Zoom's authentication profiles allows students under 16 years of age to join Zoom meetings safely and securely without needing to create a Zoom account, while also preventing unauthorized access from users outside of the school or school district.
When using external authentication, the students do not need to be part of your Zoom account, only using a school email address.
For further information about K-12 external authentication, please refer to Frequently asked questions about external authentication for K-12 schools.
Note: If authentication profiles is enabled, admins can allow authentication exceptions to allow guests to bypass authentication to join meetings. For example, if a school authenticates meeting participants against their school IDP, they can create an exception to allow a guest lecturer to join the meeting.
This article covers:
- How to configure external authentication
- Student login experience
Prerequisites for external authentication for K-12 schools
- Pro, Business, Education, or Enterprise Account
- Account owner or admin privileges
- Admin privileges for your identity provider
- Zoom desktop client:
- Windows: 5.0.0 (23168.0427) or higher
- macOS: 5.0.0 (23161.0427) or higher
- Zoom mobile app:
- Android: 5.0.0 (23161.0427) or higher
- iOS: 5.0.0 (23161.0427) or higher
- Zoom web client
How to configure external authentication
After setting up the SAML configuration in your identity provider, you can add a new authentication profile in your Zoom account.
- Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
- In the navigation menu, click Account Management then Account Settings.
- Under Schedule Meeting, scroll to Only authenticated users can join meetings.
- Next to Meeting Authentication Options, click + Add Configuration.
- Type the name of the Meeting Authentication Option.
- Under Select an authentication method, select Sign in to external Single Sign-On (SSO).
The remainder of the fields should match the configuration from your identity provider.
- Click Save.
Users on your account will now have this authentication profile as an option when scheduling a meeting after enabling Only authenticated users can join.
- (Optional) Click the Only authenticated users can join meetings toggle to enable or disable this setting by default for all users on your account.
If a verification dialog displays, click Enable or Disable to verify the change.
Note: If you want to make this setting mandatory for all users in your account or for a specific group, click the lock next the setting at the account or group level, and then click Lock to confirm the setting.
Configure external authentication with GSuite
Configure external authentication with Azure
Student login experience
When students attempt to join a Zoom meeting, they will receive a prompt that this meeting is only for authorized attendees. They can click Sign In to Join to continue.
They will then be redirected to a web browser to sign in by SSO with the school's SSO provider. After signing in, they will be joined in to the meeting with the correct name and email address.