Massive increase in use of video conferencing apps has helped us to introduce enhanced Zoom Two-Factor Authentication solution for Desktop and mobile apps. Zoom 2FA security solution makes it easier for user and organizations to safeguard and prevent themselves from the security breaches.
Zoom 2FA (two-factor authentication) is a two-step sign-in process which demands additional layer of security check to grant access to log into Zoom account. Zoom 2FA identifies users by demanding two or more type of authentication methods. First factor is the one that user knows username and password and second factor is what user might have as unique like a phone (For OTP) or Fingerprint, voice. This additional layer prevents the unauthorized person from accessing the resources even if they know your credentials.
miniorange provides 15+ authentication methods and solutions for various use cases. It allows users and organization to setup certain authentication and settings which includes password restrictions, restricting sign-in methods, as well as other security settings. miniorange also make way for authentication apps that support Time-Based One-Time Password (TOTP) Google Authenticator, Microsoft Authenticator, Authy 2-Factor authentication app and our own miniorange Authenticator app.
miniOrange provides user authentication from external directories like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc. It also provides user authentication with other IDPs like Shibboleth, PING, Okta, OneLogin, KeyCloak and many more.
Can't find your IDP ? Contact us on email@example.com. We'll help you set it up in no time.
Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud- based platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms.
|SP Entity ID or Issuer||https://www.zoom.us/|
2.1: Setup AD as User Directory
Here's the list of the attributes and what it does when we enable it. You can enable/disable accordingly.
|Activate LDAP||All user authentications will be done with LDAP credentials if you Activate it|
|Sync users in miniOrange||Users will be created in miniOrange after authentication with LDAP|
|Backup Authentication||If LDAP credentials fail then user will be authenticated through miniOrange|
|Allow users to change password||This allows your users to change their password. It updates the new credentials in your LDAP server|
|Enable administrator login||On enabling this, your miniOrange Administrator login authenticates using your LDAP server|
|Show IdP to users||If you enable this option, this IdP will be visible to users|
|Send Configured Attributes||If you enable this option, then only the attributes configured below will be sent in attributes at the time of login|
Refer our guide to setup LDAPS on windows server.
2.2: Setup miniOrange as a User Store
2.2.1 Create User in miniOrange
2.2.2 Bulk Upload Users in miniOrange via Uploading CSV File.
2.2.3 Self User Registration
|Sign-in Page URL:||Sign in to the miniOrange Admin app to have this variable generated for you.|
|Sign-out Page URL:||Sign in to the miniOrange Admin app to have this variable generated for you.|
|Identity provider certificate:||Sign into the miniOrange Admin Dashboard to generate this variable.|
|Service Provider (SP) Entity ID:||Select a URN-based entity ID for a Service Provider(SP):[your-subdomain].zoom.us|
|Issuer (IDP Entity ID):||Sign in to the miniOrange Admin app to have this variable generated for you.|
|Signature Hash Algorithm:||Select SHA-256.|
|Display Name||Variable Name|
|SAML Attribute:||Enter UserGroup. (This group attribute is passed by miniOrange.)|
|SAML Value:||Enter the appropriate group for UserGroup.|
|Resulting Value:||Select the Group that will be assigned to a user in Zoom.|
For example: In the screenshot below, the SAML value is User_Group_Test and the Resulting Value is User_Group_Test. This means that a user will be added to the User_Group_Test group in Zoom.
|SAML Attribute:||Enter IMGroup. (This group attribute is passed by miniOrange.)|
|SAML Value:||Enter the appropriate group for IM Group.|
|Resulting Value:||Select the IM Group that will be assigned to a user in Zoom.|
For example: In the screenshot below, the SAML value is IMGroup_Test and the Resulting Value is IMGroup_Test. This means that a user will be added to the IMGroup_Test group in Zoom:
4.1: Configure 2FA for miniOrange Admin Dashboard.
4.2: Enable 2FA for Users of Zoom application.
6.1: Restricting access to Zoom with IP Blocking
You can use adaptive authentication with Zoom Single Sign-On (SSO) to improve the security and functionality of Single Sign-On. You can allow a IP Address in certain range for SSO or you can deny it based your requirements and you can also challenge the user to verify his authenticity. Adaptive authentication manages the user authentication bases on different factors such as Device ID, Location, Time of Access, IP Address and many more.You can configure Adaptive Authentication with IP Blocking in following way:
|Allow||Allow user to authenticate and use services if Adaptive authentication condition is true.|
|Challenge||Challenege users with one of the three methods mentioned below for verifying user authenticity.|
|Deny||Deny user authentications and access to services if Adaptive authentication condition is true.|
|User second Factor||The User needs to authenticate using the second factor he has opted or assigned for such as
|KBA (Knowledge-based authentication)||The System will ask user for 2 of 3 questions he has configured in his Self Service Console. Only after right answer to both questions user is allowed to proceed further.|
|OTP over Alternate Email||User will recieve a OTP on the alternate email he has configured threw Self Service Conolse. Once user provides the correct OTP he is allowed to proceed further.|
6.2: Adaptive Authentication with Limiting number of devices.
Using Adaptive Authentication you can also restrict the number of devices the end user can access the Services on. You can allow end users to access services on a fixed no. of devices. The end users wii be able to access services provided by us on this fixed no. of devices.You can cofigure Adaptive Authentication with Device Restriction in follwing way
6.3: Add Adaptive Authentication policy to Zoom.
The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.
Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, tracks who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.
miniOrange authentication service has 15+ authentication methods.
You can choose from any of the above authentication methods to augment your password based authentication. miniOrange authentication service works with all phone types, from landlines to smart-phone platforms. In the simplest case, users just answer a phone call and press a button to authenticate. miniOrange authentication service works internationally and has customers authenticating from many countries around the world.
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.Try Now
We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -
+1 978 658 9387 (US) , +91 97178 45846 (India) | firstname.lastname@example.org