Zoom's authentication profiles allows students under 16 years of age to join Zoom meetings safely and securely without needing to create a Zoom account, while also preventing unauthorized access from users outside of the school or school district. When using external authentication, the students do not need to be part of your Zoom account, only using a school email address.
This article covers:
- Pro, Business, Education, or Enterprise Account
- Account owner or admin privileges
- Admin privileges for your identity provider
- Zoom desktop client:
- Windows: 5.0.0 (23168.0427) or higher
- macOS: 5.0.0 (23161.0427) or higher
- Zoom mobile app:
- Android: 5.0.0 (23161.0427) or higher
- iOS: 5.0.0 (23161.0427) or higher
- Zoom web client
Configuring external authentication
After setting up the SAML configuration in your identity provider, you can add a new authentication profile in your Zoom account.
- Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
- In the navigation panel, click Account Management then Account Settings.
- Under Schedule Meeting, scroll to Only authenticated users can join meetings.
- Next to Meeting Authentication Options, click + Add Configuration.
- Type the name of the Meeting Authentication Option.
- Select an authentication method: Choose Sign in to external Single Sign-On (SSO).
- The remainder of the fields should match the configuration from your identity provider.
- Click Save.
Users on your account will now have this authentication profile as an option when scheduling a meeting, after checking Only authenticated users can join.
- (Optional) Click the toggle next to Only authenticated users can join meetings to enable this setting by default for all users on your account. If a verification dialog displays, click Turn On to verify the change,
Note: You can require this setting for all meetings on your account or for a specific group by clicking the lock icon next to the setting at the account or group level.
Configuring external authentication with GSuite
Configuring external authentication with Azure
Student login experience
When students attempt to join a Zoom meeting, they will receive a prompt that this meeting is only for authorized attendees. They can click Sign In to Join to continue.
They will then be redirected to a web browser to sign in via SSO with the school's SSO provider. After signing in, they will be joined in to the meeting with the correct name and email address.
Frequently asked questions
Will Breakout Rooms work if my students do not have Zoom accounts?
Yes, you can still use Breakout Rooms as usual. If you would like to pre-assign students to Breakout Rooms, you will need to upload a CSV file with the details .
Will my guest speakers or teacher be able to join a meeting?
Any external guests will not be able to join the meeting unless that specific party has an authorized account in your SSO Identity Provider.
How is this different from standard Zoom/SSO Authentication?
This is authenticating users upon joining a meeting and does not create a Zoom account.
Can I use the same SSO configuration as my Zoom account?
No, this must be set up as a different SAML application in your identity provider.
Can I pull a report of the students and have accurate attendance information?
Yes, all student’s names will be documented accurately with their associated email address.
Can students change their names?
If you do not want your students to change their names, you can turn off the setting Allow participants to rename themselves at the user, group, or account level. If students are allowed to change their names and do change them, it will not reflect the new names in the attendance report.
Does this require participants to have a valid Zoom account?
No, meeting participants do not need to have a valid Zoom account.