Integrate Zoom
| Limited Availability: DLP Support for Zoom In-Meeting Chat Messages is a Limited Availability feature. To apply DLP for your Zoom in-meeting chat messages, contact Skyhigh Support. |
Prerequisites
To integrate Skyhigh CASB with Zoom via API, make sure to meet the following prerequisites:
- Admin Access to Zoom for authenticating services.
- Admin Access to Zoom must have Full administrator privileges.
- Admin Access to Skyhigh CASB.
- Create Custom OAuth application and generate Client ID, Client Secret, and Secret Token.
- Skyhigh CASB supports only these Zoom plans: Enterprise, Business, or Pro licenses.
- The required Zoom APIs are not available in Zoom Basic or Free licenses. For Zoom licensing options and prices, see Zoom Plan and Pricing.
Integrate Skyhigh CASB with Zoom
To integrate Skyhigh CASB with Zoom, you must first create a custom OAuth app with Zoom scopes configured, then create a Zoom instance and enable Zoom API access in Skyhigh CASB, validate Skyhigh CASB's webhook URL, and configure Zoom event types in the custom OAuth app.
IMPORTANT:
- Before creating a Zoom instance and enabling API access for Zoom in Skyhigh CASB, make sure to complete the OAuth app authentication in the Zoom admin account. To create an OAuth app in Zoom, see Custom Granular OAuth Application for Zoom.
- As you complete the OAuth app authentication in Zoom, note the Client ID, Client Secret, and Secret Token. You need this to enable API access for Zoom in Skyhigh CASB.
- Existing users can continue to use the Custom Classic OAuth Application for Zoom.
Step 1: Create a Zoom Instance
To create a Zoom instance:
- Go to Settings > Service Management.
- Click Add Service Instance.
- Select Zoom and enter a unique name for the instance.
- Click Done.
Step 2: Enable API access for Zoom
To enable API access for Zoom:
- Select the service instance created, go to the Setup tab, and click Enable.
- Click Provide API Credentials.
- On the Provide API Credentials page, configure the following:
- Based on your custom OAuth type, enter the Client ID, Client Secret, and Secret Token retrieved from either the Custom Classic OAuth Application for Zoom or the Custom Granular OAuth Application for Zoom.
- Based on your custom OAuth type, enter the Client ID, Client Secret, and Secret Token retrieved from either the Custom Classic OAuth Application for Zoom or the Custom Granular OAuth Application for Zoom.
- Click Submit.
NOTE: After providing the custom OAuth app configuration details in Skyhigh CASB, you must enable event subscription and configure the event types for your Zoom instance in the custom OAuth app. Based on your custom OAuth type, refer to the Custom Classic OAuth Application for Zoom or Custom Granular OAuth Application for Zoom.
Once you enable an event subscription, Zoom events are received by Skyhigh CASB.
Supported Use Cases
- DLP Collaboration Use Cases
- Activity Monitoring, Threat Protection, and Anomalies
- Supported Response Actions
Activity Monitoring, Threat Protection, and Anomalies
As a security admin, you can perform a forensic investigation on various activities done by users and automatically detect anomalies. Activities monitored are:
- Login
- Chat
- Delete
- Send
- Update
- Reply
- Channel
- Create channel
- Add members to the channel
- In-meeting
- MeetingMessagePosted
- Admin
- Update user status
Response Actions
As a security admin, you can perform the following response actions:
- DELETE
- INCIDENT
- REVOKE COLLABORATION (APPLICABLE ONLY FOR CHANNELS)
- SEND EMAIL NOTIFICATION TO
- USER EMAIL NOTIFICATION
Secure Collaboration (Future Release Planned)
Enable the security admin to apply DLP on sensitive content only when external users are part of the Zoom real-time meeting.
Use Cases Not Supported
API-based DLP for files during real-time meeting chat and DLP for files in a channel are currently not supported due to the unavailability of the Zoom API.
Zoom Known Behaviors
When collaborating in Zoom, you might notice the following known behaviors:
- File Path Rule for Multi Chats is not supported.
Events sent by Zoom for multi-chat are the same as events sent in the channel. But unable to distinguish the events between the channel and multi-chat. So the File Path Rule cannot be applied to multi-chat messages. - External Collaborators revoke collaboration, not supported.
You cannot revoke external collaborators from multi-chat or chat because there are no relevant Zoom APIs. - Once a meeting is ended, manual and bulk remediation for real-time meeting messages is not supported.
- Collaboration use cases for real-time meeting messages are not supported.
- Sometimes, we do not receive usernames or emails of external users in Zoom events. Consequently, we might miss displaying usernames or emails in the incident details.
- During real-time meetings, if a message contains sensitive data and there are any replies to this message, the entire message thread will be deleted.