Open source Identity Management connector for Zoom that uses the ConnId framework.
This software also leverages the Connector Base Framework. It is developed and tested with Midpoint, but also could be utilized with systems that implement the ConnId framework.
This software is Copyright 2020-2024 Exclamation Graphics. Licensed under the Apache License, Version 2.0.
Connector versions 4.0.1 and above support OAuth2 for authentication. Prior JWT authentication is no longer supported by Zoom.
- The connector configuration can be specified in the midPoint user interface or it can be read from a property file.
- The connector supports Zoom Meeting User, Zoom Phone Users, and Zoom Groups
- The connector can Create, Update, Delete, and search Zoom users.
- The connector can enable the Zoom Phone Feature for active Zoom Users.
- The connector can Assign or Unassign Calling Plans, Phone Numbers, Company Site, and Extension Number to an enabled Zoom Phone User account
- The connector can Create, Update, Delete, and List Zoom Groups.
- A User can be associated or disassociated with one or more Zoom Groups
- The list of Zoom Users can be searched by one of three statuses (active, inactive, pending)
- The connector will download users with all statuses by default unless a status is specified in the search criteria.
- The connector configuration will allow you to select whether a user to be deactivated, disassociated, or deleted when the Zoom User delete operation is invoked.
- Connector operation requires that you have at least a Zoom Pro Account. See https://zoom.us/pricing for more information.
- Basic Free Zoom accounts have rate limits which prevent normal operation of the connector. See https://developers.zoom.us/docs/api/rest/rate-limits/ for more information.
- The connector currently supports the default create user action. We expect custCreate, autoCreate, and ssoCreate to be available in a future release.
- The default create action is to set the user in pending status until activation is complete.
- The default create action requires the user to activate their zoom account by verifying their email address. Until activation is completed the account remains in 'pending' status.
- When a user is in a 'pending' status, the connector can use the API to lookup a user by ID or email address. However, the data returned is minimal or empty.
- A user’s information cannot be updated when the status is pending.
- A user’s information can be updated and retrieved when the status is active.
- A user’s information can be retrieved but not updated when the status is inactive
- A user’s information can only be updated when the account is activated or reactivated.
To begin you will need to register and activate at least a Zoom Pro account. with one or more licenses for Zoom User and/or Zoom Phone. A normal Zoom account with zero licenses will not operate properly because of rate limits. \
You can manage Users and Groups in Zoom's web UI by going to https://zoom.us/meeting and using the Admin -> User Management links. The owner of the account or a user with Admin role is required to create the Server to Server OAuth application in the Zoom marketplace.
See https://marketplace.zoom.us/develop for information on setting up a Zoom developer account. Once you are authenticated, create a new Server-Server OAuth app as documented here https://developers.zoom.us/docs/internal-apps/create/
The following OAuth Scopes will be required in the Server to Server OAuth Application in order to use this connector.
- group:master
- group:read:admin,
- group:write:admin
- phone:master
- phone:read:admin
- phone:write:admin
- user:master
- user:read:admin
- user:write:admin
The actual method of configuring a connector is largely dependent on the interface(s) provided by your Identity and Access management system. Midpoint provides a convenient user interface method to enter these values. If configuration properties are being read in from a property file you may also need to know the name of the property.
The configuration parameters are specified in the following table. One thing to watch out for is the setting for the OAuth2 client secret when using the midpoint interface. You should collapse the configuration
| Item | Req’d | Description |
| Service URL | Yes | The base URL of the Zoom Web Service. It is normally set to https://api.zoom.us/v2 |
| IO Error Retries | No | Number of retries that will be attempted when an IO error occurs. Default is 5. |
| Deep Get Enabled | No | When a search operation is executed and this value is true, the connector will download all attributes for each individual record returned. When false the Zoom connector will not return Zoom phone attributes. The value should be set to true although it will consume more time to download each record. |
| Deep Import Enabled | No | When an import operation is executed and this value is true the connector will download all attributes for each individual record returned. When false the Zoom connector will not return Zoom phone attributes. The value should be set to true although it will consume more time to download each record. |
| Import Batch Size | No | The default number of records to retrieve per page. Import operations will be invoked using the given batch size when it is supplied. Since the Zoom API supports paging you can import records one batch/page at a time instead of all at once. The default value is 30 and the maximum value is 300. |
| Pagination Enabled | No | The zoom Connector supports pagination on supported objects. This option should be set to true. |
| Duplicate Record Returns Id | No | When a create is attempted and an AlreadyExistsException is generated by the driver invocator, the adapter shall attempt to return the id of the existing record matching the specified email address. |
| OAuth2 Token URL | Yes | The URL used to get an OAUTH2 token. The default value for Zoom is https://zoom.us/oauth/token |
| OAuth2 Account Id | Yes | The Account ID received from the Server to Server OAuth2 application you created in the Zoom Marketplace. |
| OAuth2 Client Id | Yes | The Client Id received from the App Credentials page of the Server to Server OAuth2 application you created in the Zoom Marketplace. |
| OAuth2 Client Secret | Yes | The Client Secret received from the App Credentials page of the Server to Server OAuth2 application you created in the Zoom Marketplace. |
| OAuth2 Scope | No | The Scopes assigned to the Server to Server OAuth2 application you created in the Zoom Marketplace. As of this writing the Zoom system will provide all the scopes defined for the application by default. For this reason it may be possible to leave this value blank or poplate with the values supplied in a previous section of this document. |
| Deactivate On Delete | No | When this value is true the connector will deactivate the account when a delete operation is invoked. When this value is false the Disassociate on Delete action is invoked. |
| Disassociate On Delete | No | When this value is true the connector will disassociate the user’s zoom login from the master account. This means the user login with the user’s email address will continue to exist as a basic account. When this value is false the user account is actually deleted unless Deactivate on Delete is true. |
| Immediate Logout on Deactivate | No | When this value is true the user will be immediately logged out when a deactivate event occurs. |
The following property names can be used when integrating with a Connid system that uses a configuration properties file. It is also used to perform unit tests in the code base.
See src/test/resources/__bcon__development__exclamation_labs__zoom.properties for an example.
| Item | Type | Property Name |
| Service URL | String | service.serviceUrl |
| IO Error Retries | Integer | rest.ioErrorRetries |
| Deep Get Enabled | Boolean | results.deepGet |
| Deep Import Enabled | Boolean | results.deepImport |
| Import Batch Size | Integer | results.importBatchSize |
| Pagination Enabled | Boolean | results.pagination |
| Duplicate Record Returns Id | Boolean | service.duplicateErrorReturnsId |
| OAuth2 Token URL | String | security.authenticator.oauth2ClientCredentials.tokenUrl |
| OAuth2 Account Id | String | custom.accountId |
| OAuth2 Client Id | String | security.authenticator.oauth2ClientCredentials.clientId |
| OAuth2 Client Secret | String | security.authenticator.oauth2ClientCredentials.clientSecret |
| OAuth2 Scope | String | security.authenticator.oauth2ClientCredentials.scope |
| Deactivate On Delete | Boolean | custom.deactivateOnDelete |
| Disassociate On Delete | Boolean | custom.disassociateOnDelete |
| Immediate Logout on Deactivate | Boolean | custom.immediateLogoutOnDeactivate |
The connector schema is drawn from available variables in the Zoom User API and the Zoom Phone API. it is
| Attribute | Type | Comment |
| USER_ID | String | Zoom User ID |
| String | The user’s email address | |
| FIRST_NAME | String | The user's first name. |
| LAST_NAME | String | The user's last name. |
| LANGUAGE | String | Default language for the Zoom Web Portal. |
| TIME_ZONE | String | The User’s timezone assignments |
| PHONE_NUMBER | String | The user’s phone number. The value is arbitrary and not necessarily a zoom phone number. |
| PHONE_COUNTRY | String | The country of the user’s phone number |
| CREATED_AT | String | The date and time when this user was created |
| LAST_LOGIN_TIME | String | The date and time when the user last logged into Zoom. |
| TYPE | Integer | The plan type of user. \
1 - Basic.
2 - Licensed. 99 - None \ A user does not need to be licensed in order to have a zoom phone. |
| GROUP_IDS | [String] | An Array or Group IDs associated with the User |
| CREATED_AT | String | The date and time when this user's latest login type was created. |
| VERIFIED | String | Specified whether the user is verified or not. The value is 1 when the user is verified |
| STATUS | String | The Zoom User status can contain the values “active”, “inactive”, or “pending” |
| PERSON0AL_MEETING_ID | Integer | The Zoom User’s personal Meeting id or pmi |
| ZOOM_PHONE_FEATURE | Boolean | When this value is true the Zoom phone feature is enabled. |
| ZOOM_ONE_FEATURE_TYPE | String | The Zoom User’s Zoom workplace plan option. This value is available at user creation time. The connector does not allow for the value to be changed once set. |
| SITE_ID | String | The site ID is the unique identifier of the site associated with the zoom phone assigned to the user. The connector does not create or update Zoom Sites. This is a manual operation for the Administrator of the Zoom License. |
| SITE_NAME | String | The name of the site associated with the Zoom Phone assigned to the user. When creating a user who has a zoom phone license only the site name is required. |
| SITE_CODE | Integer | The identifier for the site associated with the zoom phone assigned to the user. |
| ZOOM_PHONE_STATUS | String | The status of the user's Zoom Phone license. When the value is “activate”, the Zoom phone is active. When the value is “deactivate”, the user’s Zoom phone license is disabled. When the status is deactivated, the user can't make or receive calls |
| EXTENSION_NUMBER | String | The extension number assigned to the user's Zoom phone number. The extension number is associated with the Site where the user is located. |
| ZOOM_PHONE_CALLING_PLANS | [Integer] | An array of Zero or more calling plans defined by the Zoom Phone API. A link to the list of calling plan values is provided in the references section. |
| ZOOM_PHONE_NUMBERS | [String] | The list of zero or more phone numbers assigned to the user. The phone number(s) assigned to the user must have been obtained from a zoom phone license. The connector will not assign a phone number to a user who does not have the zoom phone feature enabled. |
The Zoom connector implements the following connId SPI operations:
- SchemaOp - Allows the Connector to describe which types of objects the Connector manages on the target resource. This includes the options supported for each type of object.
- TestOp - Allows testing of the resource configuration to verify that the target environment is available.
- SearchOp - Allows the connector to search the Zoom Web Service for resource objects.
- CreateOp - Allows the connector to create Users or Groups
- DeleteOp - Allows the connector to delete Users, or Groups
- UpdateDeltaOp - Allows for updates of the supported Object Types. These are Users and Groups
The connector supports a deep get functionality which returns detailed information for each item returned from a query. This feature is necessary because a query may return partial fields for a record.This is the case with the Zoom User lookup and the lookup API calls. Deep get is invoked when the query contains paging parameters such as page size and page offset. Deep get is recommended to be true for this connector.
The connector’s deep import option is similar to the deep get option. The deep import option is invoked when a query does not have paging parameters. Deep Import is recommended to be true for this connector.
The duplicate record returns Id configuration option is invoked when an HTTP POST request, used to create a record, returns HTTP 409 (Conflict). This typically indicates that the record we are attempting to create already exists. When this option is true the connector will attempt to get the record by name and return the record’s ID value to the caller. In this way a record can be seamlessly imported when it already exists on the target server. Unfortunately the Zoom API does not return HTTP 409 instead it returns HTTP 412. Because this is the case the connector will always do a lookup for an existing object type before creating the type.
The Zoom API does not allow an email address to be changed once the user is created unless you have Managed Domains enabled. You enable this through Account Management. The connector will fail gracefully with an error message in the log. If more than 3 attempts are made to change a user's address within a 24 hour period, the Zoom API will return a rate limiting error (HTTP 429).