Configure MFA
Prerequisites
Permissions required to perform this action:
Manage MFA policy
Configure MFA:
Multi-factor authentication (MFA) adds an additional layer of security to your organization. When MFA is enabled, your users will have to verify their identity not only with their password, but also with a second factor. The second factor could be an authenticator app like Zoho OneAuth, a hardware security key (YubiKey), or an SMS-based OTP.
When MFA is enabled for a user, they will not be able to sign in without setting up their preferred authentication mode and verifying themself. You can configure the list of MFA modes your users can choose from.
To configure MFA:
- Sign in to Zoho Directory 
, then click Admin Panel in the left menu.
- Go to Security, click Security Policies, then click on the policy you want to configure.
- Go to Multi-factor Authentication, then click Setup.
- Select the authentication modes that you want your users to choose from. The available authentication modes are:
Face ID/Touch ID
Users will have to verify themselves using their fingerprint or face through Zoho OneAuth. (Face ID can only be used if the user has an iPhone or iPad device that supports it.)
Push Notification
Users will have to accept a push notification sent to their mobile device through Zoho OneAuth.
Time-based OTP
Users will have to enter a time-based one-time password generated in Zoho OneAuth.
QR Code
Users will have to scan a QR code displayed at sign-in, through Zoho OneAuth.
Google Authenticator (or similar authentication apps)
Users will have to configure an authenticator app, and enter a time-based one-time password generated in it.
Yubikey
Users will have to connect their YubiKey hardware authenticator to the device they're trying to sign in from, and verify themselves.
SMS
Users will have to enter a one-time password sent to their registered mobile number through SMS.
- Click Update Policy.