Configuring authentication settings and profiles

Authentication profiles allow hosts to restrict meeting participants and webinar attendees to signed-in users only and even further restrict it to Zoom users whose email addresses match a certain domain. This can be useful if you want to restrict your participant list to verified users or users from a certain organization. Additionally, you can prevent users in specified domains from joining meetings or webinars.

Notes:

This article covers:

Prerequisites for configuring authentication profiles

How to enable or disable authentication profiles

Authentication profiles must be configured at the account level. Once you have configured authentication profiles, you can disable them at the account level and enable profiles at the group or user level, if you do not want to apply it for all members of your account.

Notes:

Account

To enable or disable Only authenticated users can join meetings for all users in the account:

  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation menu, click Account Management then Account Settings.
  3. Click the Meeting tab.
  4. Under Security, click these toggles to enable or disable it:
  5. If a verification dialog appears, click Enable or Disable to verify the change.
  6. (Optional) If you want to make this setting mandatory for all users in your account, click the lock icon , and then click Lock to confirm the setting.

Groups

To enable or disable Only authenticated users can join meetings for a group of users:

  1. Sign in to the Zoom web portal as an admin with the privilege to edit groups.
  2. In the navigation menu, click User Management then Groups.
  3. Click the applicable group name from the list.
  4. Click the Meeting tab.
  5. Under Security, click these toggles to enable or disable it: 
  6. If a verification dialog appears, click Enable or Disable to verify the change.
    Note: If the option is grayed out, it has been locked at the account level and needs to be changed at that level.
  7. (Optional) If you want to make this setting mandatory for all users in the group, click the lock icon , and then click Lock to confirm the setting.

How to create an authentication profile

  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation menu, click Account Management then Account Settings.
  3. Under the Security section, verify that Only authenticated meeting participants and webinar attendees can join meetings and webinars is enabled and then click Add Configuration.
  4. Under Select an authentication method, choose one of the following options:
  5. Enter a name for the meeting authentication option to help users identify it.
  6. Click Save.
  7. (Optional) Click Add Configuration and repeat steps 4-6 to add more authentication options.

How to allow authentication exceptions

If authentication profiles is enabled, admins can allow authentication exceptions to allow guests to bypass authentication to join meetings. For example, if a school authenticates meeting participants against their school IDP, they can create an exception to allow a guest lecturer to join the meeting.

Notes:

This feature can be enabled at account or group level. Users can view the setting but not change it.

  1. Enable authentication profile at the account or group level.
  2. Under Security, select the check box next to Allow authentication exception.
  3. Select an option to determine if users who only join by telephone will be allowed to join the meeting if waiting room is disabled.
    Hosts will be able to specify authentication exceptions when scheduling a meeting.

How to configure authentication profiles using external authentication

Important: For authentication profiles using Single Sign-On, this must be a separate integration that is not associated with a Zoom SSO integration already. For example:

To configure the profile using external authentication through Single Sign-on:

  1. Create a new SAML app within your SSO service provider.
  2. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  3. Enable authentication profiles at the account level.
  4. Click Add Configuration.
  5. Under Select an authentication method, select Sign in to external Single Sign-On (SSO).
  6. Enter the following information:
  7. Click Save.
  8. Under Meeting Authentication Options, click SP metadata XML to download the SP metadata.
  9. Upload the metadata into your SAML app, or open the metadata XML file and copy the following URLs and paste them into the required fields of your SAML app:

The following table lists where you should paste the entityID and Location URLs.

SSO providerField to paste entityIDField to paste Location
G SuiteEntity IDACS URL
CleverENTITY IDASSERTION CONSUMER SERVICE URL

Note: Some Single Sign-On providers, like Okta, require the SP metadata to be generated before retrieving the sign-in URL, IDP certificate, and Entity ID. If you are provider requires the SP metadata first, you will need to fill out the fields with fake data initially, then download the metadata. After that, edit the profile and replace the fake data with the real SSO configuration.