Note: As our world comes together to slow the spread of COVID-19 pandemic, the Zoom Support Center has continued to operate 24x7 globally to support you. Please see the updated Support Guidelines during these unprecedented times.

Important: Starting September 27, Zoom will require that all meetings have a Passcode or a Waiting Room enabled for accounts with a single licensed user, Pro accounts with 2 or more licenses, and Business accounts with 10-100 licenses. For further information, please see our reference our Frequently Asked Questions.



Authentication Profiles for meetings and webinars Follow

Overview

Authentication profiles allow hosts to restrict meeting participants and webinar attendees to logged-in users only and even further restrict it to Zoom users whose email address uses a certain domain. This can be useful if you want to restrict your participant list to verified users, or users from a certain organization. 

Authentication profiles do not apply to invited webinar panelists, who will have a unique join link and can be from outside of the specified domain(s). 

Note: If a participant does not have a Zoom account, they will not be able to join the meeting or webinar if this setting is enabled. 

If a participant tries to join the meeting or webinar and is not logged into Zoom, or logging in with the wrong specified email domain, they will receive one of the following messages:

  • if they are not logged into Zoom:
  • If they are logged in with the wrong email domain:

Authentication profiles initially need to be configured at the account level. Authentication profiles can only be added at the account level. Once you have configured authentication profiles, you can disable it at the account level and all at the group or user level, if you do not want to apply it for all members of your account.

This article covers:

Prerequisites

  • Pro, Business, Education, or Enterprise Account
  • Zoom Desktop Client:
    • Windows: 4.6.0 (13614.1202) or higher
    • macOS: 4.6.0 (13610.1201) or higher

Enabling authentication profiles 

Authentication profiles initially need to be enabled for all members of your account while you configure the profiles. Once the profiles are configured, you can disable at the account level if you do not want this to apply for all members of your account. 

Account

  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation panel, click Account Management then Account Settings.
  3. Under Schedule Meeting, verify that Only authenticated users can join meetings is enabled.
  4. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
  5. (Optional) If you want to make this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.

Disabling Authentication Profiles at the account level

If you do not want authentication profiles to apply for all members of your account, you can now disable this feature at the account level and follow the steps below to enable it at the group or user level.

  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation panel, click Account Management then Account Settings.
  3. Under Schedule Meeting, click the toggle to disable Only authenticated users can join meetings.

Group

To enable Only authenticated users can join meetings for a group of users

  1. Sign in to the Zoom web portal as an admin with the privilege to edit groups.
  2. In the navigation panel, click User Management then Group Management.
  3. Click the applicable group name from the list, then click the Settings tab.
  4. Under Schedule Meeting, verify that Only authenticated users can join meetings is enabled.
  5. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.

    Note: If the option is grayed out, it has been locked at the account level and needs to be changed at that level.
  6. (Optional) If you want to make this setting mandatory for all users in the group, click the lock icon, and then click Lock to confirm the setting.

User

To enable only authenticated users can join meetings for your own use:

  1. Sign in to the Zoom web portal.
  2. In the navigation panel, click Settings.
  3. Under Schedule Meeting, verify that Only authenticated users can join meetings is enabled.
  4. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
    Note: If the option is grayed out, it has been locked at either the group or account level. You need to contact your Zoom admin.

Creating an authentication profile

  1. Type the name of the Meeting Authentication Option.
    ..
  2. For Select an authentication method, choose one of the following options:
    • Sign in to Zoom: This option allows any users to join the meeting or webinar, as long as they are signed into their Zoom account.
    • Sign in to Zoom with specified domains: This option, allows you to specify the rule so that Zoom users, whose email address contains a certain domain, can join the meeting or webinar. You can either add multiple domains, using a comma in between and/or use a wildcard for listing domains. You can also upload a CSV file with the domains.
    • Sign in to Single Sign On (SSO): This option allows you to specify a rule so that users need to authenticate through a 3rd-party authentication service.
  3. Click Save.
  4. You can add more Authentication options to choose from, by clicking Add Configuration.

Configuring authentication profiles using external authentication

Important: For authentication profiles using Single Sign-On, this must be a separate integration that is not associated with a Zoom SSO integration already. For example:

To configure the profile using external authentication through Single Sign-on:

  1. Create a new SAML app within your SSO service provider.
  2. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  3. In the navigation panel, click Account Management then Account Settings.
  4. Under Schedule Meeting, verify that Only authenticated users can join meetings is enabled.
  5. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
  6. (Optional) If you want to make this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
  7. Click Add configuration.
  8. Select Sign in to external Single Sign On (SSO).
  9. Fill out the following information
    • Sign-in page URL: Sign-in URL provided by the SSO provider
    • Identity provider certificate: X.509 certificate provided by the SSO provider
    • Issuer (IDP Entity ID):  Provided by the SSO provider
    • SAML attribute mapping for email address (optional): If you are using a different SAML value for email addresses then the standard value name, enter it here. 
    • Binding: Select either HTTP-POST or HTTP-Redirect.

  10. Click Save.
  11. Click SP metadata XML to download the SP metadata.
  12. Upload the metadata into your SAML app, or open the metadata XML file and copy the following URLs and paste them into the required fields of your SAML app:

    • entityID attribute in the md:EntityDescriptor tag
    • Location attribute in the md:AssertionConsumerService tag

The following table lists where you should paste the entityID and Location URLs.

SSO provider Field to paste entityID Field to paste Location
G Suite Entity ID ACS URL
Clever ENTITY ID ASSERTION CONSUMER SERVICE URL

Note: Some Single Sign-On providers, like Okta, require the SP metadata to be generated before retrieving the sign-in URL, IDP certificate, and Entity ID. If you are provider requires the SP metadata first, you will need to fill out the fields with dummy data initially, then download the metadata. After that, edit the profile. and replace the dummy data with the real SSO configuration. 

Only allow authenticated users to join a meeting or webinar

  1. Sign in to the Zoom web portal.
  2. Schedule a meeting or webinar
  3. Under Meeting Options or Webinar Options, click Only authenticated users can join.
  4. If there are multiple Authentication Profiles configured, you can choose the authentication profile from the dropdown.