Block Jitsi IOS / Android app users from joining and creating public rooms

We’re using Jitsi-Meet on our website and would like to prevent unauthorized users access to our rooms via the Jitsi app without setting up passwords/tokens for each room.

Is it possible to prevent users from entering our server url + room name to join or create a meeting on our server via the Jitsi app?

Maybe I’m mistaking what you’re asking, but if your question is whether you can prevent random people from creating rooms on your self-hosted server, the answer is “yes”. Take a look at Secure domain - Secure Domain setup · Jitsi Meet Handbook

Thanks, Freddy. I’m using moderator/tokens to start the meetings … once a room is created and started, we have it open to our users via our website (it’s public to our members via an Iframe after our members sign in).

During QA, I noticed that if I entered our server URL and meeting ID into the Jitsi app for an active room, anyone can enter and listen in. If possible, I would like to prevent.

I’m not overly concerned about the room creation, but listen in to an active meeting could be an issue. Any suggestions would be great.

Do you use passwords for your meetings? What about enabling the lobby feature?

We do not use passwords for guest (our members) once the meeting has started. We want to avoid double passwords.

The lobby idea is interesting but unfortunately our moderator might not be online when each guest tries to enter the room.

To give more background, once the meeting is started by the moderator, the new meeting URL is available to our members and could be active for weeks/months after. We can control access via the our site, but run into issues if a troubling user switches to the Jitsi app. This is an edge case, but a potential concern.

Is there a way to block the app from accessing our meetings if a user pulls the server url and room id?

I mean, the truth is, if a person can access your server via the app, they can access it via the web. If you only want users to access your meetings via the web, you might be looking at options to block mobile access completely. But again, truth is, that doesn’t really solve your problem. Your problem is not how it’s accessed, but that it’s accessed at all.

Perhaps you can consider JWT tokens for guests (sounds like you’re already using tokens anyway). Since these ‘guests’ are actually members and they go through some validation, you can use tokens to distinguish them from random people that may try to enter the meeting. That’s just the option that comes to mind now.

Sorry for the delayed response… I see what you mean. I’ll try to block it server side. I’ll post a follow up if I can come up with a good solution. If not, I’ll try tokens for guest too. Thank you for suggestions.