Security Policies - Overview
Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components:
- Password policy: This component dictates how strong the users' passwords must be and how often they have to be renewed.
- MFA: This component dictates which multi-factor authentication modes the user can use to sign in.
- Allowed IPs: This component dictates which IP addresses the user can use to sign in. Any sign-in requests from IPs that aren't allowed will be denied.
- Session management: This component dictates how many active sessions a user can have, and for how long.
Security policies in Zoho One are highly customizable as the strictness of the policy should depend on each user's privileges and responsibilities. For example, a Sales Representative might only need a fairly safe password policy, while a Payroll Manager might need a very strong password policy and MFA. A Sysadmin with access to the organization's directory will need maximum security, and should probably only be allowed to sign in from an allowed IP.
You can configure multiple security policies and apply them to different groups based on your requirements. To learn more about how security policies are applied when a group has multiple policies, check
Policy Priority.
Related Articles
Configure allowed IPs
Whitelisting IP addresses prevents unauthorized access and strengthens your organization's security. Once this is configured, you will only be able to access your organization from the allowed IP addresses. In the mobile application: Open the Zoho ...
Configure password policy
Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for ...
Manage security policies for users
Apply a security policy for a single user Sign in to Zoho One , then click Directory in the left menu. Go to Users, then click on a user. Click Security Policies, then either Add User to Policy or Exclude User from Policy. Disable MFA for users Sign ...
Delete a security policy
When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. In the mobile application: Open the Zoho One app on your mobile device, then tap in the ...
Configure MFA
Multi-factor authentication (MFA) adds an additional layer of security to your organization. When MFA is enabled, your users will have to verify their identity not only with their password, but also with a second factor. The second factor could be an ...