Least Privilege Setup for Chatbot that creates meetings on behalf of users?

A clear and concise description of what the question is.

We have a chatbot that will match users with experts for consultation. At some point in the workflow, the chatbot will create a meeting using the experts (delegated?) permissions and then invite the user and the expert into the meeting.

We would like to implement this with the least privileges needed (i.e not require the bot to be able to create meetings on behalf of any/all users in the enterprise). In other chatbot/collaboration platforms, we are able to get delegated permissions from the expert during set up when the expert first interacts with the chatbot, and then create a meeting on behalf of that expert when needed using the delegated permissions. (Creating a meeting on behalf of the expert will also allow us to create up to 2 concurrent meetings per expert we believe)

What is the least privilege set up and permissions needed in our chatbot on the zoom platform? What do we need to specify when creating the chatbot and what do we need to ask the experts to consent to?

Any other advise for this set up, limits on meeting counts etc we should be aware of will be appreciated.

Hey @gauraves,

Thanks for reaching out about this, and happy to help clarify. To that end, I should note that all Chatbot apps are account-level apps:

This means that when an account owner or admin installs this app, it will be installed on the Zoom client of all users under the account.

However, within the scope of the app itself, you can designate limited scopes. This allows you to control which kind of information exactly the Chatbot will be able to access for a given user—for example, read-only Meeting data, read/write, etc.

If you’re looking to require the least amount of privileges from an individual user perspective, you will want to limit the scopes that you enable for your Chatbot.

Let me know if this information helps!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.