Note: As our world comes together to slow the spread of COVID-19 pandemic, the Zoom Support Center has continued to operate 24x7 globally to support you. Please see the updated Support Guidelines during these unprecedented times.

Note: We have identified an issue causing a subset of users to experience issues displaying live meeting information in Dashboard and Reports, accessing Webinar Registration links and delays in accessing cloud recording links. Please see our Status Page for more information.



Information Barriers Follow

Overview

Information Barriers are designed to help customers control user communication policies and meet regulatory requirements at scale. It can be used to prevent certain groups of users with sensitive information from communicating with others who are not supposed to know of this information.

This article covers:

Prerequisites

  • Contact support to enable
  • Must have a 3rd party environment to send Information Barrier policies from
  • Zoom Desktop Client:
    • Windows, 4.6.8 (19178.0323) or higher
    • macOS, 4.6.8 (19178.0323) or higher

Types of Blocks

  • Hard Block: A meeting or chat communication that has users who belong to many groups. When two users have a block between them (as defined by the organization’s Information Barrier policy), Zoom will not allow them to meet or chat.
  • Soft Block: A meeting that has users who belong to many groups. Even though all the users can meet with each other, some users cannot engage with in-meeting chat, in-meeting file transfer, or screen share functionalities when another user is present in the meeting. If these users are in the same meeting, then the in-meeting features will be blocked.
    Note: Only in-meeting chat, in-meeting file transfer, and screen share functionalities are currently supported with Soft Blocks.

Overall flow

Scope and design

Policy Sync

  • Policies from the organization's environment will be saved to Zoom by using API.
  • Organizations can sync policies at least every 24 hours.
  • Policies will be linked to groups managed in Zoom.
  • Edits of group options and users in a group can only be done through API.

Zoom Meeting

  • Policies will be applied at the time of users entering a Zoom meeting.
  • Policies preventing group-level communication, per hard block, will be respected.
  • Policies based on meeting functionalities, per soft block, will be respected.
  • For meetings with participants belonging to multiple groups: the most conservative policy will be applied from soft block at a meeting-level, for all participants in the meeting.

Zoom Chat

  • Users blocked by information barriers cannot search or chat with one another.
  • Group chats and channels are removed for users who have information barriers applied with other members of the group.

Zoom - Group Management

  • If Information Barriers is enabled, organizations will only be able to create a group and assign/remove users through API.
  • The Group settings (meeting settings, recording settings, etc.) however can be modified from the Zoom web portal. 

Zoom API

  • Organizations can send Information Barrier policies from their 3rd party system to Zoom.
  • The last-known sync of policies will be shown in Zoom Web portal.

Limitations using Information Barriers

  • External meetings will not have Information Barriers applied.
  • Breakout Rooms will not be supported. This setting will be turned off and locked when Information Barriers is enabled. If this is enabled, Information Barrier policies will not apply when users enter a breakout room.
  • Cloud Recording links will still be generated if the meeting is being recorded. 
  • Custom streaming via RTMP will not be supported. If the host decides to stream the meeting, Information Barriers will not be applied to viewers of the stream. 
  • Join Before Host is not supported. This setting will be turned off and locked when Information Barriers is enabled. This is to prevent the scenario where the host is not allowed into their meeting if they have a block with another user, and the other user joins the meeting before the host. 
  • Users can only be part of a group, but only one group at anytime. If they are part of multiple groups, the API sync will return an error. 
  • Webinars, Zoom Rooms, and Zoom Phone will also not be supported at this time, and only Meetings and Chat are supported. 
  • The setting Only authenticated users can join meetings will be on and locked when Information Barriers is enabled. 

Note: When Information Barriers is enabled, Breakout Rooms and Join Before Host will be disabled and locked at the account level. These can be re-enabled by the Admins on the account but will break the Information Barriers. Only authenticated users can join meetings will be turned on and locked. 

Creating an Information Barrier policy

For information on using our Zoom API please see our Marketplace API documentation.

Request body

{
"assigned_group_id"(requried):"string",
"to_group_id"(requried):"string",
"policy_name":"string",
"type":integer, // 0-3 0: blocked and two-way (default, currently only support 0)
"status":integer, // 0-1 0: policy disabled (default) 1: policy enabled
"settings":{
"meeting":boolean
"screen_share":boolean,
"file_transfer":boolean,
"in_meeting_chat":boolean,
"im":boolean,
}
}

Response body

{
"id":"string",
"assigned_group_id":"string",
"to_group_id":"string",
"policy_name":"string",
"type":integer, // 0-3 0-3 0: blocked and two-way (default, currently only support 0)
"status":integer, // 0-1 0: policy disabled (default) 1: policy enabled
"settings":{
"meeting":boolean
"screen_share":boolean,
"file_transfer":boolean,
"in_meeting_chat":boolean,
"im":boolean,
}

Response HTTP codes and error messages

HTTP Response codes:

HTTP Code Message
 201 "OK"
 400 "Bad Request"

Error messages:

Error Code Message
200 "Not available for this account, {accountId}" 
200  "Only available for Paid account, {accountId}" 
300  "Assigned_group_id and to_group_id are required fields and cannot be left empty."
300  "Policy_name is a required field and cannot be left empty."
300  "Unable to add this policy, would create duplicate policies which is not permitted, assigned_group_id:{groupId}, to_group_id:{groupId}"
300 "Invalid request. At least one property value in the settings object must be set to true for this group policy."
4130 "Group not found:{groupId}"

 

Preconditions

  • Users must be in a Zoom group management before the Information Barrier is enabled.
  • For Meetings:
    • User must be signed in to Zoom (meaning, user cannot host a public meeting).
    • Local recording files will not be inspected for sharing with users from groups with blocks. Meaning, if user X cannot meet with User Y but they can chat with one another, and user X decides to send a recording file to user Y, our system cannot prevent this.
  • For Chat: If a user is invited by email, Zoom will not block that. We will still send them a notification if the email is within the domain.
  • Meetings & Chat: If policy server is down, an exception is thrown, network issues occur, outages are present, client-side issues etc. the check policy timeout will fail. In this case:
    1. Zoom will try to retrieve a copy of the last-synced policy for the meetings and chat conversations
      • Zoom will use that policy until the policy server can be reached again.
      • When the policy server can be reached again if a new policy has been synced, Zoom will take that new value.
    2. If Zoom cannot retrieve the copy of the last-synced policy, Zoom will default to not allowing all users in the organization's domain to enter a meeting hosted by someone else in the domain or take part in a chat conversation (i.e. worst case).