As the fast development of Internet of Things (IoT), protection of security and privacy of user data in IoT devices and networks is getting more and more attention. To guarantee this protection, IoT devices are usually authenticated and the communication within the IoT network is encrypted. Therefore, it is important to have IoT devices agree keys with each other, as authenticator or encryption keys. Challenges arise from existing authentication schemes for IoT device include: firstly, pre-distributed authentication keys are not feasible; secondly, manual pairing requires excessive user effort, especially when there are a number of IoT devices; thirdly, context-based solutions are mostly peer-to-peer instead of being scalable or lack of practicality or enough security. In this paper, we propose a group audio-based authentication scheme for IoT devices (GAB-IoT), which achieves the following goals: It is group-based and scalable as the increased number of IoT devices; It is secure under a realistic threat model; It minimizes the user effort during the authentication process, therefore, strengthens the scalability and feasibility.