Restrict Participant access

Hello,
I am working on project where the admin create classes and select who should attend these classes (students already have email and password to login to the system),
so what I did is, to use the Zoom API to create the class with the time and option to allow registration (in order to add the participants) and allow the participants join before the host, anyway, theres an issue regarding the registration, is theres a way to disable the URL and allow only the participants that I added through the API to join ? I searched all the documentation the only thing I can find is SSO login.

but still not sure if this will help, if so, can I create API to make the students login and use that somehow for the SSO ?
not sure if my question is clear but I just want certain emails to join the meeting, no one else even if they have the link.

Thank you

Hey @salahy,

Thank you for reaching out to the Zoom Developer Forum. Great question! If that the users have the same email domain (@example.com) then you can enable authentication profiles and require meeting authentication in order to only allow only specific email domains in to the meeting.

If the users aren’t on the same domain, your best option is likely to enable manual approval for registration. Then, only the users that you approve with the API will be able to join your meeting.

I hope that helps! Let me know if you have any questions. :slightly_smiling_face:

Thanks,
Max

Thank you Max for your quick response.
Unfortunately both solutions wont working for me, because the same domain users can join any meeting if the link shared with them,
The manual approval also hard to do since the host wont be able to be in all meetings, and the participants are in hundreds, not easy to compare who is registered and who is not.

What about SSO solution? Do you think it could help us in this case ?

Thanks

Hey @salahy,

Thank you for the update. If you have a list of emails that should be in the meeting, you can use the Add Meeting Registrant API to automatically approve just the emails in that list. This wouldn’t have to involve the host and only the users in that list would able to join.

With that being said, SSO is definitely a possibility but it can be a lot to configure and can add complexity.

Let me know if that helps.

Thanks,
Max

Thank you Max,
We already using the Meeting Registrant Api to add the Name and email of the registrant and assign it to the meeting, but if someone of the registrant shared the link with anyone, they can open the link and register and since it’s automatically approved, they will immediately join the meeting.

Hey @salahy,

For this reason, I recommend using Manual Approval for the meeting so that you can control who is admitted into the meeting. Here are some steps that might help if you have a list of emails that should be admitted to a meeting:

  1. Listen to the meeting.registrant_created webhook

  2. When the event fires, compare the registrant email with the list of valid emails you have for the meeting

  3. If the user is on the list of valid emails, use the Add Meeting Registrant API to approve the registrant

Let me know if that would work for your use-case.

Thanks,
Max

Hi @MaxM how should the request for the 3rd step look like? I can not see any “approve” field except “auto_approve”. But i do not know what this is even for.

Hey @novacreator,

That’s right, you can use the auto_approve field in order to ensure that a registrant is approved automatically when you add them with that API.

Let me know if that helps.

Thanks,
Max

Hello,
Thanks Max for your help,
To update you and it might help someone else,
What I did is creating a webhook that listen to the registered event, and I check the user email that registered with the people are allowed to join this meeting id, after that I used the update registrant status api to approve or deny the request

1 Like

Hey @salahy,

Thank you for sharing what worked for you! I’m sure that will be helpful for other users.

Thanks,
Max

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.