I'm fighting with the network engineer for a month already to get the integration of the Events module and Zoom done.
The main issue he has is around security. So my question is: what type of data is visible through this integration? Is there any technical document available?
Solved! Go to Solution.
I'm in the same situation @karolinalinda
Security and networking teams are asking for more details - why is API access required etc. I'll be opening a support ticket and will report back my findings.
My support ticket has been open for almost 2 months now and what I need is not the description available on Atlas - this is what support was linking so far. I need to know what corporate data will be visible through this integration.
So I'm still trying to get the info that my infrastructure team needs...
Well that doesn't give me confidence 😞
I already included my CSM in the support ticket but just emailed them directly sharing your topic here, and the 2 months without progress
My hope is that the Khoros Events Product team/manager is able to provide feedback - if not we can't use this due to lack of technical details provided
My case # if you want to reference it is 389461
For what it's worth - I've done the integration, and I am still lost on what it does. I've yet to understand what benefits "integrating" does VS. just embedding a Zoom event directly into the page myself. Nothing seems to truly "transfer" when it comes to attendees, registrations, or literally anything.
We're close to giving up on this integration and researching other options to run Events using Zoom.
We wanted to have that integration in place because it should let everyone participate in the event, even if you can't use Zoom in the company, for example.
To host zoom calls within Events feature, we use Zoom Web SDK. Company-specific apiKey and apiSecret are needed for authentication. The specific API calls used are Get meeting (https://marketplace.zoom.us/docs/api-reference/zoom-api/meetings/meeting) and Get webinar (https://marketplace.zoom.us/docs/api-reference/zoom-api/webinars/webinar).
Khoros community platform does not store any user data apart from the meeting link added while creating the event. Hope this helps.
Please let us know if you have any follow-on questions or need any additional information
Can we get this added to the documentation for future reference.
@VedanthY , a follow-up question from our security teams that would be good to touch on in any documentation updates.
Does Khoros provide a secure method for customers to provide their API details?
I know secure file transfers have been provided in the past but for API details like this how can we ensure they are transferred to Khoros in a secure manner, implemented, and the API details post implementation are removed from Khoros systems (to prevent bad actors from finding, and using these in future).
Hi @tyw ,
We agree that we need to re-look and improve how we are collecting and storing apiKey & apiSecret required for authentication. We are exploring on how to incorporate best practices from our end and will plan to implement them.
Thanks @VedanthY! In case it helps with business casing I can confirm that this is the reason we won't be proceeding with Zoom integration.
Companies have been victim to bad actors sharing sensitive information externally so without a proper chain of custody we can't be confident our API details would be secure. I am not implying anything with Khoros so much as saying there have been multiple instances of this world wide so we can't take this risk. Thanks!
Welcome to the Technology board!Curious about our platform? Looking to connect on social technology? You've come to the right place!