Security feature: Add failed login data to /report/activities


It would be nice to get logs of clients attempting and failing to access Zoom in my managed domain. I would use that information to lock suspicious accounts and report compromise. I would also like more information available from the authorization logs.

My Problem:

We currently monitor who logs in and out of our managed domain via . It would be a nice feature to know where failed logins are coming from as well as client and IP information.


I have 2 suggestions:

  1. Add another reporting endpoint that aggregates failed logins ie. /reports/failedsigninaggs or /reports/failedsignins. This would be nice however computing aggregates is difficult depending on your backend, so it may not be advantageous.
  2. PREFERRED add a new type to /report/activities ( like “Sign in failed” and include as much client information as possible, most importantly the data_center and client version.

Preferred event data returned could look something like this:

            "email": "",
            "time": "2019-09-15T20:56:09Z",
            "type": "Sign in failed",
            "ip_address": "",
            "client_type": "Browser",
            "device": "WIN",
           "data_center": "SC",
           "connection_type": "P2P",
           "pc_name": "dojo's pc",
           "domain": "Dojo-workspace",
           "mac_addr": " 00:0a:95:9d:68:16",
           "version": "-"

if aggregating over the last day something like this:

            "email": "",
            "ip_address": "",
            "client_type": "Browser",
            "version": "-",
            "count": 9000

Thanks Zoom Great Product!




This text will be hidden