Custom OAuth Application for Zoom
Limited Availability: DLP Support for Zoom In-Meeting Chat Messages is a Limited Availability feature. To apply DLP for your Zoom in-meeting chat messages, contact Skyhigh Support. |
Skyhigh CASB allows connecting to Zoom APIs through a custom application. For details on OAuth creation, see Create an OAuth App documentation.
Create a Custom OAuth Application for Zoom
To create an OAuth Application for Zoom:
- Go to Zoom Marketplace.
- Choose Develop > Build Legacy App > OAuth > Create.
- On the Create an OAuth app page, configure the following:
- App Name. Enter a name for your app.
- Choose app type. Select Account-level app.
- Would you like to publish this app on Zoom App Marketplace?. Toggle the switch to prevent this app from being published on Zoom App Marketplace.
- Click Create.
- Go to Manage and select the new app created on the Create an OAuth app page.
- Under App Credentials, configure these:
- Client ID and Client Secret. Copy the Client ID and Client Secret to use in Step 2.
- Redirect URL for OAuth. Enter the URL in the following format: <https://Skyhigh_CASB_URL/shndash/extensions/OAuthCallbackController >.
- Skyhigh_CASB_URL. Here, change the Skyhigh_CASB_URL as per your tenant URL. For example, www.myshn.net, www.myshn.eu, www.myshn.ca.
- Let's say the production URL format is https://www.myshn.net and Skyhigh_CASB_URL is www.myshn.net then, the Redirect URL is https://www.myshn.net/shndash/extensions/OAuthCallbackController
- Skyhigh_CASB_URL. Here, change the Skyhigh_CASB_URL as per your tenant URL. For example, www.myshn.net, www.myshn.eu, www.myshn.ca.
- Under OAuth allow list, enter the same URL as Redirect URL for OAuth.
- Click Continue.
- Select the Information tab.
- Under Basic Information, provide these mandatory information about your app:
- App Name. Enter a name for your app.
- Short Description. Enter a short description about your app.
- Long Description. Enter a long description about your app.
- Company Name. Enter the name of your organization.
- Under Developer Contact Information, configure these:
- Name. Enter your name.
- Email Address. Enter your email address.
- Click Continue.
- Select the Feature tab.
- On the Add Feature page, under Token, copy the Secret Token to use in Step 2.
NOTE:
If the secret token is not available for selection, click Generate.
Prerequisites for In-Meeting Chat DLP Support
To enable the Skyhigh CASB to monitor and apply DLP for sensitive content in the Zoom live meeting chat conversations, perform the following steps:
- Contact Zoom Support to activate the DLP for the in-meeting chat feature.
- Once the Zoom Support enables the feature, you must turn on the Enable in-meeting chat DLP (Data Loss Prevention) integration and select Block in-meeting chat messages in the Zoom application.
To turn on the feature in Zoom application, go to Zoom web portal > ADMIN > Account Management > Account Settings > In- Meeting (Advanced) > Enable in-meeting chat DLP (Data Loss Prevention) integration.
Configure Scopes for Zoom
You can use the Scopes tab to define the permissions based on which users can access Zoom resources, such as chat messages or user details.
To configure scopes for Zoom:
- Go to Scopes > Add Scopes.
- Select the following scopes and their associated permissions, then click Done.
After configuring the scopes for your Zoom instance, go to Step 1 and create a Zoom instance in Skyhigh CASB.
Validate Skyhigh CASB's Webhook URL
You must create an event subscription for Zoom and validate Skyhigh CASB's webhook URL for your Zoom instance so that Skyhigh CASB receives Zoom event notifications.
To validate Skyhigh CASB's webhook URL:
- On the Add Feature page, under General Features, click Add Event Subscription.
- Under Event Subscriptions, configure these:
- Subscription Name. Enter the subscription name.
- Event notification endpoint URL. Enter the URL in the following format, and click Validate. For details on Tenant ID and Instance ID, see Skyhigh CASB Tenant ID and Instance ID.
<webhook server domain name/zoom/16000/<tenantId>/<instanceId>- webhook server domain name. Contact Skyhigh Security Support for webhook server domain name based on your region.
- webhook server domain name. Contact Skyhigh Security Support for webhook server domain name based on your region.
Skyhigh CASB's webhook URL is validated to receive Zoom event notifications.
To find the Instance ID and Tenant ID from Skyhigh CASB dashboard, see Skyhigh CASB Instance ID and Tenant ID.
Configure Event types for Zoom
You can configure the event types for Zoom to specify the Zoom events based on which Skyhigh CASB receives Zoom event notifications.
To configure event types for Zoom:
- On the Add Feature page, under Add Events, click Add events.
- Select the following Event types and their associated events, then click Done.
IMPORTANT: If you select Event types other than the event types listed above, Zoom does not process those events and Skyhigh CASB throws 500 Internal Server Error. Zoom also blocks sending events if you receive too many 500 Internal Server Errors.
After integrating Skyhigh CASB with Zoom, you can define DLP policies and attach them to your Zoom instance. For details, see DLP Collaboration Use Cases for Zoom.