How to change account security settings in Zoom App

Admins can configure certain account security settings, such as authentication, and the setting of certain user permissions for users to have access to the account. As part of these options, you can restrict the use of passwords, restrict the ways in which users can log in, and customize other user preferences.

Note:

In addition, admins can modify the security settings for meetings if they wish.

Prerequisites for changing account security settings

  • The following accounts are available: Pro, Business, Education, or Enterprise
  • The owner of the account, the admin, or a role with a security privilege if you belong to one of them

How to access the security settings for an account

  1. As an account owner or administrator, you should log in to the Zoom web portal.
  2. Click on Advanced then click Security in the navigation menu.
    There are a number of settings you can choose from:

Authentication section

  • Basic Password Requirement:
  • This is the information that a Zoom login password must meet in order to gain access. In addition to these settings, all other authentication methods will continue to require their own password requirements, as these settings cannot be changed and only affect Zoom passwords.
  • Enhanced Password Requirement:
  • Make your users’ passwords more secure by adding requirements such as:
    • Have a minimum password length:
    • A user can choose a password length of 8 characters or more, up to a maximum of 14 characters.
    • Have at least 1 special character (!, @, #…):
    • Password must include at least one special character.
    • Cannot contain consecutive characters (e.g. “11111”, “12345”, “abcde”, or “qwert”):
    • It is forbidden to use consecutive numbers or letters, whether on a keyboard or alphabetically in the password.
    • Use enhanced weak password detection:
    • Passwords that are weak will be flagged.
  • Password Policy
    • New users need to change their passwords upon first sign-in:
    • Upon first signing in, it is necessary for each user to enter their own password.
    • Password expires automatically and needs to be changed after the specified number of days:
    • It allows you to set a date at which the passwords are to expire, so that when the passwords expire, users are forced to create new passwords. It is possible to set the expiration date for 30, 60, 90, or 120 days beforehand. In the three days leading up to the expiration of the password, users will be reminded by email every day. Clients and web users are notified when their password expires when logging in and directed to the web portal for password changes.
    • Users cannot reuse any password used the previous number of times:
    • Allows users to not reuse previously used passwords as long as they have not exceeded their set number of passwords that have been created earlier. It is possible for a user to have between three and twelve passwords previously created.
    • Users can change their password a maximum number of times every 24 hours:
    • This feature restricts the number of password changes that can be done within a 24 hour period. It has a range of 3 to 8 changes per 24 hours.

Security section

  • Only account admins can change users’ names, profile picture, sign-in email, and host key:
  • This prevents anyone but administrators from changing a user’s name, profile picture, sign-in email, or host key. Enterprise accounts only have access to this feature.
  • Only account admins can change Licensed users’ Personal Meeting ID and Personal Link Name:
  • The PMI and personal link names of licensed users can only be changed.
  • Allow importing of photos from the photo library on the user’s device:
  • You can enable or disable this feature so that users cannot upload a photo for their profile picture from their mobile devices.
  • Hide billing information from administrators:
  • Billing Role Management overrides the configuration options for the default Admin role and locks out the ability of the Admin role to access the Billing area.
    Note:
  • Billing can still be accessed by the Owner, and by any other user who has Billing privileges available according to their role.
  • Session duration:
  • Signout automatically after a predetermined amount of time. Valid only for Zoom passwords.
  • Users need to sign in again after a period of inactivity:
  • Allows users to automatically log out of the Zoom app or web portal after a set period of time:
    • It is possible to set the duration of the web portal between 10 and 120 minutes.
    • You can set the Zoom client for a preset period of 5 to 120 minutes.
      Note:
    • There are technical limitations on the Android version of the mobile app that prevent this from working.
  • User need to input Host Key to claim host role with the length of:
  • It is a setting that allows you to configure the length required for your host key. It will be set between 6 and 10 digits.
  • Sign in with Two-Factor Authentication:
  • Ensure that users can sign in with both a device and a password.
  • Hide Push Notification Content:
  • The option to hide sensitive content from appearing in push notifications on iOS and Android devices may help you to protect such information as chat content or the name of an upcoming meeting. As a result of enabling this setting on the lock screen, generic notifications will be displayed. For example:
    • Setting enabled: “Sophia emailed you.”
    • Setting disabled: “Hello, Sophia.” Have you received those reports yet?”

Sign-in Methods section

  • Allow users to sign in with work email:
  • They can use their email addresses and passwords to sign in.
  • Allow users to sign in with Single Sign-On (SSO):
  • SSO will be enabled through a vanity URL that is unique to your company
    • The option to force users to use SSO when they sign in with their Associated Domain is available if you enable this setting after adding the associated domain to your account. Set which domains must use SSO and which users should be able to sign in using work emails and passwords without utilizing SSO.
      Note:
    • Users in those domains cannot create work email sign-in methods once SSO has been forced for their domain. Before enforcing SSO sign-in, please create the work email login type if you need to create exceptions for certain users.
  • Allow users to sign in with Google:
  • Users will be able to sign in using Google.
    • If you have an associated domain setup on your account and your users log in with the domain specified on that account, you can optionally force them to use Google to sign in once this setting is enabled. Selecting the domains that will be able to log in with Google can be done by clicking the Select Domains button.
  • Allow users to sign in with Facebook:
  • When this option is selected, users will have the option of logging in via Facebook.
  • Allow users to sign in with Apple ID:
  • With this, users will be able to sign in to Zoom desktop and mobile applications by using their Apple ID.
  • Show disclaimer when users sign in to Zoom:
  • The disclaimer can be configured to appear during the first sign-in to Zoom, every time, or at some specific interval when the user signs in.