Any way to restrict access to meetings

Description
I am trying to integrate Zoom into our Learning Management System. The scenario is: an instructor can create a new online lecture (Zoom Meeting), then trainees will get notified of the new lecture and join the meeting via their phones or PCs.

Now, we are wondering how to limit access to this meeting, to OUR list of trainees, thus preventing anyone from sharing the meeting link with others. On our end, each trainee has an email and an ID, is there anyway to filter out any new participants who are not on our list?

We tried the “enforce_login” setting passed while creating the meeting, to force the participant to use his/her email address when joining the meeting, then using the “meeting.participant_joined” hook we can monitor who joins (by his/her email) the meeting. But this setting doesn’t enforce logins, one can simply open the meeting from his phone and join with no login required!

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT

Which Endpoint/s?
POST users/{user-id}/meetings (new meeting)

Hey @tamkeenlms,

I would suggest using Meeting Registration. This will allow you to add people to a white list, which gives them each a unique join link.

Thanks,
Tommy

Hi @tommy

Okay, I will give it a try. But as for the first link, I cannot find the “registration” option when creating a new meeting. But also the meetings will be created via the API, how to setup this using the API?

One more thing; just to clarify, creating a “registrant” will create a new Zoom user? Will that “registrant” need to create and verify his/her account? Couldn’t that user just give his “join_url” still to anyone (if so, then doesn’t solve my problem)?

Hey @tamkeenlms,

Here is the Create Meeting Registrant API.

No, this does not create a new Zoom user. It gives an existing Zoom user, or non Zoom user the ability to join your meeting through a unique join link.

Yes, this could be shared, however if this is integrated in your platform, the user will never see the join_url because it will be handled by code.

Thanks,
Tommy

Hi Tommy,

What do you mean by that ? Do you have an example ?

Thanks,

Hey @mattmart,

Basically what I mean is in your application, only display the join_url to the respective user behind your login system.

Thanks,
Tommy

Yup, but I doesn’t prevent this user from sharing the url, right ?

Hey @mattmart,

Correct, notify the user to not share the URL, or have the join_url be a button on your site that does not expose the url.

Thanks,
Tommy

We do have it as a button, but the user is redirected to the site and the students still end up sharing the join url. Is there any way that we can keep the meetings closed to only specific email ids(not domains, they use gmail mostly). Registration doesn’t work since they need to register and then, we need to manually approve the reigstrants everytime we create a new meeting (recurring meeting makes it a bit simpler, but I wonder if there’s a simpler alternative?), say we have a list of student emails who we want to restrict the meeting to as comma separated values. Can we import this somewhere or add them in the account or in the create meeting UI(for specific meeting)?

Hi @prasanna8,

At this time, the only way to whitelist emails as you’ve described (via API) is to require registration.

If you’re open to other alternatives outside of the API, you might consider reaching out to our Technical Support team here, to see if they can offer any other UI-based solutions.

Thanks,
Will

We actually were about to implement registration, but that also seems to fail as the students are still able to share their join links.
I was under the impression that a registrant’s join_url would work only for that specific registrant’s email login to zoom. But that doesn’t seem to be the case. Anyone logging into any account, could use the join url of a registrant and still attend the class. Only the name on the display is changed to reflect that of the original registrants’. Could you confirm if this is the case or am I doing something wrong ? ( If we block multiple device login, then the join url can only be used once ? )

Support team suggested to use co-host or waiting room, but since we have a large amount of students (~800) in a single class and lots of classes happening at around the same time, it rules out both the options. I don’t know how other schools/institutes are not facing this issue or how they are able to overcome zoombombing?

I have also put in a feature request for allowing specific emails alone into a meeting.
For now the most viable solution seems to be to buy a new domain, create logins for all students and authenticate them, but we also run into the problem of categorization (different pay structure for students, so sharing zoom link within the institution itself will also cause issue)
Could you please guide us into how we can proceed further ?

I also need that way so that out side people can’t join my meeting created using api.
We also run school app. One class has not more than 100 participants. But teacher complain that sometimes outside people use slang language at meeting but teacher unable to identify them as anyone can join using join_url.
How can we restrict user so that only my enlisted user can join a meeting.

I want to make unique url only for one person. Assume, I’m a teacher who want to make unique url for students and url provide only for students who pay class fees. But this link must be valid only for that student.

Hi @rameshnuwan1996,

At the moment, the only way to generate a unique join_url is to require registration. However, this can’t be limited to just one user. While this is a good suggestion, you might consider adding this as a feature request here: #feature-requests

Thanks,
Will

1 Like

Is there any way right now other than authentication using a domain that can be used to restrict access to joining meetings?
I have created a feature request for the specific case here

Hi @prasanna8,

At the moment, your two best options are either to require registration, or use Authentication Profiles, as you mentioned.

That said, I can understand the value in having more flexibility on this, and appreciate the time you took to submit a feature request!

Best,
Will

1 Like

Hi,
How are you?
Is there anything new regarding this issue?

we are registering clients via API to meetings and sending them the login link (not the registration link since we register them via the API) - and still they can share their link to anyone and connect more then once to the same meeting using the same link…

Thanks!
Ram

1 Like

@will.zoom :
Are there anymore updates on this thread? Wondering if any of the previous feature requests by others in this thread are now available?

     Essentially all these requests seem to boil down to :
  1. Having the join link or password expire after one use (or after some expiry)

  2. May be hiding the meeting join URL on the participants side? I understand that individual integrations need to make sure that join let link is only made available to registered user and is not shown openly, but once the user joins zoom, the meeting info on their side shows the join link,etc . Anyway to keep that hidden?

  3. Limit only one participant to join the meeting (at a time) with one join link. I.e join link/password to meeting participant is 1:1 relationship.

  4. Allow joining a meeting only via APIs (e.g a secrete token passed in the API header)

Also is there a way you can post the links to the past feature requests from this thread?

Thanks
RG

Welcome to the Developer Forum. There is no update on this topic at this time. Aside from the options listed above, you can also consider [b]locking users in specific domains to limit who can join your meeting.

Blocking users in specific domains:

To stay up to date, be sure to subscribe to our blog, change log , and developer guides topics for the latest news, updates, and fixes.