The account security settings allow admins to configure certain authentication and settings for users on the account. These options include password restrictions, restricting sign-in methods, as well as other user profile settings.
Note: Admins can also change security settings related to meetings.
- Pro, Business, Education, or Enterprise account
- Account owner, admin, or user with a role that has security privileges
Accessing the security settings
- Sign in to the Zoom web portal as an Admin
- In the navigation menu, click Advanced then Security.
You can configure the following settings:
- Basic Password Requirement: These are the password requirements for a Zoom login password. These settings can not be changed and only affect Zoom specific passwords, all other authentication methods will still use their own password requirements.
- Enhanced Password Rules: Allow you to force extra requirements for your users’ passwords including:
- Have a minimum password length: The password length can be increased from a minimum of 8 characters, up to 14 characters.
- Have at least 1 special character (!, @, #...): Requires a special character in the password.
- Cannot contain consecutive characters (e.g. "11111", "12345", "abcde", or "qwert"): The password cannot include consecutive numbers or letters, either alphabetically or on the keyboard.
- Use enhanced weak password detection: Users will be notified if their password is weak.
- Password Policy
- New users need to change their passwords upon first sign-in: Users will be required to set their own password when they first sign in.
- Password expires automatically and needs to be changed after the specified number of days: Allows you to set an expiration date on passwords, forcing users to create a new password when it expires. This can be set for 30, 60, 90, or 120 days. Users will be reminded by email each day starting 3 days before the upcoming password expiration. When the password expires, they are notified when logging in on web or client and directed to the web portal to change their password.
- Users cannot reuse any password used in the previous number of times: Forces users to not reuse an older password that has been used within the set number of passwords created previously. This number can range from 3-12 previous passwords created.
- Users can change their password a maximum number of times every 24 hours: Locks how many times a user can change their password in a 24 hour period. It can be set from 3 to 8 times.
- Only account admin can change Licensed users' Personal Meeting ID and Personal Link Name: Only allow you to change Licensed users' PMI and personal link name.
- Allow importing of photos from the photo library on the user's device: Allows you to enable or disable the ability for users to upload photos from their mobile device for their profile picture.
- Hide billing information from administrators: Overrides the Billing Role Management options set for the default Admin role, and locks out Admin access to the Billing section of the account.
Note: The Owner, and any other user with Billing privileges in their Role can still access the Billing section.
- Session duration: Enforce automatic sign-out after a specified time. Only applicable to Zoom specific passwords.
- Users need to sign in again after a period of inactivity: Forces automatic logout of users in the Web portal and/or Desktop client after a set amount of time:
- Web Portal can be set for a preset range of 10 to 120 minutes.
- Zoom Client can be set for a preset range of 5 to 120 minutes.
- User need to input Host Key to claim host role with the length of: Allows the setting of the required length of the host key, can be set within the range of 6-10 digits.
- Sign in with Two-Factor Authentication: Enable two-factor authentication for users.
- Allow users to sign in with work email: This will allow users to sign in with an email address and password.
- Allow users to sign in with Single Sign-On (SSO): This will allow users to sign in with SSO through your company's vanity URL
(Optional) After enabling this setting, you can also force users to use SSO if you have an Associated Domain on your account and they are signing in with that specified domain. Click Select Domains to set which domains must sign in with SSO and specify users who can bypass SSO sign-in to use a work email and password sign in.
Note: After forcing SSO sign-in for specific domains, work email sign-in methods cannot be created for users in that domain. If needing to create exceptions for certain users, please create the work email login type before enforcing SSO sign-in.
- Allow users to sign in with Google: This will allow users to sign in with Google login method.
(Optional) After enabling this setting, you can also force users to sign in via Google if you have an Associated Domain enabled on your account and they are signing in with that specified domain. Click Select Domains to set which domains must sign in with Google.
- Allow users to sign in with Facebook: This will allow users to sign in using the Facebook login method.
- Allow users to sign in with Apple ID: Allow users to sign in with Apple ID on the iOS app (version 5.1.1 or higher).
- Show disclaimer when users sign in to Zoom: Configure a custom disclaimer when users sign in to Zoom, either the first time, every time, or on a particular interval.