name`    | The user's display name                                              | LocalUser Custom Property |
| `first_name`    | `first_name`      | The user's first name                                                | LocalUser Custom Property |
| `last_name`     | `last_name`       | The user's last name                                                 | LocalUser Custom Property |
| `verified`      | `verified`        | Whether the user's email address for the Zoom account is verified    | LocalUser Custom Property |
| `status`        | `status`          | The User's status                                                    | LocalUser Custom Property |
| `plan_type`     | `type`            | The user's assigned plan type                                        | LocalUser Custom Property |

**Status Values:**

* `active`: An active user
* `inactive`: A deactivated user
* `pending`: A pending user

**Plan Type Values:**

* `1`: Basic
* `2`: Licensed
* `4`: Unassigned without Meetings Basic
* `99`: None (this can only be set with ssoCreate)

#### Groups

Groups in Zoom organize users and apply common settings. Group admins are assigned to specific groups to manage members and settings without requiring full account administrative privileges. Group admins can see if their group is the designated primary group for its users. A group admin does not need to be an account admin to manage user groups.

| Veza Field Name | Zoom Field Name | Description | Property Type       |
| --------------- | --------------- | ----------- | ------------------- |
| `id`            | `id`            | Group ID    | LocalGroup Property |
| `name`          | `name`          | Group Name  | LocalGroup Property |

#### Roles

Zoom implements role-based access control (RBAC) where each user is assigned a system role (owner, administrator, or member) with default permissions. Additional custom roles can grant specific permissions. Both account owners and users with role management permissions can assign users to roles.

| Veza Field Name | Zoom Field Name | Description     | Property Type      |
| --------------- | --------------- | --------------- | ------------------ |
| `type`          | `type`          | The role's type | LocalRole Property |

#### Permissions

A role can have one or more privileges, assigned by the account owner or users with role management privileges. Permissions dictate what users can access when they log into the web portal. Zoom system permissions are mapped to standardized Veza permission types:

| Zoom Permission            | Description                                               | Veza Permission Types                                                                    |
| -------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------- |
| `User:Read`, `User:Edit`   | View or edit user information, including role assignments | `DataRead`, `DataWrite`, `MetadataRead`, `MetadataWrite`                                 |
| `Role:Read`, `Role:Edit`   | View, create and modify user roles                        | `DataCreate`, `DataRead`, `DataWrite`, `MetadataCreate`, `MetadataRead`, `MetadataWrite` |
| `Group:Read`, `Group:Edit` | View or edit Groups. Users inherit group role permissions | `DataRead`, `DataWrite`, `MetadataRead`, `MetadataWrite`                                 |

Additional permission mappings include access to:

* Account settings and profiles
* Webinar and recording management
* Zoom Rooms and digital signage
* Chat and IM features
* Billing and subscription management
* Usage reporting and analytics
* Integration and marketplace settings
* System administration features

### Notes and Limitations

* The integration discovers all users regardless of status (active, inactive, or pending)
* User display names are constructed from first and last names when available
* Group membership and role assignments are captured for each user
* Custom properties capture additional user metadata like plan type and verification status
* Role permissions are only gathered if the `role:read:role:admin` scope is granted
* The integration implements rate limiting following Zoom's API guidelines

### Troubleshooting

* For missing permissions errors:
  * Ensure all required scopes are added to the Server-to-Server OAuth app
  * Verify the app has been approved with the necessary permissions
* For authentication errors:
  * Confirm the Account ID, Client ID and Client Secret are correct
  * Check that the OAuth app is active in the Zoom Marketplace

For additional help, contact Veza support or consult the [OAuth 2.0 for Zoom](https://developers.zoom.us/docs/integrations/oauth/).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/zoom.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.