Configuring external authentication for K-12 schools

Zoom's authentication profiles allows K-12, primary, and secondary school students to join Zoom meetings safely and securely without needing to create a Zoom account, while also preventing unauthorized access from users outside of the school or school district. 

When using external authentication, the students do not need to be part of your Zoom account, only using a school email address. 

For further information about K-12 external authentication, please refer to Frequently asked questions about external authentication for K-12 schools.

Note: If authentication profiles is enabled, admins can allow authentication exceptions to allow guests to bypass authentication to join meetings. For example, if a school authenticates meeting participants against their school IDP, they can create an exception to allow a guest lecturer to join the meeting.

This article covers:

Prerequisites for external authentication for K-12 schools

How to configure external authentication

After setting up the SAML configuration in your identity provider, you can add a new authentication profile in your Zoom account. 

  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation menu, click Account Management then Account Settings.
  3. Under Security, scroll to Only authenticated meeting participants and webinar attendees can join meetings and webinars.
  4. Next to Meeting & Webinar Authentication Options, click + Add Configuration.
  5. Type the name of the Meeting & Webinar Authentication Option.
  6. Under Select an authentication method, select Sign in to external Single Sign-On (SSO).
    The remainder of the fields should match the configuration from your identity provider. 
  7. Click Save.
    Users on your account will now have this authentication profile as an option when scheduling a meeting after enabling Only authenticated users can join
  8. (Optional) Click the Only authenticated users can join meetings toggle to enable or disable this setting by default for all users on your account.
    If a verification dialog displays, click Enable or Disable to verify the change.

Note:  If you want to make this setting mandatory for all users in your account or for a specific group, click the lock  next the setting at the account or group level, and then click Lock to confirm the setting.

Configure external authentication with Google Workspace

Configure external authentication with Azure

Student login experience

When students attempt to join a Zoom meeting, they will receive a prompt that this meeting is only for authorized attendees. They can click Sign In to Join to continue.

They will then be redirected to a web browser to sign in by SSO with the school's SSO provider. After signing in, they will be joined in to the meeting with the correct name and email address.