Note: As our world comes together to slow the spread of COVID-19 pandemic, the Zoom Support Center has continued to operate 24x7 globally to support you. Please see the updated Support Guidelines during these unprecedented times.



Advanced security settings Follow

Overview

The Security section allows owners and admins to setup certain authentication and settings for users on the account. These options include password restrictions, restricting sign-in methods, as well as other user profile settings.

Note: For security settings related to meeting passwords, you can change account settings.

This article goes over:

Prerequisites

  • Pro, Business, Education, or Enterprise account
  • Account owner, admin, or user with a role that has security privileges

Accessing security settings

To Access the Security Features:

  1. Sign in to the Zoom web portal.
  2. In the navigation menu, click Advanced then Security.

Security settings

Authentication

  • Basic Password Requirement: These are the password requirements for a Zoom login password. These settings can not be changed and only affect Zoom specific passwords, all other authentication methods will still use their own password requirements.
  • Enhanced Password Rules: Allow you to force extra requirements for your users’ passwords including:
    • Have a minimum password length: The password length can be increased from a minimum of 8 characters, up to 14 characters.
    • Have at least 1 special character (!, @, #...): Requires a special character in the password.
  • Password expires automatically and needs to be changed after the specified number of days: Allows you to set an expiration date on passwords, forcing users to create a new password when it expires. This can be set for 30, 60, 90, or 120 days.
  • Users cannot reuse any password used in the previous number of times: Forces users to not reuse an older password that has been used within the set number of passwords created previously. This number can range from 3-12  previous passwords created.
  • Users can change their password a maximum number of times every 24 hours: Locks how many times a user can change their password in a 24 hour period. It can be set from 3 to 8 times.

Security 

  • Only account admin can change users' name, profile picture, sign-in email, and host key: Select the check boxes to only allow you to change users' names, profile picture, sign-in email, and host key.
  • Only account admin can change Licensed users' Personal Meeting ID and Personal Link Name: Only allow you to change Licensed users' PMI and personal link name.
  • Allow importing of photos from the photo library on the user's device: Allows you to enable or disable the ability for users to upload photos from their mobile device for their profile picture. 
  • Hide billing information from administrators: Overrides the Billing Role Management options set for the default Admin role, and locks out Admin access to the Billing section of the account.
    Note: The Owner, and any other user with Billing privileges in their Role can still access the Billing section.
  • Users need to sign in again after a period of inactivity: Forces automatic logout of users in the Web portal and/or Desktop client after a set amount of time:
    • Web Portal can be set for a preset range of 10 to 120 minutes.
    • Zoom Client can be set for a preset range of 5 to 120 minutes.
  • User need to input Host Key to claim host role with the length of: Allows the setting of the required length of the host key, can be set within the range of 6-10 digits.
  • Use 2-step verification with Google Authenticator: Enable two-factor authentication for users.

Sign-in methods

  • Allow users to sign in with work email: This will allow users to sign in with an email address and password. 
  • Allow users to sign in with Single Sign-On (SSO): This will allow users to sign in with SSO through your company's vanity URL.
  • Note: If you have a Managed Domain enabled on your account, you can also force users to use SSO if they are signing in with that specified domain.
  • Allow users to sign in with Google: This will allow users to sign in with Google login method.
    Note: If you have a Managed Domain enabled on your account, you can also force users to sign in via Google if they are signing in with that specified domain.
  • Allow users to sign in with Facebook: This will allow users to sign in using the Facebook login method.
  • Allow users to sign in with Apple ID: Allow users to sign in with Apple ID on the iOS app (version 5.1.1 or higher).