Ctrlk
Zoom CommunityCustomer Support
Page cover
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Zoom Scheduler Explainer

This Explainer provides an overview of Zoom Scheduler and its capabilities.

Managing Scheduler one-off meetings within the Zoom Workplace app.

Zoom Scheduler Overview

This document provides a technical overview of Zoom Scheduler, covering its architecture, data handling practices, and integration capabilities. This Explainer is designed for IT administrators, security teams, and technical decision-makers evaluating or implementing Scheduler within their organizations.

Zoom Scheduler is an appointment scheduling product designed for professionals who need to offer bookable time slots

Zoom Scheduler is an appointment scheduling product that streamlines the booking experience by letting users share their availability with people outside their organization. It's designed for professionals who need to offer bookable time slots, whether they're sales teams, recruiters, consultants, or customer success managers. Zoom Scheduler prevents the back-and-forth of finding a mutually available time.

Scheduler works with your compatible calendar service to display your availability and create events when appointments are booked. It supports several meeting modalities including one to one meetings, team schedules, and availability polling so external participants select a time that works for them.

The following diagram shows an overview of how Zoom Scheduler works:

An overview of the Zoom Scheduler service.

Zoom Scheduler and Zoom Calendaring Integration serve different purposes despite using interchangeable terms

Scheduler and calendar integration serve different purposes and are sometimes confused by customers who use the terms interchangeably.

Zoom Calendaring Integration syncs calendar data across Zoom endpoints. Integrating calendar services with Zoom can be as simple or involved as your organization needs. In the case of integrating enterprise calendaring services with Zoom Workplace, that requires special access and permissions. But with Zoom Scheduler, the level of access is limited.

Zoom Scheduler allows you to create publicly viewable and bookable schedules with others within and outside your organization. It can integrate with your calendar to sync booked appointments and check your calendar for conflicts. It reads your calendar's free and busy statuses on demand and writes new events when appointments are booked. It's another layer on top of your existing calendar rather than a replacement.

You don't need Zoom Calendaring Integration enabled for Scheduler to work. Scheduler connects directly to your calendar provider through its own OAuth authorization.

Zoom Scheduler is licensed for Zoom Workplace Business, but can also be purchased as an add-on

Zoom Scheduler is a licensed product. It's included with Zoom Workplace at the Business tier and higher, or available as a standalone add-on for other plans.

What are the benefits of enabling Zoom Scheduler?

  • Share availability externally without exposing calendar details: invitees see available time slots, not your event titles or descriptions

  • Reduce scheduling friction by eliminating email back-and-forth to find meeting times

  • Automatic conflict detection helps prevent double-booking

  • Calendar events created automatically when someone books a time, with meeting details included across platforms and locations, including Zoom, Microsoft Teams, Google Meet, and on-site or in-person

  • Supports multiple booking types such as All Host Available and Any Host Available for coordinated scheduling across teams

  • Helps reduce no-shows and engage your customers with email and SMS automations such as reminders and follow-up emails

Which calendar providers are supported?

Zoom Scheduler is compatible with these calendar services:

  • Microsoft 365: Cloud-hosted Exchange Online calendars

  • Google Workspace: Google Calendar

  • Zoom Mail & Calendar

Zoom Scheduler support for iCloud Calendar is currently in beta and out of scope for this article.

Zoom Scheduler can be accessed via the web, Zoom Workplace, and the Zoom mobile app

A user booking an appointment with Zoom Scheduler.

Users can access Zoom Scheduler through:

  • Web browser via the Zoom web portal

  • Zoom Workplace application on desktop

  • Zoom mobile app on iOS and Android (currently supports a limited set of read functionality)

Mobile security:

The mobile version uses the same data flow as the desktop application. The mobile app loads the Scheduler page into an authenticated webview. The webview makes all requests to Zoom servers through HTTPS. When the webview needs to call native device functions, it uses postMessage, and the native layer verifies the message origin before executing any action.

External participant access:

External participants access Scheduler through booking page links shared by the host. These links open in a web browser and don't require the participant to have a Zoom account or the Zoom Workplace application installed.

Data Handling and Security

Zoom Scheduler uses OAuth 2.0 and backend APIs to access calendar data

Zoom Scheduler accesses calendar data through OAuth 2.0 authorization:

  1. The user accesses Zoom Scheduler through the web portal or Zoom application.

  2. Zoom's internal services retrieve an access token from the host's calendar provider.

  3. With permission granted, Scheduler can view the host's calendar availability and create or modify events.

  4. When a scheduling action occurs, Scheduler makes an API request to refresh live availability from the calendar provider.

The Zoom Scheduler application doesn't connect directly to calendar services. All calendar requests flow through Zoom's backend services via APIs.

OAuth tokens are encrypted during storage, expire after an hour, and can be revoked by users

Scheduler uses standard OAuth 2.0 for calendar integration with Microsoft and Google.

Token storage:

  • Access tokens are stored in Redis cache

  • Refresh tokens are encrypted and stored in MongoDB

  • Tokens are stored using 256-bit AES-GCM encryption

Token refresh:

Access tokens expire after approximately one hour. When a token expires and the user takes an action that requires calendar access, Zoom automatically refreshes the access token using the stored refresh token. This process is automatic and doesn't require user intervention.

Token revocation:

Users can disconnect their calendar from Scheduler at any time through the Zoom web portal, which revokes Scheduler's access. Calendar provider administrators can also revoke access through their respective admin consoles (Entra ID for Microsoft, Google Workspace Admin for Google).

What calendar information does Zoom Scheduler access?

Zoom Scheduler accesses your calendar's free/busy status to determine availability. It uses this information to display bookable time slots to participants.

For calendar events Scheduler has not created, Scheduler does not access or read:

  • Event titles

  • Event descriptions or body content

  • Attendee lists

  • Attachments

When a participant books a time, Scheduler creates a new calendar event. When a participant modifies a booking, Scheduler updates the event it created. Scheduler only manages events it has created. It doesn't modify your other calendar events.

What data does Zoom Scheduler store?

Scheduler's data storage is limited and specific.

  • Booking page name, link, description, location, reminders, calendar invites, cancellation policy, attendees, and attendee questions.

  • Booking responses from attendees.

  • Availability polls and descriptions.

  • Scheduler routing form names, descriptions, and form questions.

  • Scheduler user profile picture, uploaded branding logo, and notification content.

  • Scheduler delegate management information.

  • Scheduler payment integration information.

Zoom Scheduler doesn't support Customer Managed Key (CMK)

Scheduler doesn't currently support Zoom Customer Managed Key for encrypting stored data. Organizations with CMK requirements should factor this into their deployment decisions.

How does Zoom Scheduler protect user privacy?

Scheduler can only function if a host grants Scheduler access to a connected calendar through OAuth authorization.

For example, if a CEO hasn't connected their calendar to Scheduler, their availability won't appear in team scheduling scenarios. Each user must individually authorize Scheduler to access their calendar.

This means:

  • Users control whether their availability is visible through Scheduler

  • Existing calendar permission controls remain unchanged

  • No calendar data is accessible until the user explicitly connects their calendar

Booking page visibility:

Booking pages are publicly accessible via their unique URL. Users may change the visibility of booking pages for increased privacy. For example, marking them Active or Inactive. Additionally, each individual booking page has an Additional Option to "Hide from public booking page" to offer granular control of what pages appear externally or not.

Calendar availability (free/busy status) is only retrieved in real time when:

  • A user creates a one-off meeting or availability poll

  • A participant opens a booking link to view available times

  • A participant books or modifies a time

How is data protected in transit?

All communications between Zoom services and calendar providers are encrypted using TLS 1.2.

Zoom Scheduler users the standard Zoom port 443 connection and has no other special network requirements

Scheduler has no special firewall or network requirements beyond standard Zoom access. All connections use HTTPS on port 443. Refer to Zoom's general network and firewall documentation for baseline requirements.

Provider-Specific Details

Zoom Scheduler is compatible with the following calendar services and integrations.

Zoom Scheduler works with various, common calendar service providers

Zoom Scheduler connects to several calendar applications, including Zoom Mail & Calendar.

As mentioned above, Zoom Scheduler can connect to the following services for reading availability and creating events:

  • Microsoft 365: Cloud-hosted Exchange Online calendars, like Outlook Calendar

  • Google Workspace: Google Calendar

  • Zoom Mail & Calendar

Zoom Scheduler Support for iCloud Calendar is currently in beta and out of scope for this article.

Exchange Server on-premises is not supported.

Zoom Scheduler integrates with Microsoft 365 using a Microsoft Graph application

Scheduler uses a Microsoft Graph application called ZOOM-GRAPH to connect to user calendars. This is a user-level integration using OAuth 2.0 with delegated permissions, meaning each user authorizes access to their own calendar individually.

Scheduler does not use Application Permissions or a service account model. There's no admin-level deployment that grants calendar access on behalf of users.

What permissions does Scheduler require?

The ZOOM-GRAPH application requests the following Microsoft Graph API permissions:

Scope
Microsoft Description
Zoom Usage

offline_access

Maintain access to data you have given it access to, even when users are not currently using the app

Enables access to refresh tokens when user is not actively using Scheduler

openid

Sign users in

Authenticate the user and issue an access token (sign-in only, not real-time access)

Calendars.ReadWrite

Full access to user calendars

Create, read, update, and delete calendar events

Calendars.Read

Read events in all calendars the user has access to, including delegate and shared calendars

Sync shared calendar availability

How can I identify the ZOOM-GRAPH application?

The ZOOM-GRAPH application appears in your Entra ID Enterprise Applications directory after a user authorizes Scheduler. You can locate it by searching for "ZOOM-GRAPH" in the Enterprise Applications list.

Zoom Scheduler integrates with Google Calendar using OAuth 2.0

Scheduler connects to Google Calendar using OAuth 2.0 with user-level authorization.

For Google Workspace calendar users, the following permissions are required:

Scope
Google Description
Zoom Usage

Calendars.Read

Returns free/busy information for a set of calendars.

  • Check free/busy status

  • Show user's busy events

Calendars.Read

Returns events on the specified calendar.

Check whether current scheduled event has overlapped calendar event

Calendars.Read

Returns metadata for a calendar.

  • Integration setting

  • Check authorization

Calendars.Read

Returns the calendars on the user's calendar list.

Integration setting

Calendars.Read

Watch for changes to Events resources.

Start sync event cancellation on the calendar to Scheduler

Calendars.Read

Stop watching resources through this channel.

Stop sync event cancellation on the calendar to Scheduler

Calendars.ReadWrite

Creates an event.

Add events to specific calendar

Calendars.ReadWrite

Updates an event. This method supports patch semantics.

Change events on specific calendar

Calendars.ReadWrite

Deletes an event.

Remove reserved event on specific calendar

Zoom Scheduler can create the meetings for various meeting platforms

When an appointment is booked, Scheduler can create meetings on these platforms:

  • Zoom Meetings

  • Google Meet

  • Microsoft Teams

Third-party integrations offer additional scheduling functionality

Scheduler can connect with the following services for extended functionality:

  • Stripe: Payment collection for bookings (see the Stripe section below for more details)

  • Zapier: Workflow automation

  • Salesforce: Syncs scheduled events to Salesforce

Stripe Payments and Zoom Scheduler

Zoom Scheduler integrates with Stripe Connect to let hosts charge for bookings

Zoom Scheduler integrates with Stripe Connect to enable hosts to charge a fee for appointments booked through Scheduler.

This follows a non-Merchant-of-Record (non-MoR) marketplace model: Hosts* maintain a direct relationship with Stripe, use their own Stripe accounts to process transactions, and are financially liable for any fees or disputes.

*Hosts are the merchant of record for the services they sell through Zoom Scheduler and are responsible for delivering those services, providing receipts and customer support to their attendees, as well as handling refunds, chargebacks, and any consumer-protection obligations that apply.

Zoom doesn't charge a platform fee or commission on payments. Where applicable, Zoom calculates and collects VAT/GST on the transaction and remits it to the relevant tax authority. For more information, see the Zoom Support article Frequently asked questions about Zoom Scheduler GST and VAT.

Stripe is the independent provider of payment services to the host under the Stripe Services Agreement and Stripe Connected Account Agreement. Stripe is not a Zoom subprocessor; Zoom and Stripe each act as independent controllers of the personal data they process for the integration, and they share data with each other only as needed to operate the Stripe Connect integration the host has authorized.

Hosts connect Stripe and Zoom through a standard OAuth flow and accept Stripe's Connected Account Agreement

Hosts connect their Stripe account to Zoom Scheduler via Stripe Connect using a standard OAuth authorization flow hosted by Stripe. During onboarding, Stripe presents its own Connected Account Agreement and Privacy Policy.

During this OAuth flow, hosts agree to Stripe’s Connected Account Agreement, which governs use of Stripe Connect alongside the host’s underlying Stripe Services Agreement. The host’s relationship with Zoom continues to be governed by their existing Zoom Workplace and Zoom Scheduler terms. Once authorized, Zoom Scheduler can initiate payment transactions on the host’s behalf, as described in the Stripe Connected Account Agreement.

Payment card data is handled entirely by Stripe and never passes through Zoom's systems

The payment form presented to payers is a Stripe-hosted Payment Element embedded on the Zoom Scheduler booking page. Although the form visually appears on a Zoom-hosted page, payment card data is entered in, and transmitted directly to, Stripe's servers. Zoom doesn't store payment card data or handle payment data. This is standard practice for Stripe Element integrations.

What information Zoom does store:

To meet its marketplace tax obligations, Zoom collects and retains the following:

  • Each payer's billing address (also called the 'Sold To' address)

  • Name

  • Email

  • VAT (where applicable)

  • Tax ID (where applicable)

This information is used to determine tax jurisdiction and calculate applicable taxes. Zoom acts as the responsible party for determining, calculating, and remitting VAT/GST in applicable jurisdictions.This billing information is also shared with Stripe to support payment processing and tax calculation. In return, Stripe shares booking-related data back to Zoom under the host’s authorization in the Stripe Connected Account Agreement. Zoom uses this data to operate the booking experience (for example, to confirm or cancel an appointment) and for the marketplace, tax, and reporting purposes described in this document. For full details on tax collection and jurisdiction-specific rules, see the Zoom Support article Frequently asked questions about Zoom Scheduler GST and VAT.

Zoom creates a Payment Intent in the host's Stripe account and maps the payment ID to the booking

When a payer initiates a booking payment, Zoom Scheduler creates a Payment Intent via the Stripe API, directed to the host's connected Stripe account. Stripe generates a transaction ID for the Payment Intent and returns it to Zoom, which uses it to track and confirm payment status.

Funds are deposited directly into the host's Stripe account. Zoom maps the payment ID and status to its internal booking ID for confirmation and record-keeping.

Hosts can cancel and refund paid bookings from the Scheduler UI or from their Stripe dashboard

The Cancel and refund button option in the Zoom Scheduler UI.
The Cancel and refund button option in the Zoom Scheduler UI
The Manage transaction drop-down option in the Zoom Scheduler UI. This option will send you to your Stripe dashboard.
The Manage transaction drop-down option in the Zoom Scheduler UI

For paid bookings, hosts have two options for managing refunds. From within the Zoom Scheduler UI, hosts can select Cancel and refund on a booking to either cancel the event and issue a full refund, or refund the attendee while keeping the event active.

In both cases, Zoom triggers the refund via the Stripe API and the payment is returned to the attendee's original payment method.

Alternatively, hosts can select Manage transaction to go directly to their connected Stripe dashboard, where they can view transaction details and process refunds through Stripe's own interface.

In the event of a refund, the host is not reimbursed for transaction fees or other fees charged by Stripe. Hosts should contact Stripe directly with questions about fee handling.

The Cancel and refund confirmation options when cancelling a Stripe/Zoom appointment.
The Cancel and refund confirmation options when cancelling a Stripe/Zoom appointment.

Appendix

Zoom Scheduler sends SMS notifications through Twilio with built-in content safeguards

Zoom Scheduler uses Twilio, a third-party cloud communications platform, to deliver SMS notifications to attendees. Messages are sent from a pool of phone numbers managed by Zoom.

Message processing and safeguards

Before delivery, Zoom processes all SMS notifications through internal safety, spam, and phishing filters. Additionally, Zoom uses AI-based detection to prevent users from adding sensitive information to SMS notification templates. Twilio may apply additional filtering and block messages it deems as spam. Zoom may disable SMS functionality for accounts with high rates of detected spam or policy violations.

Attendee consent and controls

Attendees must opt in to receiving SMS notifications at the time of booking. Attendees can manage their SMS preferences by replying to any Scheduler SMS message:

  • STOP: Opt out of text messages

  • START: Opt back in to text messages

  • HELP: Receive help information

Replies must be sent to the same number the attendee received the message from.

Zoom Scheduler notifications are offered through email or push via the Zoom mobile app

The Zoom Scheduler notification options available to administrators.

Scheduler delivers booking confirmations and reminders through:

  • Email: Confirmation and reminder emails to both hosts and participants

  • Push notifications: Mobile app notifications for hosts with the Zoom mobile app installed

  • SMS via Twilio.

Zoom Scheduler is available through US and EU clusters

Zoom Scheduler is currently generally available to Zoom customers hosted on Zoom’s United States-based cluster and regionally within Zoom’s European-based cluster.

Organizations hosted on other clusters should confirm availability with their Zoom account team.

Current limitations

The following features are not currently supported:

  • SSO or password protection for booking pages: Booking pages are publicly accessible via their unique URL

  • Attachments on booking invitations: There is no way to add attachments to booking page invites

  • Customer Managed Key (CMK): Scheduler does not support CMK for encrypting stored data

  • Admin-level calendar deployment: Each user must individually connect their calendar; admins cannot grant access on behalf of users

  • Exchange Server on-premises support: Only cloud-hosted calendar providers are supported

  • SMS message length: Text messages are limited to 180 characters

  • No URLs in SMS: Messages containing links are blocked and will not be delivered

  • SMS disabled for large events: SMS workflows are not sent for events with more than 100 registered attendees

  • International SMS delivery: Some phone carriers in certain countries have strict filters that may block messages

Related resources

Last updated

Was this helpful?