Account owners and admins can configure authentication profiles for single sign-on (SSO) for Zoom Events and Zoom Sessions hosts. The hosts can use the authentication profiles for SSO to allow a large group of users to join an event without having to register. Those users must authenticate through the identity provider (IDP), which is a separate integration that is not associated with an already existing Zoom SSO integration.

When an external single sign-on profile is selected, the event page and join link will be protected by the external authentication profile requirements. Registrants/attendees will be taken to the host's identity provider (IDP) website for authentication before accessing the event page/event lobby. Additionally, the event’s join link will also direct users to the host's IDP website for authentication instead of asking them to sign in to Zoom. Users, outside of the host’s email address list, who attempt to join the event will be denied after they pass through the authentication at the IDP. The SSO option will block users who cannot pass authentication at the host's identity provider (IDP).

Notes:

• Users do not need to have a Zoom account when joining an external authentication event.
• A pre-join page will be enabled for attendees who joined without registration.
• All external SSO authentication profiles are created by the event organizer's account owner or admin in the Zoom web portal. Event organizers must notify registrants on the external SSO list.
• Event organizers must notify registrants on the external SSO list. Every receiver uses the same link to join the event.

This article covers:

• How to create a custom IDP profile
  
  • Account
• How to enable external authentication when creating a single-session event
  • Use external SSO in Zoom Sessions
  • Enable external authentication when creating a single-session event
  • Enable external authentication for single-session Event Access
• How to enable external authentication for multiple sessions events
  • Enable external authentication when creating a multiple sessions event
  • Use the IDP option for event access

Prerequisites for enabling external authentication in Zoom Events

• Business, Enterprise, or Education account with an approved vanity URL
• Zoom Events Unlimited license or Zoom Events Pay Per Attendee license, or Zoom Sessions Unlimited license or Zoom Sessions Pay Per Attendee license

How to create a custom IDP profile

Account

1. As an account admin, create a custom app in your IDP by following the instructions for some common environments.
   Note: You can name the application Zoom Events to ensure it is clear which app this is for.
   • Okta: Instead of using the pre-built Zoom app, create a custom app.
   • Azure: Create an authentication profile for single sign-on (SSO).
   • G Suite: Instead of using the pre-built Zoom app, create a custom app.
2. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
3. In the navigation menu, click Account Management then Account Settings.
4. Under Meetings & Webinar Authentication Options, click + Add Configuration.
   A pop-up window will appear.
5. In the pop-up window, enter the required fields.
   Note: If you are configuring this specifically for Zoom Events, do not select the Set as default authentication option.
6. Click Save.

Once the configuration has been saved, the IDP option can be viewed in Zoom Events.

How to enable external authentication for Zoom Sessions events

Use external SSO in Zoom Sessions

Use external authentication for single-session events

1. Configure your IDP custom app.
2. Create a single-session event, then publish it.
3. After you publish your event, copy the group join link(s) from the Links & Event Access tab.
4. Send the group join link to attendees.
   Attendees will automatically be able to join the event.

Use external authentication for recurring sessions events

1. Configure your IDP custom app.
2. Create a recurring sessions event, then publish it.
3. After you publish your event, copy the group join link(s) from the Links & Event Access tab.
4. Send the group join link to attendees.
   Attendees will automatically be able to join the event.

Enable external authentication when creating a single-session event

1. Ensure that you or your account admin have set up an authentication option in the Zoom account.
2. Sign in to Zoom Events.
3. In the left navigation menu, click the top dropdown arrow  and select Across Hubs.
4. In the left navigation menu, click Events.
5. In the top-right corner, click Create Event.
   A Create Event pop-up window will appear.
6. In the pop-up window, under Choose an Event Type, select the Single Session or Recurring Sessions event type.
7. Under Registration & Join, create a registration link or group join link.
8. When creating those links, under Authentication Method at Join, select Authenticated via Identity Provider (external SSO).
9. Under Select IDP, use the dropdown menu to select the external authentication profile.
   Note: The dropdown menu will be blank if no external SSO authentication profile is available in the host’s account.
   Registrants/attendees will be taken to the host's identity provider (IDP) website for authentication before accessing the event page/event lobby. Additionally, the event’s join link will also direct users to the host's IDP website for authentication instead of asking them to sign in to Zoom.
10. Click Save and Continue.

Enable external authentication for single-session event access

Hosts only have 1 ticket type for single-session events; they can manage external authentication settings under the Event Access tab. 

1. Access the Links & Event Access tab in the event creation flow.
2. Create a registration link or group join link.
3. Under Authentication method at registration and join, click the dropdown menu and select the Authenticated via Identity Provider (external SSO) option. 
4. Under Select IDP, use the dropdown menu to select the external authentication profile.
   Registrants/attendees will be taken to the host's identity provider (IDP) website for authentication before accessing the event page/event lobby. Additionally, the event’s join link will also direct users to the host's IDP website for authentication instead of asking them to sign in to Zoom.
   Notes:
   • The dropdown menu will be blank if no external SSO authentication profile is available in the host’s account.
   • A pre-join page will be enabled for attendees who joined without registration.
5. (Optional) Select the Specified email addresses checkbox to specify email addresses on the target domain that the event will admit.
   • To add users to your event's invite list by email:
     Note: Only users added to the invite list can view and register for this ticket type.
     1. Click Add email address.
        An Add Users to Invite List pop-up window will appear.
     2. Under Enter email addresses, enter email addresses of the users you want to invite, then press Enter. Click X by a user’s email address to remove the user.
     3. Click Save.
     4. (Optional) Click Add to add more users by email.
     5. (Optional) Click View to view your guest list, search for guests, or delete email addresses.
6. (Optional) Select the Specified company domains checkbox. 
   
   • To add all users from a specified domain to your event’s invite list:
     1. Click Add domain.
     2. Enter a valid domain.
        Note: For example, to invite all members of the ABC company (with members having name@abc.co email addresses), add abc.co as the domain. If you have multiple domains, separate them by commas in the text box.
     3. Click Save.
     4. (Optional) Click Add to add more domains.
     5. (Optional) Click View to view your domain list, search for domains, or delete domains.
7. Click Save.

How to enable external authentication for multiple sessions events

For multi-session events, hosts must manage authentication and include specific email addresses under each type of ticket.

Enable external authentication when creating a multiple sessions event

1. Ensure that you or your account admin have set up an authentication option in the Zoom account.
2. Sign in to Zoom Events.
3. In the left navigation menu, click the top dropdown arrow  and select Across Hubs.
4. In the left navigation menu, click Events.
5. In the top-right corner, click Create Event.
   A Create Event pop-up window will appear.
6. In the pop-up window, under Choose an Event Type, select the Multiple Sessions event type.
7. Under Registration & Join, create a registration link or group join link.
8. When creating those links, under Authentication Method at Join, select Authenticated via Identity Provider (external SSO).
9. Under Select IDP, use the dropdown menu to select the external authentication profile.
   Note: The dropdown menu will be blank if no external SSO authentication profile is available in the host’s account.
   Registrants/attendees will be taken to the host's identity provider (IDP) website for authentication before accessing the event page/event lobby. Additionally, the event’s join link will also direct users to the host's IDP website for authentication instead of asking them to sign in to Zoom.
10. Click Save and Continue.

Use the IDP option for event access

1. Access the Event Access tab in the event setup flow.
2. Create a registration link or group join link.
3. Under Authentication method at registration and join, click the dropdown menu and select Authenticated via Identity Provider (external SSO).
4. Under Select IDP, use the dropdown menu to select the external authentication profile.
   Registrants/attendees will be taken to the host's identity provider (IDP) website for authentication before accessing the event page/event lobby. Additionally, the event’s join link will also direct users to the host's IDP website for authentication instead of asking them to sign in to Zoom.
   Notes:
   • • The dropdown menu will be blank if no external SSO authentication profile is available in the host’s account.
     • A pre-join page will be enabled for attendees who joined without registration.
5. Click Save.

Use external SSO in Zoom Events

1. Configure your IDP custom app.
2. Create a multiple sessions event, then publish it.
3. After you publish your event, copy the group join link(s) from the Links & Event Access tab.
4. Send the group join link(s) to attendees.
   Attendees will automatically be able to join the event.