Notifications
Clear all
Topic starter
12/06/2026 9:32 pm
TL;DR: Zoom App Store integrations can widen the SaaS and identity surface by adding more connected tools, more access paths, and more governance overhead for IT teams, according to Zluri. The real issue is not collaboration convenience, but whether access, provisioning, and review processes can keep pace with app sprawl.
NHIMG editorial — based on content published by Zluri: IT Teams Top 9 Apps in Zoom App Store
By the numbers:
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should teams govern collaboration app integrations in Zoom or similar platforms?
A: Treat each integration as an access grant with an owner, a business purpose, and a removal date.
Q: Why do app-store integrations increase SaaS governance risk?
A: Because every connected app adds another entitlement path that can outlive the original approval.
Q: What breaks when app offboarding is not tied to identity lifecycle controls?
A: Access becomes residual rather than intentional.
Practitioner guidance
- Inventory every Zoom-connected app Map each app to business owner, data access scope, authentication method, and lifecycle owner so approvals are tied to accountable teams.
- Review delegated access and OAuth scopes Check which Zoom apps can read content, create tasks, or access user data, then remove grants that exceed the stated business need.
- Tie offboarding to application ownership When an app is no longer used, revoke the integration, remove related tokens, and confirm the owning team has signed off on retirement.
What's in the full article
Zluri's full article covers the product-specific app descriptions and feature details this post intentionally leaves at the source:
- How Zluri positions its own SaaS discovery and usage tracking functions inside Zoom-connected environments
- App-by-app feature descriptions for the nine Zoom App Store integrations listed in the article
- The article's vendor-specific framing of security and compliance capabilities within its own platform context
👉 Read Zluri's overview of the top 9 Zoom App Store apps →
Zoom App Store integrations: what they mean for IAM teams?
Explore further
12/06/2026 11:41 pm
App-store sprawl is an identity governance problem, not a software convenience problem. The Zoom app ecosystem described in the article shows how collaboration platforms become entitlement hubs once multiple integrations are allowed. Each app introduces its own auth path, its own scope, and its own lifecycle risk. For IAM and SaaS teams, the right unit of control is not the app store itself but the set of access relationships it creates.
A few things that frame the scale:
- NHIs outnumber human identities by 25x to 50x in modern enterprises, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, which is why lifecycle discipline remains the weak link in many identity programmes.
A question worth separating out:
Q: Who should own governance for third-party apps connected to collaboration platforms?
A: The business owner, the IAM or IGA team, and the application security team should share responsibility, but one team must be accountable for the decision to approve and the decision to revoke. If ownership is unclear, the integration should not remain active because no one can defend its continued access.
👉 Read our full editorial: Zoom App Store integrations expand the SaaS identity surface
