Integrate Zoom
Limited Availability: DLP Support for Zoom In-Meeting Chat Messages is a Limited Availability feature. To apply DLP for your Zoom in-meeting chat messages, contact Skyhigh Support. |
Prerequisites
To integrate Skyhigh CASB with Zoom via API, make sure to meet the following prerequisites:
- Admin Access to Zoom for authenticating services.
- Admin Access to Zoom must have Full administrator privileges.
- Admin Access to Skyhigh CASB.
- Skyhigh CASB supports only these Zoom plans: Enterprise, Business, or Pro licenses.
- The required Zoom APIs are not available in Zoom Basic or Free licenses. For Zoom licensing options and prices, see Zoom Plan and Pricing.
Integrate Skyhigh CASB with Zoom
To integrate Skyhigh CASB with Zoom, you must first create a custom OAuth app with Zoom scopes configured, then create a Zoom instance and enable Zoom API access in Skyhigh CASB, validate Skyhigh CASB's webhook URL, and configure Zoom event types in the custom OAuth app.
IMPORTANT:
- Before creating a Zoom instance and enabling API access for Zoom in Skyhigh CASB, make sure to complete the OAuth app authentication in the Zoom admin account. To create an OAuth app in Zoom, see Custom OAuth Application for Zoom.
- As you complete the OAuth app authentication in Zoom, make a note of the Client ID, Client Secret, and Secret Token. You will need this to complete Step 2.
- You can enable API access for a new Zoom instance by using an existing custom OAuth app for Zoom that was created prior to October 23, 2022. To enable API access for Zoom via an existing custom OAuth app, you must generate the secret token and validate Skyhigh CASB's webhook URL in the custom OAuth app. For details, see Custom OAuth Application for Zoom.
Step 1: Create a Zoom Instance
To create a Zoom instance:
- Go to Settings > Service Management.
- Click Add Service Instance.
- Select Zoom and enter a unique name for the instance.
- Click Done.
Step 2: Enable API access for Zoom
To enable API access for Zoom:
- Select the service instance created, go to the Setup tab, and click Enable.
- Click Provide API Credentials.
- On the Provide API Credentials page, configure the following:
- Client ID, Client Secret, and Secret Token. Enter the Client ID, Client Secret, and Secret Token retrieved from the Custom OAuth Application for Zoom.
- Client ID, Client Secret, and Secret Token. Enter the Client ID, Client Secret, and Secret Token retrieved from the Custom OAuth Application for Zoom.
- Click Submit.
NOTE: After providing the custom OAuth app configuration details in Skyhigh CASB, you must validate Skyhigh CASB's webhook URL, and configure the event types for your Zoom instance in the custom OAuth app. For details, see Custom OAuth Application for Zoom.
Once validated, Zoom events are received by Skyhigh CASB.
Supported Use Cases
- DLP Collaboration Use Cases
- Activity Monitoring, Threat Protection, and Anomalies
- Supported Response Actions
Activity Monitoring, Threat Protection, and Anomalies
As a security admin, you can perform a forensic investigation on various activities done by users and automatically detect anomalies. Activities monitored are:
- Login
- Chat
- Delete
- Send
- Update
- Reply
- Channel
- Create channel
- Add members to the channel
- In-meeting
- MeetingMessagePosted
- Admin
- Update user status
Response Actions
As a security admin, you can perform the following response actions:
- DELETE
- INCIDENT
- REVOKE COLLABORATION (APPLICABLE ONLY FOR CHANNELS)
- SEND EMAIL NOTIFICATION TO
- USER EMAIL NOTIFICATION
Secure Collaboration (Future Release planned)
Enable security admin to apply DLP on sensitive content only when external users are part of the Zoom real-time meeting.
Use Cases Not Supported
API-based DLP for files during real-time meeting chat and DLP for files in a channel are currently not supported due to the unavailability of Zoom API.
Zoom Known Behaviors
When collaborating in Zoom, you might notice the following known behaviors:
- File Path Rule for Multi Chats is not supported.
Events send by Zoom for multi-chat are same as events send in the channel. But unable to distinguish the events between the channel and multi-chat. So the File Path Rule cannot be applied for multi-chat messages. - External Collaborators revoke collaboration not supported.
External Collaborators in multi-chat/chat if you want to revoke collaboration with them that is not supported as there are no relevant Zoom APIs for it. - During real-time meetings, if a message violates the policy, the message will be deleted and the following dialog is displayed to the author:
- Once a meeting is ended, manual and bulk remediation for real-time meeting messages are not supported.
- Collaboration use cases for real-time meeting messages are not supported.
- Sometimes, we do not receive usernames or emails of external users in Zoom events. Consequently, we might miss displaying usernames or emails in the incident details.
- During real-time meetings, if a message contains sensitive data and there are any replies to this message, the entire message thread will be deleted.