Advanced Associated Domain configurations in Zoom App

This post was most recently updated on July 22nd, 2022

It is possible for you to control the ability of users to create Zoom accounts and user profiles with emails that match the domain you have approved as an Associated Domain for your account once your custom domain has been approved as an Associated Domain. If you want to restrict users from using that email domain outside of your account (both new and existing), you can do it by blocking those outside of your account from using that domain, or by forcing those users to sign on with an email address outside your account.

As part of this article, you will learn about common configurations for managing your Associated Domain, how to notify users and how this affects their performance.

There are a number of topics covered in this article, including:

  • Common configuration settings and their effects
    • Manage users with the same domain only
    • Manage users with the same domain and allow consolidation into this account
    • Manage users with the same domain, allow consolidation, and new user sign up

Prerequisites for Advanced Associated Domain configurations

  • Accounts that are intended for businesses, enterprises, or educational institutions
  • Admin or owner privileges on the account
  • Associated domains that have been approved by the Associated Domains Committee

Common configuration settings and their effects

Upon receiving an Associated Domain grant, your account will have access to three settings which help you control existing users associated with your email domain and allow users to create new profiles associated with your email domain after they have been granted an Associated Domain. As a quick recap, these settings are as follows:

  • Managing users that belong to the same domain is as simple as this: The user will be prompted to change the email address the user uses to create the Zoom account if they attempt to create an account with an email address at this domain. Your domain will require users that are not members of your account and do not use your email address to change their email address.
  • You should be able to consolidate users who have the same domain into this account in the following ways: Those who already have an account will be prompted to consolidate it into the managing account or to change their login to use a different email address as part of this process. There will be a time limit of three attempts before they will be forced to choose between three different options to sign into their account.
  • Allow users with the same domain to sign up for Zoom: An email address associated with the domain associated with the Zoom account can be used to sign up for an account through Zoom. It would be possible for a user to sign up using the domain name associated with the domain, for example, if the domain is mydomain.com. There will be an email sent to these users informing them that their account needs to be activated. The next page that they will see after signing in will ask them if they would like to consolidate their accounts or change their email addresses after signing in. The option to manage users with the same domain is disabled by default and you must enable it to enable this setting.
  • Note: To give users with the same domain the option of consolidating their accounts, the Allow users with the same domain to consolidate into this account setting must be enabled in order for this to work. When you force users to use SSO in order to sign in, this setting cannot be enabled.

A user is able to do a variety of things when he/she configures the three settings that are available with an approved associated domain, but each combination has a different affect on how users use accounts created with your domain and the activities that they can perform with them. The following are a few examples and their effects as you can see in the table below:

Manage users with the same domain only

Upon enabling the first option, Manage users with the same domain, you will be able to do the following:

  • At the next sign-in, existing users will receive a prompt to change their email address for their profile, if they have not already done so.
  • When users create a new account with a domain-related email address, Zoom will send them an email letting them know that they must contact their organization’s Zoom admin in order to obtain a Zoom account, or it will prompt them to use a different email address. There is no information provided about the account.

Manage users with the same domain and allow consolidation into this account

The following are the results if you just select the first two options, Manage users with the same domain, and Allow users with the same domain to consolidate into this account, if you do that:

  • If an existing user wishes to join the account that manages this domain or to change their email address, they will be prompted for up to four times at their next sign-in. After three skips, they will be forced to make a decision, or they can choose to temporarily skip this decision.
  • If a new profile is created by a user with an email address in your domain, Zoom will send them an email to inform them that they need to contact their organization’s Zoom admin for a Zoom account, or if they wish to use an alternative email address, they need to contact their organization’s Zoom admin. There is no information provided regarding the account of the user.

Manage users with the same domain, allow consolidation, and new user sign up

There is a possibility that if you enable the full set of options, Manage users with the same domain, Allow users with the same domain to consolidate into this account, and Allow users with the same domain to sign up for Zoom, then the following scenarios could result:

  • A Zoom admin can view how many users exist outside your account (although names or email addresses are not directly visible) and can have Zoom send you an email offering to consolidate or change your email address to those users who already exist outside your account.
  • When a user uses their existing account to sign in to a new domain, they will be prompted up to 4 times to either join or change their email address on the account that manages this domain. As a temporary option, they can choose to skip this decision, but if they skip the decision more than three times, they will have to make a decision.
  • It is possible for users who create a new profile with an email address in your domain to complete the profile, but they will be required to consolidate their account as soon as they complete it.