Viewing recordings with external single sign-on in Zoom App

This post was most recently updated on July 28th, 2022

As a result of authentication, hosts can restrict the participants who are able to view a cloud recording to those who are logged in to Zoom, or even only allow Zoom users who have an address that matches a specific domain to view the recording.

The account administrator has the ability to configure external single sign-on (SSO) for their accounts. It is not necessary for additional users to be members of your Zoom account for external authentication, however, they must use email addresses with a verified email domain. This change will only effect future recordings that utilize a verified email domain. In order for the new settings to apply to past recordings on the cloud, you need to turn on and off the authentication profile.

Viewers who attempt to watch the recording without meeting the defined authentication criteria can be presented with a message saying that they do not have permission to view the recording since they have not signed in with the correct email domain or, by not having access to the account, they do not have access to the recording.

This means that if a server administrator or the host changes the share settings of a cloud recording, a new share link will be generated and the old one will still work.

Notes:

  • In addition, admins have the option of enabling authentication exceptions to allow guests to view recordings even if their authentication profiles are enabled. You can, for example, create an exception in order to allow external users to view recordings if you authenticate meeting participants against their domain’s IDP.
  • It is important to note that, when an administrator updates an authentication profile, it only affects future meetings, not scheduled meetings. In order for their changes to apply to future meetings, the host or admin will have to enable or disable these settings in their meeting profiles, or change the authentication preferences if it is not possible to disable the authentication profile settings

Prerequisites for viewing recordings with external single sign-on

  • There are four types of accounts: Pro, Business, Education, and Enterprise
  • accounts that may be licensed
  • for recording in the cloud

How to configure external single sign-on

Note: Make sure that the option Require users to authenticate before viewing cloud recordings is enabled before configuring the external SSO and that your cloud recording sharing settings are adjusted for your specific needs before configuring the external SSO.

It is imperative that if you are going to use single sign-on as an authentication method, then this must be a separate integration that is not already linked to a Zoom SSO integration. To give you an example:

  • Okta: Use a custom app rather than the pre-built Zoom app instead of using the pre-built Zoom app.
  • Azure: Write an application to manage the Galleries.

In order to find out more, please refer to the Support article via the link below. It contains step-by-step instructions on how to set up external SSO and how to configure the authentication profile by way of external authentication through single sign-on.

Note: There will be an auto-synchronization from the configuration of the meeting settings to the configuration of the recording settings. This ensures that the external configuration will be available for future scheduled meetings, as well as future cloud recordings.

How to configure the Azure app for authentication to view recordings

  1. Log on to Microsoft Azure if you have not already done so.
  2. Then select the Azure Active Directory option from the left navigation menu.
  3. Click on the Manage button on the left navigation menu, then select Enterprise applications from the list.
  4. Click on the + New application button at the top of the page.
    A new page will open in a new tab named Browse Azure Active Directory Gallery.
  5. On the left hand side, enter “zoom” in the search field.
  6. You will be able to click the Zoom application from the results of your search.
    The Zoom panel will be displayed on the right side.
  7. On the right panel, you will be able to give the Zoom application a name.
  8. When you are done creating the Zoom application, click the Create button.
  9. Once the Zoom application has been created, you can open it.
  10. You can find the Single sign-on settings under the Manage section on the left navigation menu.
    • To edit the fields, click Edit under the Basic SAML Configuration section.
    • To edit the fields in User Attributes & Claims, you need to click Edit on the user attributes and claims tab.
  11. After making your changes, you need to click Save.
  12. Next, you need to assign an Azure user to this application so that they will have access to it:
    1. From the left-hand navigation menu, select Overview in your Zoom application.
    2. From the left-hand navigation menu, select Assign users and groups.

How to configure the Okta app for authentication to view recordings

You can simply sign into your Zoom account using the credentials issued to you by your company through the single sign-on feature. In order to enable users to access their Zoom accounts directly, Okta, the identity provider (IDP), and Zoom, the service provider (SP), make a connection with each other.

In order to manage users to authenticate to view recordings, you can follow the instructions below once you have configured Okta account with Zoom.

Sign in to Okta as an admin

  1. You will need to sign in as an administrator in Okta.
  2. You can open the admin portal by clicking the Admin link at the top right of the page.
  3. On the left-hand side of the page, click the Classic UI button.
  4. On the dashboard of Okta, click the Accounts tab.

Add a new Zoom custom app to Okta

If you would like to learn more about how to add the Zoom custom app to Okta, please visit the Support article.

Note: Please choose one of the following options when filling out the Feedback section:

  1. As you will be asked Are you an Okta customer or partner? You will need to select I’m an Okta customer adding an internal app to your account.
  2. Choose the Check box next to This is an internal app created by our company from the App Type drop-down menu.
  3. Finally, click on the Finish button.

Connect Zoom and Okta to allow authentication to view recordings

For Zoom and Okta to be able to communicate with each other, they will need to establish a trusted relationship.

If you would like to know more about how Zoom and Okta can be connected, please visit the Support article on the topic.