Feature update: Advanced security settings

Feature update: Advanced security settings

We've previously written about how using security policies could be beneficial for admins. To enable you to better protect your organization, we've come up with a few additional settings for security policies in Zoho One that can be used to regulate your users' web sessions.

What are web sessions?

A web session refers to the period of time you stay signed in to your Zoho One account. You create a new web session every time you sign in to Zoho One (or any of its included apps), and this session exists until you sign out.

Why is session management important?

Although defining web sessions is easy, managing them isn't. As end users, we often create new web sessions (and forget them) without even realizing it. Today, everyone has at least two devices and uses at least two browsers (and a few in-app mobile browsers) in each of those devices. On top of this, we often use a friend or relative's device to type out a late-night email or reply to a colleague's message. Every time we sign in to our account on these various browsers, we end up creating concurrent web sessions. However, we rarely sign out of these sessions manually, resulting in unaccounted sessions.
These unaccounted sessions could expose your organization's data to insecure devices or software, and consequently to malicious parties.

How to use session management to mitigate these threats?

As an admin, you can now enforce a secure session management policy for your entire organization using these three settings:
  • Session lifetime
  • Idle session timeout
  • Concurrent sessions

Regulating session lifetime

Session lifetime refers to the maximum period of time a user can stay signed in on a browser or device before being forcefully signed out of it. If your session lifetime is set as 30 days, you'll be signed out 30 days after signing in to your account, even if it is on a browser or device that you use everyday.

Setting up idle session timeout

Idle session timeout refers to the maximum period of time users can sign in and stay inactive on a browser or device before being forcibly signed out of it. For example, assume your idle session timeout is set as three hours. If you spend more than three hours away from Zoho One, you'll be automatically signed out.

Limiting concurrent sessions

Concurrent sessions refer to multiple sessions present in different browsers or devices at the same time. For example, you might be signed in to your account on your laptop as well as your mobile at the same time. Or you might be signed in on two different browsers in your laptop at the same time. Limiting the number of concurrent sessions you're allowed to have will protect you from creating too many unaccounted sessions. Once you reach the maximum number of sessions, you'll be forced to clear your older sessions, thereby signing you out of all other sign-ins.

Besides enforcing these settings through security policies, you can also use the Account Activity subtab in a user's information screen to monitor and manage an individual user's active sessions.
To learn more about configuring session management, go through our Knowledge Base article on it.


We hope this was useful. Have any thoughts or questions about the new feature? Drop a comment, and we'll discuss.


    • Sticky Posts

    • Connect with Zoho users from your industry, virtually!

      A couple of years ago, we started setting up industry-wise channels for users with similar businesses to chat and discuss Zoho contextually. We started with Real Estate and E-commerce sectors, creating a chatroom and hosting regular meetups on niche areas
    • Feature update: Advanced security settings

      We've previously written about how using security policies could be beneficial for admins. To enable you to better protect your organization, we've come up with a few additional settings for security policies in Zoho One that can be used to regulate your users' web sessions. What are web sessions? A web session refers to the period of time you stay signed in to your Zoho One account. You create a new web session every time you sign in to Zoho One (or any of its included apps), and this session exists
    • Recent Topics

    • Allow a brand to connect multiple facebook pages at the same time

      Our company have multiple facebook pages to represent, every branch, right now we can only link one facebook page, so we can only recive messages from one branch. It would be nice to be able to connect all pages.
    • 5名限定 課題解決型ワークショップイベント Zoho ワークアウト開催のお知らせ (12/19)

      ユーザーの皆さま、こんにちは。Zoho ユーザーコミュニティチームの藤澤です。 12月開催のZoho ワークアウトについてお知らせします。 ※定員に達したため、受付を終了しました。 ━━━━━━━━━━━━━━━━━━━━━━━━ Zoho ワークアウトとは? Zoho ユーザー同士で交流しながら、サービスに関する疑問や不明点の解消を目的とした「Zoho ワークアウト」を開催します。 Zoho サービスで完了させたい設定やカスタマイズ、環境の整備など……各自で決めた目標達成に向け、 他の参加者と同じ空間で作業を行うイベントです。先輩ユーザーや他の参加者と意見交換をしながら集中して作業に取り組むことが可能です。
    • Whatsapp reply not reflected under Tickets for offline agent

      Hi, We are encountering a situation where WA response from customer is not reflected under tickets (if the agent handling the case previously is not active due to off day/ MC). The ticket will remain in the offline agent's queue until agent is back to
    • Missing Folders on iPhone Zoho Mail

      Under mailboxes on my iPhone, I don't have an inbox, sent folder, deleted photo, etc. See pics.
    • Select CRM Custom Module in Zoho Creator

      I have a custom module added in Zoho CRM that I would like to link in Zoho creator.  When I add the Zoho CRM field it does not show the new module.  Is this possible?  Do i need to change something in CRM to make it accesible in Creator?
    • Send Whatsapp with API including custom placeholders

      Is is possible to initiate a session on whatsapp IM channel with a template that includes params (placeholders) that are passed on the API call? This is very usefull to send a Utility message for a transactional notification including an order number
    • Increase Round Robin Scheduler Frequency in Zoho Desk

      Dear Zoho Desk Team, We hope this message finds you well. We would like to request an enhancement to the Round Robin Scheduler in Zoho Desk to better address ticket assignment efficiency. Current Behavior At present, the Round Robin Scheduler operates
    • Separate One-Time Mentions from Ongoing Ticket Following in Zoho Desk

      Dear Zoho Desk Support Team, We are writing to request an enhancement to the mention functionality within Zoho Desk. Currently, when an agent is mentioned in a ticket, they receive notifications for all subsequent activity on that ticket, similar to being
    • Mass update Accounts in Zoho Desk

      We used the integration feature to bring in all of our accounts from Zoho CRM. While all of the names and links are in place, on the Zoho Desk side the email, phone, website, and address fields are blank. By going into each account I can select "Update
    • Vivaldi will not open the Zoho Mail app when I click a email link in the browser

      I'm running Vivaldi on Arch with the Plasma desktop and have under default applications Zoho Mail set as my default email client. Whenever I click a email link in Vivaldi I get the below when it should be launching Zoho. Any ideas on rectifying this issue?
    • Digital publisher

      Kinetic Digital Publisher provides comprehensive digital publishing services, including eBook creation, formatting, cover design, and marketing. We help authors publish and promote their work across online platforms with ease.
    • Time Zone Correction with Daylight Savings Time

      Hey, I'm writing a series of reports where the source data is synced from an external source which stores the date/time information in GMT, but I want the reports to be in local time. Now, I understand there is the CONVERT_TZ function which allows me
    • Load form in iframe without header

      I am trying to load a form into an iframe without the header, but I am not having any luck. I am using openUrl() to load the iframe with the form URL and zc_Header set to false, e.g. #Form:Add_Case?zc_Header=false but it is still loading the header. Any
    • Filter embedded report

      How to filter embedded report in a page, below code is not working. dateField => startDate & dateField=< endDate The report should print on page containing records from startDate to endDate. params='zc_Header=true&amp;Service_Date__gte=<%=startDate%>&amp;Service_Date__lte=<%=endDate%>'
    • Creator Simplified #5: Set file upload restrictions in Zoho Creator

      Hey Creators, Welcome to the next post in the Creator Simplified series. Today, we’ll explore how to implement file upload restrictions to limit user submissions to specific file types. By implementing an allowed list for file uploads, you can optimize
    • Field Type: Address, Change District/State to Dropdown with picklist??

      Using the Address Field type, is there a way to make the District/State field be a dropdown with a picklist so the users can select rather than type the state name every time? I know this can be done if I use a drowdown field for the State (or entire address information), but that isn't as tidy as using the address field type. I apologize if this is a duplicate. I posted this question the other day, or so I though. Can't find that post.
    • cutomized fields are not showing up in zoho creator from zoho crm

      We have customized fields in zoho crm under accounts module like "Last production upgrade" --> This field is a date. When created a solution in zoho creator i couldn't find any of the customized fields. Would you please help me on this matter? Thanks
    • How to Add Bulk Data in Zoho Creator Forms Using Deluge Without Exceeding Execution Time Limit

      I have a database form with a column named 'Product Name' containing 8000 values in a Zoho Creator form. In another form named 'Returns Data,' I have a column with the same name, 'Product Name.' How do I add these 8000 values to the 'Returns Data' form
    • Open New Free Zoho Account

      Hi Team, Do you guys offer a free email hosting? I do have a domain already. If yes, what is the process to open the new account? Thanks,
    • 554 5.7.1 : Recipient address rejected: user info@intimspace.de does not exist

      554 5.7.1 : Адрес получателя отклонен: пользователь info@intimspace.de не существует I can't send an email to Google at info@intimspace.de. An error comes. I entered everything correctly in DNS https://zohomail.tools/#domainDetails/intimspace.de/ALL
    • Emails going back unread

      Hi all, When in Zoho mail - when I recieve a new mail it puts back all emails read that day back to unread - I then have to go back through and open all emails I have already read! Gets very annoying... Any idea on the bug fix?
    • Been getting this error, every now and then "Get count limit exceeded, please try again after 3 mins"

      it is really annoying.
    • Constraints on Tasks

      We have a use case where we have certain fixed date tasks and need to schedule predecessor tasks around these. Predecessor tasks need to be completed with a lag before the fixed date. We should be able to schedule the start and end date for predecessor
    • Moving Project Dependencies Not Moving Precedessors

      Most of the time we want to base our start dates around an event that is in the middle of the project template. If I set a bar up at the date we want it, it doesn't move the predecessors up. Is there a way to change this? eg. there is no point starting
    • Can you set task due dates to be "x" days before the milestone?

      We have a milestone set as the date of our first event. All of the tasks need to happen in increments prior to the milestone event. Is there a way to configure this without having to set up each task due date? Thanks!
    • Default ticket template in helpcenter

      Hello, I have a web form and a ticket template created. How can I make that my default ticket template? If an user clicks New ticket or create a ticket, I want that template to be the default one. Thank you for the time and info.
    • Expanded data-capturing capabilities with enhanced tabular sections

      We are thrilled to announce an update to Zoho Recruit that brings even more flexibility and customization to your recruiting process. With the addition of 10 new field types to the tabular sections, you now have the power to enhance your tabular sections
    • Integration of Business Hours in Email Templates

      Dear Zoho Desk Team, We would like to propose a feature enhancement to Zoho Desk that would greatly improve the utility of the Business Hours settings and streamline communication with our clients. Feature Request: Integration of Business Hours in Email
    • Add Owner to deluge-created module record note

      Is it possible to include the "owner" aka "creator", of a Note when creating it via delulge? This sets "superadmin" as the Note creator. I need to override it. notemap = Map(); notemap.put("Parent_Id",program_contact_id); notemap.put("Note_Content",program_contact_data.get('Note'));
    • Blueprint - Field Validation Criteria (During)

      When setting validation criteria elsewhere in Zoho, or even workflow criteria etc., there are Is Empty and Isn't Empty options.  Within the Field Validation Criteria within Blueprint, those options aren't available.  Is there a particular reason for this? 
    • Delete Field that is used in a Zoho Flow connection

      I'm trying to delete a Field used in a Webhook created by Zoho Flow with CRM Connection and i get the following alert: When going to the alert i get to the following issue, can't edit it since its been deployed by a pluggin But yes i have here the prompted
    • Use image on img HTML tag

      Hi how could I do to use my image saved in Workdrive to use it in an HTML img tag ? I need to display it on my website without having to use iframes. Regards,
    • ZOHO Compain emails going to spam after authentication is successful

      Hello, I am frustrated right now. I have recently setup the zoho email compaign, The auto responder email went to receipient spam folder. then, I researched a lot and completed authentication (SPF, DKIM) in email deliverability, email relay in zoho crm.
    • Security Policies

      To protect against cyber threats and attacks, organizations need to set up security policies for their employees' accounts. Security policies are rules and regulations for every individual or group using the organization's assets and resources. Enabling
    • Zoho CRM functions editor is not in the programming language deluge

      I am trying to write a function for a button. I helped someone before in deluge and I'm using this new editor I'm not familiar with - I guess it is new. Why is the default code statically typed? The editor will not let me create a variable without a type.
    • "Age in Days" calculation in Advanced Analytics

      Hi Can someone advise how this is calculated? I am getting values on this report which I cannot understand. Thank you
    • Automatically set quotes to "lost" if deal is set to lost

      Hi, Is there a way to automate that if a deal (opportunity) is lost the related quotes are also set to lost? Thanks!
    • Subdomain

      How can i make subdomain in my zoho website
    • A/R Aging Details shows wrong aging days

      In the A/R Summary Report all of the invoices are in the right aging buckets. When I run the A/R Aging Details report I get aged dates of +300 days when they should be in the 0-90 day range.
    • Global Choice List share ownership

      I have created several forms that use one or more Global Choice Lists. These lists have been published to Org. I would like to allow one or more admins to edit the choices in these lists. Any help appreciated. Geoff
    • Next Page