External users of Zoom such as partners or freelancers, i.e. those who do not have a user account within your organization’s user directory, would be able to access content shared with them after signing-in on the Zoom Web apps. There are multiple ways to sign-in for external users.
The Basic sign-in mechanism is by using a username and password. The username is the invited user’s email address. The password is created by the invited user at the time of registration, when they open the Zoom Web Client for the first time. Subsequently, they can sign-in using their username and password.
When single sign-on (SSO) is enabled for the internal users, then external users first need to choose the Login with Username and Password option on the sign-in screen.
Invited User Registration
External users receive an email inviting them to use Zoom when someone shares a collection of assets to their email address for the first time. On clicking on the invitation link, the users are taken directly to the new user registration form. Alternatively, they may open the Zoom Web Client and Create an Account from the Login with Username and Password page.
After submitting their basic details, including a new password, they would need to complete the email verification by providing the code sent to their email address. On successful verification, the new user may login using their newly created username and password.
The Zoom Web apps natively support Single Sign-On (SSO) using the configured OpenID Connect (OIDC) identity provider of your organization. Starting with version 7.6.2, Zoom allows even external users to use SSO to access the Zoom Web apps. They also do not need to fill in any details for creating a new account, as the basic user information would be obtained via OIDC.
This becomes possible if your organization’s OIDC provider is set up to federate with the external user’s identity provider. The federation configuration of your OIDC provider varies from one vendor to another. An example is given for allowing users from GSuite partner organizations to connect via your Azure OIDC provider.
Once this is done, external users can simply use the Connect with SSO button on the Zoom Web Client, that internal users also use, to complete their sign-in via the SSO provider.
Controlling Sign-In Methods for External Users
The Zoom server Security Settings allow administrators to control which form of sign-in will be allowed for external users. This can be used to disable particular forms of access until various configurations including third-party integrations are completed. It can also be used to temporarily prevent access in case of a security alert. The authentication scheme options for external users are:
- All: Allow all types of sign-in for external users.
- Basic: Allow only sign-in with username and password for external users.
- OAuth: Allow only SSO sign-in for external users.
- None: Completely disable sign-in for external users.
For example, if the authentication scheme is restricted to SSO only, i.e. the OAuth option, and SSO is configured for Zoom users, then the Web Client sign-in page would look like below.