The Zoom Community is here!
We welcome all Zoom customers to come together on the Zoom Community to ask questions, find solutions,
and collaborate with peers. Login with your Zoom account credentials and start collaborating!

Configuring authentication profiles for meetings and webinars Follow

Authentication profiles allow hosts to restrict meeting participants and webinar attendees to signed-in users only, and even further restrict it to Zoom users whose email address match a certain domain. This can be useful if you want to restrict your participant list to verified users or users from a certain organization. Additionally, you can prevent users in specified domains from joining meetings or webinars.

Notes:

  • Authentication profiles do not apply to invited webinar panelists, who will have a unique join link and can be from outside of the specified domain(s).
  • If a participant does not have a Zoom account, they will not be able to join the meeting or webinar if this setting is enabled. 

This article covers:

Prerequisites for configuring authentication profiles

  • Pro, Business, Education, or Enterprise account
  • Zoom desktop client:
    • Windows: 5.0.0 (23168.0427) or higher
    • macOS: 5.0.0 (23161.0427) or higher
  • Zoom mobile app:
    • Android: 5.0.0 (23161.0427) or higher
    • iOS: 5.0.0 (23161.0427) or higher
  • Zoom web client
  • Account owner or admin privileges to edit account settings

Enable or disable authentication profiles

Authentication profiles must be configured at the account level. Once you have configured authentication profiles, you can disable them at the account level and enable profiles at the group or user level, if you do not want to apply it for all members of your account.

Account

To enable or disable Only authenticated users can join meetings for all users in the account:

  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation menu, click Account Management then Account Settings.
  3. Click the Meeting tab.
  4. Under Security, click the Only authenticated users can join meetings toggle to enable or disable it.
  5. If a verification dialog appears, click Enable or Disable to verify the change.
  6. (Optional) If you want to make this setting mandatory for all users in your account, click the lock icon , and then click Lock to confirm the setting.

Group

Note: If you signed up for a new Zoom account after August 21, 2021; or the New Admin Experience is enabled on your account, the Group Management page has been renamed to Groups.

To enable or disable Only authenticated users can join meetings for a group of users:

  1. Sign in to the Zoom web portal as an admin with the privilege to edit groups.
  2. In the navigation menu, click User Management then Group Management.
  3. Click the applicable group name from the list.
  4. Click the Meeting tab.
  5. Under Security, click the Only authenticated users can join meetings toggle to enable or disable it.
  6. If a verification dialog appears, click Enable or Disable to verify the change.
    Note: If the option is grayed out, it has been locked at the account level and needs to be changed at that level.
  7. (Optional) If you want to make this setting mandatory for all users in the group, click the lock icon , and then click Lock to confirm the setting.

Create an authentication profile

  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation menu, click Account Management then Account Settings.
  3. Under the Security section, verify that Only authenticated users can join meetings is enabled and then click Add Configuration.
  4. Under Select an authentication method, choose one of the following options:
    • Sign in to Zoom: Allows any user to join the meeting or webinar, as long as they are signed into their Zoom account.
    • Signed-in users in my account: Allows any signed-in user in the account to join the meeting or webinar.
    • Sign in to Zoom with specified domains: Allows you to specify the rule so that Zoom users, whose email addresses contains a certain domain, can join the meeting or webinar. You can either add multiple domains, using a comma in between and/or use a wildcard for listing domains. You can also upload a CSV file with the domains.
      Note: You can't add any domains that are on your domain block list.
    • Sign in to external Single Sign-On (SSO): Allows you to specify a rule so that users need to authenticate through a 3rd-party authentication service.
  5. Enter a name for the meeting authentication option to help users identify it.
  6. Click Save.
  7. (Optional) Click Add Configuration and repeat steps 4-6 to add more authentication options.

Allow authentication exceptions

If authentication profiles is enabled, admins can allow authentication exceptions to allow guests to bypass authentication to join meetings. For example, if a school authenticates meeting participants against their school IDP, they can create an exception to allow a guest lecturer to join the meeting.

Note: If an admin has blocked a specific domain from joining meetings or webinars, participant(s) matching the blocked domain can bypass the restriction if the host adds them as an authentication exception for the meeting or webinar.

This feature can be enabled at account or group level. Users can view the setting but not change it.

  1. Enable authentication profile at the account or group level.
  2. Under Security, select the check box next to Allow authentication exception.
  3. Select an option to determine if users who only join by telephone will be allowed to join the meeting if waiting room is disabled.
    Hosts will be able to specify authentication exceptions when scheduling a meeting.

Configure authentication profiles using external authentication

Important: For authentication profiles using Single Sign-On, this must be a separate integration that is not associated with a Zoom SSO integration already. For example:

To configure the profile using external authentication through Single Sign-on:

  1. Create a new SAML app within your SSO service provider.
  2. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  3. Enable authentication profiles at the account level.
  4. Click Add Configuration.
  5. Under Select an authentication method, select Sign in to external Single Sign-On (SSO).
  6. Enter the following information:
    • Enter a name for the meeting authentication option.
    • Sign-in page URL: Sign-in URL provided by the SSO provider
    • Identity provider certificate: X.509 certificate provided by the SSO provider
    • Issuer (IDP Entity ID):  Provided by the SSO provider
    • Binding: Select either HTTP-POST or HTTP-Redirect
    • SAML attribute mappings (optional): If you are using a different SAML value for email addresses than the standard value name, enter it here. 
  7. Click Save.
  8. Under Meeting Authentication Options, click SP metadata XML to download the SP metadata.
  9. Upload the metadata into your SAML app, or open the metadata XML file and copy the following URLs and paste them into the required fields of your SAML app:

    • entityID attribute in the md:EntityDescriptor tag
    • Location attribute in the md:AssertionConsumerService tag

The following table lists where you should paste the entityID and Location URLs.

SSO provider Field to paste entityID Field to paste Location
G Suite Entity ID ACS URL
Clever ENTITY ID ASSERTION CONSUMER SERVICE URL

Note: Some Single Sign-On providers, like Okta, require the SP metadata to be generated before retrieving the sign-in URL, IDP certificate, and Entity ID. If you are provider requires the SP metadata first, you will need to fill out the fields with fake data initially, then download the metadata. After that, edit the profile and replace the fake data with the real SSO configuration.