Configure MFA

Configure MFA

Multi-factor authentication (MFA) adds an additional layer of security to your organization. When MFA is enabled, your users will have to verify their identity not only with their password, but also with a second factor. The second factor could be an authenticator app like  Zoho OneAuth , a hardware security key (YubiKey), or an SMS-based OTP.

When MFA is enabled for a user, they will not be able to sign in without setting up their preferred authentication mode and verifying themself. You can configure the list of MFA modes your users can choose from.

 In the mobile application: 

  1. Open the Zoho One app on your mobile device, then tap  in the top-right corner.
  2. Tap  in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Multi-Factor Authentication.
  4. Tap the toggle bar to enable MFA.
  5. Select the required MFA modes.
  6. Set MFA Lifetime and enable backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser.
  7. Tap Save.

To disable an MFA policy:

  1. Open the Zoho One app on your mobile device, then tap  in the top-right corner.
  2. Tap  in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Multi-Factor Authentication.
  4. Tap the toggle bar to disable MFA.
  5. Tap Update.

In the web application:

  1. Sign in to Zoho One  open in new tab icon , then click Directory in the left menu.
  2. Go to  Security , click  Security Policies , then click on the policy you want to configure.
  3. Go to Multi-factor Authentication , then click Setup .
  4. Select the authentication modes that you want your users to choose from. The available authentication modes are:
    Face ID/Touch ID
    Users will have to verify themselves using their fingerprint or Face ID through Zoho OneAuth. (Face ID can only be used if the user has an iPhone or iPad device that supports it .
    Push Notification
    Users will have to accept a push notification sent to their mobile device through Zoho OneAuth.
    Time-based OTP
    Users will have to enter a time-based one-time password generated in Zoho OneAuth.
    QR Code
    Users will have to scan a QR code displayed at sign-in, through Zoho OneAuth.
    Google Authenticator (or similar authentication apps)
    Users will have to configure an authenticator app, and enter a time-based one-time password generated in it.
    YubiKey
    Users will have to connect their YubiKey hardware authenticator to the device they're trying to sign in from, and verify themselves.
    SMS
    Users will have to enter a one-time password sent to their registered mobile number through SMS.

  5. Click Update Policy .

To remove an MFA policy:

  1. Sign in to Zoho One   , then click Admin Panel in the left menu.
  2. Go to Security , then click Security Policies.
  3. Click on the policy for which you want to remove MFA.
  4. Go to Multi-factor Authentication , scroll down and click Remove MFA.
  5.  Note: Policy priority changes when a policy is removed. 
  6. Enter your password, then click Yes, Remove.
  7. Note: If an MFA policy is removed, the next policy having the top priority will be applied to the user. If there is only one remaining policy, then the default policy will hold good for the user. 

    • Related Articles

    • Configure password policy

      Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for ...
    • Add security policy

      In the mobile application: Open the Zoho One app on your mobile device, then tap  in the top-right. Tap  in the bottom-right, then tap Security Policies. Tap Add, then enter the Policy Name.  Choose the groups the policy will be applied to. To ...
    • Security Policies - Overview

      Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components: Password policy: This component dictates how strong the users' passwords must be and how often they have to be ...
    • Delete a security policy

      When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. In the mobile application:  Open the Zoho One app on your mobile device, then tap  in the ...
    • Apply an existing security policy to new groups

      When applying a policy to a new group, remember to take the policies already applied to the group into account. When a group has multiple security policies, they will be applied based on the policy priority. In the mobile application:  Open the Zoho ...