imper.ai requires access to specific Zoom API scopes and in-meeting capabilities in order to monitor meetings, evaluate participant context, and protect Zoom sessions against impersonation and social engineering attacks.
These permissions are requested during the Server-to-Server OAuth authorization process when connecting Zoom as a communication channel.
This article explains what permissions are requested and why they are required.
How Permissions Are Granted
Permissions are granted when a Zoom administrator authorizes the imper.ai Server-to-Server OAuth app in the Zoom App Marketplace.
Once approved, imper.ai can access Zoom meeting metadata, participant context, and event signals required for real-time protection.
Permissions are granted at the Zoom account level.
Permissions Requested by imper.ai
The following permissions are required for imper.ai to monitor and protect Zoom meetings on behalf of your organization.
calendar:read:admin:event
Description
Grants access to all Zoom calendar events.
Used for
Extracting meeting times, topics, and participant metadata required to associate verification activity with scheduled meetings.
meeting:read:meeting:admin
Description
Allows viewing of all meetings created or hosted across the organization.
Used for
Monitoring organization-wide meeting activity and retrieving meeting metadata for analysis.
meeting:read:participant:admin
Description
Provides access to participant details for any Zoom meeting.
Used for
Tracking who joined and when, distinguishing between internal and external participants, and correlating participants across conversations.
scheduler:read:scheduled_event:admin
Description
Provides access to events scheduled using Zoom Scheduler.
Used for
Monitoring upcoming meetings and associating scheduled sessions with verification workflows.
user:read:list_users:admin
Description
Returns the list of all Zoom users in the organization.
Used for
Detecting new users to monitor and keeping imper.ai’s internal user mapping aligned with the organization’s Zoom user base.
user:read:user:admin
Description
Provides detailed profile information for any Zoom user.
Used for
Accessing user attributes such as email, time zone, and department, and aligning identities across systems.
zoomapp:inmeeting
Description
Grants the imper.ai Zoom app permission to run inside live Zoom meetings.
Used for
Real-time protective actions, in-meeting visibility, and verification-related monitoring for protected users.
Security & Privacy Considerations
The permissions requested by imper.ai:
Are scoped to meeting, user, and scheduling metadata
Do not grant access to meeting audio, video, chat content, or recordings
Are used exclusively for security analysis and identity verification
imper.ai does not:
Record meetings
Listen to audio or view video streams
Modify Zoom meetings or user settings
Verification results and risk scores are visible only to authorized administrators and protected users.
Reviewing or Revoking Permissions
Administrators can review or revoke imper.ai permissions at any time from the Zoom App Marketplace or the Zoom Admin Console.
Revoking permissions disables Zoom meeting protection until the integration is reconnected.