Security Policies - Overview

Security Policies - Overview

Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components:
  1. Password policy: This component dictates how strong the users' passwords must be and how often they have to be renewed.
  2. MFA: This component dictates which multi-factor authentication modes the user can use to sign in.
  3. Allowed IPs: This component dictates which IP addresses the user can use to sign in. Any sign-in requests from IPs that aren't allowed will be denied.
  4. Session management: This component dictates how many active sessions a user can have, and for how long.
 
Security policies in Zoho One are highly customizable, as the strictness of the policy should depend on each user's privileges and responsibilities. For example, a Sales Representative might only need a fairly safe password policy, while a Payroll Manager might need a very strong password policy and MFA. A Sysadmin with access to the organization's directory will need maximum security, and should probably only be allowed to sign in from an allowed IP.
 
You can configure multiple security policies and apply them to different groups based on your requirements. To learn more about how security policies are applied when a group has multiple policies, check Policy Priority.










    • Related Articles

    • Manage security policies for users

      Apply a security policy for a single user Sign in to the Zoho One Admin Panel. Go to Users and click on a user. Click Security Policies, then either Add User to Policy or Exclude User from Policy. Disable MFA for users Sign in to the Zoho One Admin ...

    • Policies and Preferences

      Super admins and admins can view and edit this information. Managers can only view this information. Staff members will not have access to this information. This section contains settings regarding booking preferences and policies. This includes ...

    • Data Security Types - An Overview

      Managing the complexities of security administration is one of the growing concerns in any enterprise, especially those open to e-commerce or with large networks. In such demanding times, the availability of Security Management is considered ...

    • Deactivate a security policy

      When a security policy is deactivated, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. Sign in to the Zoho One Admin Panel. Go to Security, then click Security Policies. Hover over ...

    • Delete a security policy

      When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. Sign in to the Zoho One Admin Panel. Go to Security, then click Security Policies. Hover over the ...