Admins have the ability to configure certain authentication and security settings on accounts in order to ensure that users are properly authenticated. As part of these options, you will be able to set password restrictions, restrict the sign-in methods, and control the other settings associated with your user profile.
Note: Meeting security settings can also be changed by admins.
This article covers:
- How to access the security settings
- Sign-in methods
Prerequisites for changing account security settings
- You can choose from Pro, Business, Education, or Enterprise accounts
- A user with security privileges, an account owner, or an administrator
How to access the security settings
- Log in as an administrator to the Zoom web portal
- And click Advanced, followed by Security.
The following settings can be customized:
- Basic Password Requirement:
- You must have a password that meets these requirements in order to access Zoom. It is not possible to change these settings and they only apply to Zoom passwords. You will still use the password requirements set by the other authentication methods.
- Enhanced Password Rules:
- These rules enforce additional requirements for passwords, such as:
- Have a minimum password length:
- Minimum password length is 8 characters. Maximum password length is 14 characters.
- Have at least 1 special character (!, @, #…):
- The password must contain a special character.
- Cannot contain consecutive characters (e.g. “11111”, “12345”, “abcde”, or “qwert”):
- Numbers or letters consecutively, whether alphabetical or keyed in, cannot be included in the password.
- Use enhanced weak password detection:
- If a user’s password is weak, they will be notified.
- Password Policy
- New users need to change their passwords upon first sign-in:
- Upon first sign-in, each user will have to create a new password.
- Password expires automatically and needs to be changed after the specified number of days:
- This feature allows you to set an expiration date on passwords, so that users will be forced to create a new password once it has expired. You are able to set it for 30, 60, 90, or 120 days. Approximately 3 days before the upcoming password expiration, users will receive an email reminding them each day. It is notified to the user when their password expires upon logging in to the web application or the client, and they are directed to the web portal in order to change their password.
- Users cannot reuse any password used the previous number of times:
- This feature prevents users from reusing passwords that have already been used within a set number of passwords. Between 3 and 12 passwords can be created previously.
- Users can change their password a maximum number of times every 24 hours:
- It limits the number of password changes a user can make within 24 hours. Between 3 and 8 password changes can be made per day.
- Only account admins can change Licensed users’ Personal Meeting ID and Personal Link Name:
- Only allows you to change PMIs and personal links for licensed users.
- Allow importing of photos from the photo library on the user’s device:
- The ability to upload photos from a mobile device for a user’s profile picture is available for administrators to enable or disable.
- Hide billing information from administrators:
- Locks out Admin access to the Billing section of the account and overrides the Billing Role Management options for the default Admin role.
- As long as they have Billing privileges in their Role, the Owner and any other user can still access the Billing section.
- Session duration:
- Disable session timeouts. Valid for Zoom passwords only.
- Users need to sign in again after a period of inactivity:
- After a set amount of time, users in the Web portal and/or Desktop client are automatically logged out:
- It is possible to preset a 10-120 minute range for Web Portal.
- You can preset a duration between 5 and 120 minutes for the Zoom Client.
- User need to input Host Key to claim host role with the length of:
- This function allows you to specify the length of the host key, which is set in a range from 6 to 10 digits.
- Sign in with Two-Factor Authentication:
- Users will be able to sign in using two-factor authentication.
- Allow users to sign in with work email:
- Using an email address and password will allow users to sign in.
- Allow users to sign in with Single Sign-On (SSO):
- Through your company’s vanity URL, users can sign in using SSO
You can also force users to use SSO after enabling this setting if your account is associated with an Associated Domain and the user is signing in with the Associated Domain set up on your account. By clicking Select Domains you will be able to pick the domains from which you wish to enforce SSO sign-in and select users who can bypass SSO sign-in to use work email accounts and passwords instead.
- Users in that domain cannot use work email sign-in methods after forcing SSO sign-in for specific domains. Before enforcing SSO sign-in, please create a work email login type if you need to make exceptions for certain users.
- Allow users to sign in with Google:
- Your users will be able to use the Google login option.
If you have enabled the Associated Domain setting on your account and the users are signing in with that domain, you can also force them to sign in with Google after enabling this setting. Select the domains from which you want to force Google users to sign in.
- Allow users to sign in with Facebook:
- If enabled, users can log in using their Facebook accounts.
- Allow users to sign in with Apple ID:
- On iOS apps (version 5.1.1 and up), let users sign in with Apple ID.
- Show disclaimer when users sign in to Zoom:
- You can customize a disclaimer that appears when users sign into Zoom for the first time, every time, or at a specific interval.