Getting started with associated domains
Associated domains uses your organization’s email address domain (such as @zoom.us) to add or auto-create users whose email addresses match that domain. Once your associated domain has been verified, you can enable a setting to prompt all new and existing users with the specified domain to join your account when they sign in to Zoom. Adding an associated domain also allows you to force single sign-on login methods as well.
Once your associated domain has been approved, you can learn more about advanced Associated Domains configurations and their effect on users.
This article covers:
Prerequisites for associated domains
- Business, Enterprise, or Education account
- Account owner or admin privileges
- A custom domain owned by your organization
Note: Some domains, such as @gmail.com and @outlook.com, cannot be used.
How to add a custom domain to your account
To add a custom domain to your account:
- Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
- In the navigation menu, click Account Management then Account Profile.
- Click the Account Profile tab.
- Under Associated Domains, click + Add Other Domains.
- In the Add Associated Domains dialog box, type the name of one or more domains (separated by a comma), then click Add Domains.
- Under Associated Domains, click Verify next to the domain name you just added.
- Select one of the verification methods from the Verify your domain dialog box, then click Next.
- Follow the instructions on the next page that appears.
This page is different for each of the verification methods:
- Add TXT Record* to your domain
- Upload an HTML file to your domain
- Add a <meta> tag to your domain’s homepage
- Request manual approval by submitting a request to Zoom Support
- Click the check box that states that you have added or uploaded the appropriate information, then click Verify Domain.
The (Verifying) label displays next to the domain, indicating that verification is in process. This label remains there until the domain is actually verified, at which point the domain shows the label (Verified). Depending on the method, verification might take an hour or it could take several days.
If the verification does not occur in the expected timeframe, you can click View Verification Details. This shows the verification steps for your verification method, allowing you to retry the steps in case they were not completed correctly. If you retry the steps, click Verify Again to complete the process.
*Note: Once the domain is verified by Zoom, this TXT Record does not need to remain.
How to manage associated domains and accounts
Once you've added and verified your domain, you can choose to manage accounts at the same domain and allow users with the same domain to consolidate into your account.
Note: When a user receives a notification to join the account, they will have an option to skip joining the account; however, they can only skip twice. When they are notified 3 times, they will be forced to join the account or create a new account. If they attempt to skip a third time, their account will lock.
To manage associated domains and accounts:
- Sign in to the Zoom web portal.
- In the navigation panel, click Account Management then Account Profile.
- Click the Account Profile tab.
- Under Associated Domains, you can view the domains associated with your account and select the options' check boxes that you want to enable.
- Manage users with the same domain: Anyone who attempts to create a Zoom account with an email address at this domain will be prompted to use a different email address. Existing users with this domain that are not members of your account will be required to change their email addresses.
- Allow users with the same domain to consolidate into this account: Existing users will be prompted to consolidate into the managing account or change their login to use a different email address. They will be able to sign in to their account up to 3 times before they are forced to choose.
- Allow users with the same domain to sign up for Zoom: Users can sign up for a Zoom account using an email address with the associated domain. For example, if the associated domain is mydomain.com, they can sign up using name@mydomain.com. These users will receive an email to activate their account. After signing in, they will be prompted to consolidate into the managing account or change their email address. This setting is disabled by default and requires the Manage users with the same domain option to be enabled.
Note: To give users the option to consolidate, the Allow users with the same domain to consolidate into this account setting must be enabled. This setting can't be enabled if you force users to sign in with SSO.
- Click Save.
When configured, the User Summary will be displayed. - (Optional) If any existing Zoom users exist with this domain, click View User Summary then Send an Email to notify these users of the domain changes.
Note: Sending an email to all Zoom users within your domain (but not on your account) sends one email to all affected users. Clicking this option and sending the email can be done only once every 24-hours.
For more information about these configurations, how they affect users, and how users are notified, please refer to the advanced Associated Domains configuration article.
How to view existing associated domains
To view existing associated domains:
- Sign in to the Zoom web portal.
- In the navigation panel, click Account Management then Account Profile.
- Click the Account Profile tab.
- Under Associated Domains, you can view the domains associated with your account and their verification status.
- If they are verified, you can click View Users Summary to see how many matching users are in your account and how many are not on your account.
- If they are not verified, you can verify or delete the domain.
Note: If the associated domain is a verified domain, the account owner or admin must contact Zoom Support to have it removed.
How to require single sign-on login with associated domains
Once an associated domain has been verified, you can force SSO login with this domain.
Note: Manage users with the same domain must be enabled to use this feature.
- Sign in to the Zoom web portal.
- In the navigation menu, click Advanced then Security.
- Under Sign-in Methods, click the Allow users to sign in with Single Sign-On (SSO) toggle to enable or disable it.
- Select the Require users to sign in with SSO if their e-mail address belongs to one of the domains below check box.
- Click Select Domains.
- Select the check boxes of the domains you would like to require to sign in with SSO.
- (Best practice) If you have specific users who need to bypass SSO and log in with an email address and password, under Specify users who can bypass SSO sign-in, click + Add Users. Enter their email addresses, separated by a comma.
Note: An additional sign-in method must remain enabled, such as work email, otherwise all users (including admins) can be locked out of their accounts. Learn more about enabling or restricting sign-in methods as an admin. - Click Save.
Note:
- Newly created SSO users who do not match an approved associated domain on your account will be sent an email to verify their email address.
- The number of users that can bypass SSO sign-in is limited to 1000 users.