Waiting Room

What is a Waiting Room?

A waiting room (also called a lobby or pre-join area) is a security feature in video conferencing that places participants in a virtual holding area before they can join the main meeting. Participants wait until the host or meeting organizer explicitly admits them, providing control over who enters the meeting and when.

This feature acts as the first line of defense against unauthorized access, meeting disruptions ("Zoombombing"), and unwanted participants, while also giving hosts time to prepare before admitting attendees.

How Waiting Rooms Work

Participant Experience

When a participant joins a meeting with a waiting room enabled:

1. Join Request: User enters meeting ID/link and provides their display name
2. Waiting State: User is placed in a waiting room with a message like "Please wait, the host will let you in soon"
3. Limited Interaction: Participant cannot see or hear the meeting, typically sees a waiting screen or preview of their own video
4. Notification Sound: May hear hold music or see branding/announcements while waiting
5. Admission: Once admitted by the host, user joins the main meeting room
6. Rejection: If denied, user sees a message explaining they cannot join

Host Experience

For meeting hosts and organizers:

1. Notification: Visual and/or audio notification when someone is waiting
2. Participant List: View list of participants in waiting room with their names
3. Admission Controls:
   • Admit: Allow specific participant to join
   • Admit All: Let all waiting participants join at once
   • Deny/Remove: Reject participant's request to join
   • Put Back: Some platforms allow moving admitted participants back to waiting room
4. Auto-admit Options: Configure rules like auto-admit authenticated users or organization members

Implementation Architecture

Signaling-Based Approach

Waiting rooms are typically implemented through signaling server logic rather than WebRTC media connections:

// Client requests to join meeting
const joinRequest = {
  type: 'join-request',
  meetingId: 'abc-123',
  userId: currentUserId,
  displayName: 'John Doe',
  timestamp: Date.now()
};

// Server places user in waiting room
server.on('join-request', ({ meetingId, userId, displayName }) => {
  const meeting = meetings.get(meetingId);
  
  if (meeting.waitingRoomEnabled) {
    // Add to waiting list
    meeting.waitingRoom.add({ userId, displayName, timestamp: Date.now() });
    
    // Notify host(s)
    meeting.hosts.forEach(host => {
      sendToClient(host.socketId, {
        type: 'participant-waiting',
        participant: { userId, displayName }
      });
    });
    
    // Send waiting state to participant
    sendToClient(userId, {
      type: 'waiting-room-status',
      status: 'waiting',
      position: meeting.waitingRoom.size
    });
  }
});

Admission Logic

// Host admits participant
server.on('admit-participant', ({ meetingId, userId }) => {
  const meeting = meetings.get(meetingId);
  
  // Verify sender is host
  if (!meeting.isHost(senderId)) {
    return sendError('Only hosts can admit participants');
  }
  
  // Remove from waiting room
  const participant = meeting.waitingRoom.remove(userId);
  
  if (participant) {
    // Add to main meeting
    meeting.participants.add(participant);
    
    // Notify participant they're admitted
    sendToClient(userId, {
      type: 'admitted',
      meeting: meeting.getInfo(),
      participants: meeting.getParticipantList()
    });
    
    // Notify existing participants
    meeting.participants.forEach(p => {
      sendToClient(p.userId, {
        type: 'participant-joined',
        participant: participant
      });
    });
  }
});

Pre-join UI

Modern implementations include a pre-join screen before waiting room:

// Enable pre-join UI (example with Daily.co)
const room = await dailyRoom.createRoom({
  name: 'my-meeting',
  privacy: 'private',
  properties: {
    enable_prejoin_ui: true,
    enable_knocking: true
  }
});

// Participant sees preview before requesting to join
// Can test camera/mic, choose settings, then "knock" to join

Security Benefits

Primary Security Functions

1. Access Control: Prevents unauthorized participants from entering meetings
2. Identity Verification: Hosts can verify participant identity before admission
3. Disruption Prevention: Blocks trolls and bad actors from disrupting meetings ("Zoombombing")
4. Privacy Protection: Ensures sensitive meetings remain confidential
5. Flexible Timing: Hosts can start private discussions before admitting all participants

2025 Advanced Security Features

Modern waiting room implementations include:

• Biometric Authentication: Facial recognition or fingerprint scanning for high-security meetings
• AI-Powered Screening: Anomaly detection to flag suspicious join attempts
• Zero-Trust Model: Every participant verified, no implicit trust
• Deepfake Detection: AI analysis to detect impersonation attempts
• Behavioral Analysis: Monitor join patterns to identify potential threats

Configuration Options

Waiting Room Policies

Typical configuration options include:

• Always Enabled: All participants go through waiting room
• Guests Only: Organization members auto-admitted, external guests wait
• After Meeting Starts: First N participants auto-admitted, latecomers wait
• Authenticated Users Only: Require login, anonymous users denied
• Role-Based: Different rules for different user roles

const meetingConfig = {
  waitingRoom: {
    enabled: true,
    policy: 'guests-only', // or 'always', 'authenticated-only'
    autoAdmit: {
      organizationMembers: true,
      authenticatedUsers: true,
      specificDomains: ['company.com']
    },
    maxWaitTime: 600000, // 10 minutes, then auto-reject
    customMessage: 'Please wait while the host admits you'
  }
};

Customization Options

• Custom Branding: Display logo, company colors in waiting room
• Hold Music/Video: Play audio or video while participants wait
• Announcements: Show meeting agenda, guidelines, or instructions
• Waiting Time Display: Show estimated wait time or queue position

User Experience Best Practices

For Participants

1. Clear Communication: Show clear message explaining why they're waiting
2. Camera/Mic Preview: Allow testing equipment while waiting
3. Settings Access: Let users adjust settings before joining
4. Status Updates: Show queue position or estimated wait time
5. Exit Option: Clear button to leave if wait is too long

For Hosts

1. Prominent Notifications: Visual and audio alerts for waiting participants
2. Quick Actions: One-click admit/deny buttons
3. Batch Operations: Admit all, deny all options
4. Participant Info: Show names, email domains, join time
5. Persistent Indicator: Badge showing number waiting

Common Use Cases

• Corporate Meetings: Ensure only employees and invited guests attend sensitive business discussions
• Webinars: Control when audience members join, prevent disruption during setup
• Educational Settings: Teachers verify students before admitting to virtual classrooms
• Healthcare: HIPAA compliance, verify patient identity before telehealth appointments
• Legal Proceedings: Verify all parties before virtual court hearings or depositions
• Client Meetings: Screen participants before admitting to client presentations or consultations
• Public Events: Manage large numbers of attendees joining virtual town halls or community meetings

Integration with Other Features

Authentication

Waiting rooms work best when combined with authentication:

• SSO Integration: Auto-admit users authenticated via company SSO
• Meeting Passwords: Require password entry before reaching waiting room
• Email Verification: Send join links only to verified email addresses

Recording

• Recording Notices: Display recording consent in waiting room
• Pre-recording Buffer: Recording doesn't start until participants admitted

Chat/Messaging

• Pre-join Chat: Allow waiting participants to message host (some platforms)
• Host Communication: Host can send messages to waiting room

Platform Examples

• Zoom: Comprehensive waiting room with custom branding, auto-admit rules, and "admit all" feature
• Google Meet: "Knock to enter" feature for scheduled meetings, requires host admission
• Microsoft Teams: Lobby feature with granular controls based on user type and organization membership
• Webex: Advanced waiting room with biometric options and AI-powered security screening
• Jitsi: Open-source implementation with lobby and password protection

Accessibility Considerations

1. Screen Reader Support: Ensure waiting room status is announced to screen reader users
2. Keyboard Navigation: Full keyboard control for all waiting room actions
3. High Contrast Mode: Support for users with visual impairments
4. Clear Language: Use plain language for all messages and instructions

Performance Considerations

• Scalability: Waiting room logic should scale to hundreds of simultaneous waiters
• Connection Management: Don't establish full WebRTC connections until admission
• Signaling Efficiency: Use efficient messaging to handle large waiting queues
• Timeout Handling: Auto-remove participants after extended wait periods

Regulatory Compliance

Waiting rooms help meet compliance requirements:

• HIPAA (Healthcare): Verify patient identity before telehealth sessions
• FERPA (Education): Control access to student information in virtual classrooms
• GDPR (Privacy): Ensure only authorized individuals access personal data discussions
• Financial Regulations: Verify participant identity for financial advisory sessions

References

• Building a Virtual Waiting Room with Daily's React Hooks
• CISA Guidance for Securing Video Conferencing
• Safe Video Conferencing in 2025
• 7 Steps to Ensure Secure Video Conferencing (2025)