Viewing recordings with external single sign-on
Authentication allows hosts to restrict participants who can view a cloud recording to those who are signed in to Zoom and can even restrict it to Zoom users whose email addresses use a certain domain.
As an account admin, you can configure external single sign-on (SSO). When using external authentication, other users do not need to be part of your Zoom account, but they must be using email addresses with a verified domain. Making this change will only impact future cloud recordings with this setting. For past cloud recordings, you must enable and disable the authentication profile for the new settings to be applied.
If a viewer tries to watch the recording and does not meet the defined authentication criteria, such as not being signed in with the correct email domain or not on the account, they will receive the message that they do not have permission to view the recording.
If the host and or admin change the share settings of a cloud recording, then it will generate a new share link and the old link will continue to work.
- If authentication profiles is enabled, admins can allow authentication exceptions to allow guests to bypass authentication to view recordings. For example, if you authenticate meeting participants against their domain IDP, you can create an exception to allow external users to view recordings.
- When an admin updates authentication profiles, those changes only apply to future meetings, not scheduled meetings. If they want to apply their changes to future meetings, then the host or admin will need to enable or disable the authentication profile settings or change the authentication option if disabling is not an option.
This article covers:
- How to configure external single sign-on
- How to configure the Azure app for authentication to view recordings
- How to configure the Okta app for authentication to view recordings
Prerequisites for viewing recordings with external single sign-on
- Pro, Business, Education, or Enterprise account
- Licensed user
- Cloud recording enabled
How to configure external single sign-on
Note: Ensure that the Require users to authenticate before viewing cloud recordings option is enabled and that your cloud recording sharing settings are adjusted as desired before you configure external SSO.
For authentication profiles using single sign-on, this must be a separate integration that is not associated with a Zoom SSO integration already. For example:
- Okta: Instead of using the pre-built Zoom app, create a custom app.
Azure: Create a new Gallery application.
For more information, please visit the Support article on how to configure external SSO and how to configure the authentication profile using external authentication through single sign-on.
Note: The external configuration from the meeting setting to recording setting will auto-sync; this means it's available for your future scheduled meetings and future cloud recordings.
How to configure the Azure app for authentication to view recordings
- Sign in to Microsoft Azure.
- On the left navigation menu, select Azure Active Directory.
- In the left navigation menu, under Manage, click Enterprise applications then select All Applications.
- At the top of the page, click + New application.
You will be directed to the Browse Azure AD Gallery page.
- In the top left Search application box, enter “zoom”.
- From your search results, click the Zoom application.
A right panel will slide out.
- In the right panel, give the Zoom application a Name.
- Click Create to create the Zoom application.
- Open your newly created Zoom application.
- In the left navigation menu, under Manage, Single sign-on and set up SSO with SAML.
- Under Basic SAML Configuration, click Edit to edit the fields.
- Under User Attributes & Claims, click Edit to edit the fields.
- Click Save to save your changes.
- Assign an Azure user to this application to give them application permissions:
- In your Zoom application’s left navigation menu, click Overview.
- Click the Assign users and groups tile.
How to configure the Okta app for authentication to view recordings
Single sign-on allows you to sign in to your Zoom account using your company credentials. A connection is made between Okta, the identity provider (IDP), and Zoom, the service provider (SP), to allow users to directly connect to their Zoom accounts.
Once you configured your Okta account with Zoom, you can follow these instructions to manage users to authenticate to view recordings.
Sign in to Okta as an admin
- Sign in to Okta as an admin.
- At the top right of the page, click the Admin button to open the admin portal.
- In the top left corner of the portal, select Classic UI.
- Return to the Okta dashboard.
Add a new Zoom custom app to Okta
For more information, please visit the Support article on how to add the Zoom custom app to Okta.
Note: When you are completing the Feedback section, select the following:
- By Are you a customer or partner?, select I’m an Okta customer adding an internal app.
- By App type, select the This is an internal app that we have created check box.
- Click Finish.
Connect Zoom and Okta to allow authentication to view recordings
Zoom and Okta need to create a trusted relationship with each other to allow communication.
For more information, please visit the Support article on how to connect Zoom and Okta.
Join the 250K+ other members in the Zoom Community! Login with your Zoom account credentials and start collaborating.