5. Ident Provider Attes

Note: As of version 5.13.10, we only support Identity Provider attestations that are issued by Okta and are displayed in the context of E2EE meetings. This feature is called “Okta Authentication for End-to-End Encryption”. Accounts that have an ADN and a compatible identity provider7 (IDP) are able to have the IDP vouch for their users’ identities in a way that other Zoom users can independently verify. This mechanism restricts the ability, even for Zoom insiders, to impersonate account members. Many organizations already trust an IDP for authentication purposes, so this feature does not increase the attack surface or require additional trust in the IDP. In order for clients to be able to verify identity attestations by an external IDP, we need two components:

A way for clients to determine the IDP associated with a Zoom account (that cannot be tampered with by the Zoom servers)
A mechanism for IDPs to issue—and for clients to verify—a signed attestation that binds a user’s email address to the cryptographic key(s) they use to communicate (see Section 3)

Previous4.3 Security Properties Next5.1 Associating Accounts with Identity Providers

Last updated 1 year ago