Configuring external authentication for K-12 schools in Zoom App

This post was most recently updated on July 28th, 2022

Zoom authentication profiles are used to allow students under 16 years of age to join Zoom meetings safely and securely without needing to create a Zoom account, allowing them to participate in meetings without ever creating a Zoom account themselves and prevent unauthorized participation from outside the school.

Students do not need to be logged into your Zoom account in order to use external authentication, they only need to make use of their school email address.

Frequently asked questions about external authentication for K-12 schools can be found at Frequently Accessed Questions About External Authentication for K-12 Schools.


Admins can authorize authentication exceptions with authentication profiles in order for guests to bypass authentication and join meetings without having to authenticate. An example is if, a school authenticates the participants in a meeting against their school IDP, then there is a possibility of creating an exception that will allow a guest lecturer to attend that meeting.

Authentication requirements for K-12 schools seeking external authentication

  • Account type: Pro, Business, Education, or Enterprise
  • You have the right to be the owner or administrator of the account
  • account
  • account, where you have admin rights for your identity provider
  • for the Zoom desktop client:
    • Windows: 5.0.0 (23168.0427) or higher
    • macOS: 5.0.0 (23161.0427) or higher
  • for the Zoom mobile app:
    • Android: 5.0.0 (23161.0427) or higher
    • iOS: 5.0.0 (23161.0427) or higher
  • for the Zoom web client

What are the steps for configuring external authentication

You can create a new authentication profile in your Zoom account once the SAML configuration has been set up with your identity provider.

  1. If you are already a Zoom admin, you will be able to edit your account settings by logging into the Zoom web portal.
  2. Go to the account management tab, then account settings, and you will see the option.
  3. On the meeting schedule page, scroll down until you see Only authenticated users can attend meetings.
  4. Click the +Add Authentication Configuration button next to Meeting Authentication Options.
  5. You will then be prompted to enter a name for the Meeting Authentication option.
  6. Select Sign in to external single sign-on (SSO) by choosing its checkbox under Select an authentication method.
    After selecting Sign in to external single sign-on (SSO), the remaining fields should match those of your identity provider.
  7. Click Save.
    As a result of enabling the Only authenticated users can join setting on your account, users will now have the ability to schedule a meeting using this authentication profile.
  8. It is possible to enable or disable the Only authenticated users can join meetings toggle for each user on your account depending on whether you want this setting enabled or disabled by default.
    Click Enable or Disable on the verification dialog box if one appears to confirm the change has been made.


Click the Lock next to the setting at the account or group level and click Lock to confirm the choice. If you want to make this setting mandatory for all users in your account or for a specific group, please click the Lock next to the setting.

Configuring external authentication with G Suite