Posted on 04-08-2020 12:52 PM
I wanted to share my configuration XML for those wanting to rollout zoom to IOS and lock it down.
I am working through Zoom's documentation here:
Using MDM to configure Zoom on iOS
The following is the configuration I used:
<dict> <key>SetSSOURL</key> <string>yourdomain</string> <key>SetEmailDomainsRestrictedToLogin</key> <string>yourdomain.org</string> <key>ForceLoginWithSSO</key> <integer>1</integer> </dict>
Posted on 04-08-2020 01:14 PM
@promalley I don't see the SetEmailDomainsRestrictedToLogin key in the Zoom documentation, does that work...?
Posted on 04-08-2020 01:21 PM
It works for me! One thing to note is that it would be your domain URL not just the domain.
Posted on 04-08-2020 01:24 PM
I just noticed they removed the SetEmailDomainsRestrictedToLogin from their support page and added a few other options. I am unsure as to if it will continue to be supported.
Posted on 04-09-2020 06:52 AM
As of 4.6.9 it still functions but like you said its future may be in doubt.
The Chrome OS app supports disabling Facebook logins. I tried in vain yesterday to disable that but could only block email sign ins. We aren't allowing students to create accounts or login using school email addresses/accounts. They should only be joining teacher created meetings. Many other keys are available too, but the iOS/iPadOS app doesn't quite have that parity.
The force SSO login prompt should have the X removed from the prompt window. What's the point of forcing it if it can be easily bypassed?
Posted on 04-09-2020 10:25 AM
Hi. I'm having a hard time uploading this file to my Jamf Pro. I'm using using the built-in Propertylist editor in MacOS to create a plist with those three configuration items. But it doesn't appear to be a proper plist. What's the easiest way to create a plist or mobileconfig with those items in it? I also downloaded ProfileCreator from Github, but I can't figure out how to make a custom profile with it.
Posted on 04-09-2020 10:40 AM
Is it possible to create an app config for iOS/iPadOS where it locks in domain name but the user does not actually log in to the app? The user only connects to a channel?
This would be helpful for our student iPad devices where they would not be creating Zoom accounts and be able to connect with persons outside the domain.
Posted on 04-09-2020 12:10 PM
So I've been trying to create a configuration profile to accomplish this. Is that not what this is? what is an app config?
Posted on 04-09-2020 12:11 PM
@ralvarezOES Managed app configurations are XML just like property lists and config profiles but they're stripped to just a dictionary array and the settings inside it.
I.e. it should look like this:
Posted on 04-09-2020 12:29 PM
Ok thanks. I see there is an "app configuration" section in the managed Mobile device Apps. I'll start playing with this, but maybe you can answer a question. If the app is already installed on the devices, would a new configuration take affect? Or would I have to uninstall and reinstall the app on all the devices?
Posted on 04-09-2020 12:34 PM
The app doesn't need to be reinstalled. Once a valid config is saved it will send a Managed App Configuration command to the devices. They may need to quit the app if it's open during that time. The worst case scenario is a reinstall using Self Service.
Posted on 04-13-2020 06:45 PM
I edited the post with a screenshot of where the configuration should be pasted.
Posted on 05-15-2020 05:51 AM
Posted on 05-18-2020 05:24 AM
Thanks! Working fine for me
Posted on 08-12-2020 11:41 AM
Works well - just wish there was an option to keep kids from uploading custom backgrounds. They can get...creative.
Posted on 09-04-2020 11:32 AM
Does anyone have an example of the XML for configuring Zoom for iPads within Jamf School?
I tried to create a Managed App Configuration on the Zoom app and apply it to a group.
I thought I would just try to disable the facebook login. It does display an error "malformed document. First element should be <plist>". Yet it lets me apply to a group and save. But it doesn't work. Any help would be appreciated.
Here is my configuration:
Posted on 09-21-2020 12:53 PM
@jaellington It looks like they do have support for this feature! Zoom Documentation Here
It would look like this:
Posted on 10-05-2020 11:45 AM
Unfortunately, this is different in Jamf School. So, when I go into Managed Configuration for the Zoom App, I put in:
<dict> <key>ForceLoginWithSSO</key> <integer>0</integer> <key>mandatory:EnableAppleLogin</key> <integer>0</integer>
<key>mandatory:DisableFacebookLogin</key> <integer>1</integer> <key>mandatory:DisableGoogleLogin</key> <integer>1</integer> <key>mandatory:DisableLoginWithEmail</key> <integer>1</integer>
But, I get this error: "malformed document. First element should be <plist>"
So, logically, one would think it should look something like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<dict> <key>nogoogle</key> <true/> <key>nofacebook</key> <true/> <key>disableloginwithemail</key> <true/> <key>nosso</key> <true/>
Is there any documentation that shows how the plist should be:
Posted on 10-05-2020 01:13 PM
A quick Google search shows that it's:
<plist version="1.0"> <dict> ....... </dict> </plist>
Posted on 10-06-2020 12:30 PM
This should work for Jamf School, but you need to make it the 2nd TAB, not the 1st TAB (leave the 1st TAB blank) and then set the 2nd TAB as the default. The below is if you purchased Zoom and are using SSO.
Posted on 01-06-2022 12:21 PM
Out of curiosity, why does it need to be on the 2nd tab?
Posted on 01-07-2022 08:42 AM
If you look at my directions further down the page (post 3/5/2021), no second tab needed. You just need the one and then choose whether or not to scope it to the group in step 3.
I hope this helps.
Posted on 10-27-2020 02:59 PM
Hello! Apologies if this has already been answered, but we're starting to notice students using the chat function of Zoom as a texting service during classes. Ideally, we would rather students only be able to join meetings, and not sign-in with their gsuite accounts. Is there a way to do this with xml? I've sent in a ticket already, but was curious to know if anyone here could help me out. Thank you in advance!
Posted on 10-28-2020 07:38 AM
@user-tfABOollWd We had that same problem and I solved it by essentially yanking all the authentication methods from their iPads. Use this Managed App Config to do so with Jamf Pro. When they open the app and try to sign in, they then have no method to do so. Of course I have the unrestricted version scoped to the staff:
<dict> <key>mandatory:EnableAppleLogin</key> <integer>0</integer> <key>mandatory:DisableGoogleLogin</key> <integer>1</integer> <key>mandatory:DisableFacebookLogin</key> <integer>1</integer> <key>mandatory:DisableLoginWithSSO</key> <integer>1</integer> <key>mandatory:DisableLoginWithEmail</key> <integer>1</integer> </dict>
Posted on 10-28-2020 07:30 PM
@blackholemac How do you scope a same app with different App Config to two different groups?
Posted on 10-29-2020 04:44 AM
@YanW Two instances of the app in the app catalog. So we have two VPP accounts, one scoped to go to Staff which has no app config and the other scoped to Students which has the app config shown above.
Posted on 01-28-2021 08:32 AM
Is it possible to use add something in to this xml file to force a sign out of the users account when they close the App? We'd like to have this on some shared sets of iPads (not the 'Shared iPad' feature) but not have the worry of it staying signed into the user's Zoom account when they put the iPad back. Anyone know if this is possible?
Posted on 02-26-2021 07:22 AM
Has anyone gotten Zoom iOS configuration to work in jamf school? I am testing Jamf School and am very frustrated. While I appreciate the responses in the thread, none of them seem to work for me. I'm likely missing something. But I just get errors or no change to the app. Thanks
Posted on 02-26-2021 08:36 AM
@user-parrfaAIYt I am also looking for this functionality. Did you have any luck with getting this to work?
Posted on 02-26-2021 10:19 AM
@ctarbox @user-parrfaAIYt Don't think so. The link below lists all the available keys you can use.
Posted on 03-05-2021 02:26 AM
I am able to do it for our ipads within Jamf School. The configuration below doesn't allow a student to login whatsoever. Basically, when the student taps on "Join", the screen is blank as there are no options to log in.
To use this, you need to:
I hope this helps!
Posted on 01-07-2022 08:29 AM
Haven't been able to get this to work at all in Jamf School.
Posted on 01-07-2022 08:39 AM
What exactly isn't working? Did you do step 3? Step 3 I initially missed when attempting this.
Posted on 01-07-2022 08:42 AM
No part of the config works at all for Zoom. I did copy/paste yours verbatim to eliminate any potential errors. I changed it to Automatic installation for all groups with the gear icon, no effect.
01-07-2022 11:15 AM - edited 01-07-2022 11:17 AM
See @Columbo's response above. It's sounding like you've overlooked the managed configuration portion of the setup. Make sure your managed configuration is checked as shown in the example below.
Posted on 09-30-2022 12:23 PM
Just chiming in with what worked for me as of 09/2022 on iOS 15:
<dict> <key>ForceLoginWithSSO</key> <true/> <key>ForceSSOURL</key> <string>YourOrgName</string> </dict>
For whatever reason, integers of 1 or 0 were not working, but true/false values did.