Security Policies - Overview
Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components:
- Password policy: This component dictates how strong the users' passwords must be and how often they have to be renewed.
- MFA: This component dictates which multi-factor authentication modes the user can use to sign in.
- Allowed IPs: This component dictates which IP addresses the user can use to sign in. Any sign-in requests from IPs that aren't allowed will be denied.
- Session management: This component dictates how many active sessions a user can have, and for how long.
Security policies in Zoho One are highly customizable, as the strictness of the policy should depend on each user's privileges and responsibilities. For example, a Sales Representative might only need a fairly safe password policy, while a Payroll Manager might need a very strong password policy and MFA. A Sysadmin with access to the organization's directory will need maximum security, and should probably only be allowed to sign in from an allowed IP.
You can configure multiple security policies and apply them to different groups based on your requirements. To learn more about how security policies are applied when a group has multiple policies, check
Policy Priority.
Related Articles
Groups - Overview
Groups are used in Zoho One to simplify user management. Groups allow you to provision app access and to enforce security policies to multiple users simultaneously. Besides this, if you have added Zoho Mail, you will be able to create email aliases ...
SAML Overview
What is Single Sign-on? Before understanding what Single Sign-On (SSO) is, we must go through how traditional authentication works. A service will present the user with a login page where the user must submit a set of login credentials i.e., username ...
Admins - Overview
Administrators play an important role in Zoho One. They are the people who manage the organization through the Zoho One Admin Panel. There are two different administrative roles in Zoho One: Zoho One Admins: Zoho One Admins are privileged users with ...
Manage security policies for users
Apply a security policy for a single user Sign in to the Zoho One Admin Panel. Go to Users and click on a user. Click Security Policies, then either Add User to Policy or Exclude User from Policy. Disable MFA for users Sign in to the Zoho One Admin ...
Policies and Preferences
Super admins and admins can view and edit this information. Managers can only view this information. Staff members will not have access to this information. This section contains settings regarding booking preferences and policies. This includes ...