Account level app require the Admin permissions

Description
Hi Team,

We have been facing an issue for a long time, In our web application when a user tries to authorize or call any zoom API. It asks for permissions from the admin(see screenshot below).

The App is of OAuth Type and it’s Account Level App.

We have hundreds of users accessing our web application. But we cannot give permissions to all users which is not a feasible option for us.

Is there any API or settings or anything to bypass this permissions issue?

Error
Permission issue while authorizing to get token or calling any API.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Hello! @amaheshwari
It looks like your app is an Admin level app and that is why is asking for admin’s permissions to authorize the app.
If you want to have users of your account authorize the app, please make sure that the app you are developing is a User level app

Hope this helps,
Elisa

Hello! @elisa.zoom
Thanks for the Reply.

We cannot use the User Level app, we need to authorize the user’s at account level. Actually, our application have multiple users and all users are pharmacist. Owner of the zoom account already sync all users in Zoom and enable SSO. I am just wondering if any pharmacist authenticate the account level app then from where we need to give those permission. Can you please share any screenshot from where we can give these permission or we can give on the app level? Should we need to give these permissions to each users or else?

Another question is we also need to authenticate zoom using SSO. Is there any API from which we can do as we need to emabed the video call in our web app. We already created all APIs like create meeting, update meeting, etc. We need to know how in .net side how we can do SSO with zoom using codebase. so, if pharmacist just click on join button in our webapp then it should programmatically do SSO and just emabd the video call and start. If you can share any sample code for SSO it would be great.

Also, can you please schedule a call with zoom developer as we need these support and it would be good if we personally discuss these question and way with your team. We are working in IST time zone. Please share the availability for video call.

Please provide input on above question. It’s very urgent.

Because the app is account level, non-admin users outside of your account will have to either have the admin install the App on their behalf or give the user permission the “Marketplace” permission, located here:

Once the permission is granted, the user will be able to install the app with no problem. Here is a developer article that details scenarios where that message may appear:

Based on your use case, it seems the best option would be to publish your App on the Zoom Marketplace. This will allow your product or service to be accessible to millions of daily users looking to connect workflows and discover new tools.

We do not have sample code for SSO however we do have resources you can reference for your implementation. I’ve linked resources below on getting started with SSO and OAuth. You may also want to check out posts from other community members here.

Sample App Web Meeting SDK

Zoom OAuth Sample App

Zoom OAuth Resources context:

SSO Resources

1 Like

Hi @donte.zoom,

We don’t want to publish our app on the zoom marketplace. We only want the users of the admin account to use the app.

The App has to be of OAuth Type and Account Level App.

As mentioned in the screenshot above, I’ve already got the marketplace permission from the user but I’m still getting this error.

A couple of the following questions::

  1. Does the admin need to give respective permissions(as defined in the scopes of the app) to all the users of the account to access the app? If yes, then from where? please provide a screenshot.

  2. As mentioned in this document
    https://devsupport.zoom.us/hc/en-us/articles/360059617312–You-cannot-authorize-the-app-error
    Admin needs to install the app for us, So from where he/she can install it. Please provide a screenshot.

Please provide input on above question. It’s very urgent.

Please reply as this is very URGENT.

The Account Admin can use role management to grant users access.

Marketplace edit permissions can be found at the here :

Using role management

To change the permissions for an existing role:

  1. Sign in to the Zoom web portal as the account owner or user with the privilege to edit account settings.
  2. In the navigation menu, click User Management then Roles.
  3. Click the All tab.
  4. Find the role that you want to change the permissions, then click the Edit button to the right of it.
  5. Click the Role Settings tab.
  6. Under the View and Edit columns, select the check boxes that enable permissions for users in this role to see or edit those pages.
  7. Under the Scope column, click the dropdown menu to select the following:
  • Entire Account: This will enable permissions that will allow your selected role to see and manage groups in the entire account.
  • Custom Scope: When you click Custom Scope, a Custom scope window will appear. Search and select 1 or more groups that will be included in this scope. The selected role will only be able to see and manage users in the selected groups.
    In the Custom scope window, click Save to save your changes. The number of selected groups from your custom scope will appear in the dropdown menu that you just edited.
    • (Optional) To edit your custom scope, click the dropdown menu then click Edit to make changes.
  1. At the bottom of the page, click Save Settings.

It seems that the users’ account-level settings are such that they must request permission in order to install an app. This is set on an account level by an account admin or account owner.

Once the end user’s admin or owner approves their request, they will be able to install the app.

You can read more on this flow here:

Thanks for sharing this information. Our main concern is if we give edit “users” permission(that is available in our first screenshot) to other roles then Is they are able to manage/edit other users information. Admin role can only add/update/edit users in licensed account. Why we need to give permission to other role? This may affect the security as other roles user may have access to other user information. Is it? Let me know if I am wrong.

FYI, other roles user, when they login in our web app they are creating meetings with zoom API as admin already enable SSO for these users. So, each user(pharmacist) can create meeting and join meeting with patient.

Correct! Your main concern is valid. The recommendation is if the admin and users are within the same company Zoom Account, then use a private app. If the ‘admin account’ is a separate entity or customer you must be published if they want the app to call the API on behalf of another user. See our dev support article on this topic here:

I have added a user from my admin account and role is assigned to him a “member”. But when we are creating meeting or sign in zoom using API it throwing permission issue. I checked from the “Owner” account role management and we have not found edit option. How we can give “Member” role to marketplace permission? This is VERY VERY urgent. Please help.

Please reply as this is very URGENT.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.