Changing account security settings

The account security settings allow admins to configure certain authentication and settings for users on the account. These options include password restrictions, restricting sign-in methods, as well as other user profile settings.

Note: Admins can also change security settings related to meetings.

This article covers:

• How to access the security settings for an account
  
  • Authentication section
  • Security section
  • Sign-in Methods section

Prerequisites for changing account security settings

• Pro, Business, Education, or Enterprise account
• Account owner, admin, or user with a role that has security privileges

How to access the security settings for an account

1. Sign in to the Zoom web portal as an account owner or admin. 
2. In the navigation menu, click Advanced then Security.
   Settings are available in the following sections:
   • Authentication
   • Security
   • Sign-in Methods

Authentication section

• Basic Password Requirement: These are the password requirements for a Zoom login password. These settings can not be changed and only affect Zoom specific passwords, all other authentication methods will still use their own password requirements.
• Enhanced Password Requirement: Allow you to force extra requirements for your users’ passwords including:
  • Have a minimum password length: The password length can be increased from a minimum of 8 characters, up to 14 characters.
  • Have at least 1 special character (!, @, #...): Requires a special character in the password.
  • Use enhanced weak password detection: Users will be notified if their password is weak. 
• Password Policy
  • New users need to change their passwords upon first sign-in: Users will be required to set their own password when they first sign in. 
  • Password expires automatically and needs to be changed after the specified number of days: Allows you to set an expiration date on passwords, forcing users to create a new password when it expires. This can be set for 30, 60, 90, or 120 days. Users will be reminded by email each day starting 3 days before the upcoming password expiration. When the password expires, they are notified when logging in on web or client and directed to the web portal to change their password.  
  • Users cannot reuse any password used in the previous number of times: Forces users to not reuse an older password that has been used within the set number of passwords created previously. This number can range from 3-12  previous passwords created.
  • Users can change their password a maximum number of times every 24 hours: Locks how many times a user can change their password in a 24 hour period. It can be set from 3 to 8 times.

Security section

• Only account admin can change users' name, profile picture, sign-in email, and host key: Prevents anyone other than admins from changing users' names, profile pictures, sign-in emails, and host keys. This feature is only available to Business, Education, or Enterprise accounts.
  Note: Display name is not included in this section
• Only account admin can change Licensed users' Personal Meeting ID and Personal Link Name: Only allow you to change Licensed users' PMI and personal link name.
• Prevent users from changing their Personal Meeting ID and Personal Link Name: If turned on, only account admins and users granted permission to edit other users can change licensed users' Personal Meeting IDs and Personal Link Names.
• Allow importing of photos from the photo library on the user's device: Allows you to enable or disable the ability for users to upload photos from their mobile device for their profile picture. 
• Hide billing information from administrators: Overrides the Billing Role Management options set for the default admin role, and locks out admin access to the Billing section of the account.
  Note: The owner, and any other user with Billing privileges in their role can still access the Billing section.
• Automatically sign users out after a specified time: Enforce automatic sign-out after a specified time. Only applicable to Zoom specific passwords. 
• Users need to sign in again after a period of inactivity: Forces automatic logout of users in the web portal and/or Zoom app after a set amount of time:
  • Web portal can be set for a preset range of 10 to 120 minutes.
  • Zoom client can be set for a preset range of 5 to 120 minutes.
    Note: This is not supported on the Android version of the mobile app due to technical limitations. 
• User need to input Host Key to claim host role with the length of: Allows the setting of the required length of the host key, can be set within the range of 6-10 digits.
• Sign in with Two-Factor Authentication: Enable two-factor authentication for users.
• One-Time Passcode Authentication: Enable or disable a one-time passcode (OTP) requirement for all users on the account. When enabled, users must input a verification code received in the email inbox associated with their Zoom account or from a push notification on their device when Zoom detects a suspicious login.
  Note: If you have Sign in with Two-Factor Authentication enabled, you may have to disable it to enable the One-Time Passcode Authentication setting.
• Hide Push Notification Content: Hide sensitive content, such as chat content or the name of an upcoming meeting, from being displayed in push notifications on iOS and Android devices. Enabling this setting will display generic notifications on the lock screen, for example:
  • Setting enabled: “Sophia sent you a message.”
  • Setting disabled: “Sophia: Hello. Are those reports ready?”

Sign-in Methods section

• Allow users to sign in with work email: This will allow users to sign in with an email address and password. 
• Allow users to sign in with Single Sign-On (SSO): This will allow users to sign in with SSO through your company's vanity URL.
  
  • (Optional) After enabling this setting, you can also force users to use SSO if you have an associated domain on your account and they are signing in from that specified domain. Click Select Domains to set which domains must sign in with SSO and specify users who can bypass SSO sign-in to use a work email and password sign in. 
    Note:
    • To enable Specify users who can bypass SSO option, enable Manage users with the same domain under Associated Domains. Learn more how to manage your associated domains.
    • After forcing SSO sign-in for specific domains, work email sign-in methods cannot be created for users in that domain. If needing to create exceptions for certain users, create the work email login type before enforcing SSO sign-in. 
• Allow users to sign in with Google: This will allow users to sign in with Google login method.
  
  • (Optional) After enabling this setting, you can also force users to sign in via Google if you have an associated domain enabled on your account and they are signing in from that specified domain. Click Select Domains to set which domains must sign in with Google.
• Allow users to sign in with Facebook: This will allow users to sign in using the Facebook login method.
• Allow users to sign in with Apple ID: This will allow users to sign in with Apple ID on the Zoom desktop client and mobile apps.
• Automatically sign in to Outlook add-in with Single Sign-On (SSO) credentials: Learn more about enabling auto-login for the Outlook add-in.
• Show disclaimer when users sign in to Zoom: Configure a custom disclaimer when users sign in to Zoom, either the first time, every time, or on a particular interval.