How do I install a Zoom third-party add-on?

A knowledge base article about How do I install a Zoom third-party add-on? provided by the UC Berkeley IT Service Hub - Knowledge Portal

Zoom: Third-party apps and “scopes”

Zoom add-ons are tools built by third-party developers that provide extra features and enhancements to Zoom. While add-ons are convenient, they pose privacy and security concerns because they are not supported or covered by the core services agreement between UC Berkeley and Zoom. Each add-on has its own terms of service that the user is responsible for agreeing to, and may expose data to the third-party developer unintentionally.

There are hundreds of third-party apps that are available to integrate with Zoom, which an end user may request from: https://marketplace.zoom.us/. The approval request gets sent to the UC Berkeley Zoom Admin account for review.

NOTE: Berkeley Zoom Admins are no longer activating any third-party Zoom add-ons due to ongoing security and privacy concerns. The following details are for information only. 

What is a scope?

When you enable an integration with Zoom, the application requests certain “scopes” of access, which is the level of access that the app needs into Zoom to be able to operate.

Overly-broad scopes

Many applications ask for scopes and permissions that are overly-broad, often asking for things like ‘access to all users’ as well all of their meetings, webinars, and recordings. Due to security and privacy policies, we are not approving any third-party apps.

For example, here is an app that has scopes and permissions that are overly-broad:

Rev Live Captions - Zoom App Marketplace

Rev App Permissions and Scopes

3Play Media - Zoom App Marketplace

Three Play Media app scopes

What should I do?

If you are a customer of a company that utilizes overly-broad scopes, we would encourage you to ask that the company rethink their Zoom integration to use more-limited scopes, in order to make it possible for us to approve the use of the integration in the future. See below for details.

Individual user scopes

Some apps are written to ask for more-modest levels of access, only requesting access to your own individual account and data.

Here is an app that has scopes and permissions done well because it limits access to the individual account holder’s Zoom account:

Otter.ai Live Notes for Zoom - Zoom App Marketplace

Otter Live Notes scopes and permissions

How do I get a third-party app approved?

Currently, we are not approving third-party apps due to ongoing security and privacy concerns.

In the future, we may approve apps that use these more limited scopes upon request through the Zoom Marketplace, but you should still ensure that you are complying with the campus’s policies for managing sensitive information, such as FERPA, etc. If you have any security concerns related to a third-party application you wish to use, please contact the Information Security Office: security@berkeley.edu.

Note: Third-party add-ons in Zoom are not supported by Campus IT staff. If you encounter issues, you will need to contact that vendor for support.