What are the admin's privileges over organization users?
When you join an organization as a user, the admin of the organization will have certain privileges over your account. Your admin can:
- Do certain actions that you can do yourself (such as changing your password).
- Enforce you to follow certain rules and restrictions (such as enforcing multi-factor authentication, and IP-based access restriction).
- Perform critical actions (such as deleting your sessions, and deactivating your account).
The privileges of the organization admin over your account are described below:
Deactivate or close your account
Your organization admin can deactivate your account or close your account permanently, if they deem it necessary. If your account is deactivated, you will not be able to access the apps you were using before. If your account is closed, all the data associated with your account and the apps you use will be deleted.
Reset password and MFA
Your admin will be able to reset your password. If you forget your account password and are unable to reset it yourself, you can contact your admin to reset it for you.
If multi-factor authentication (MFA) is configured for your account, your admin will also be able to reset MFA for your account. So, if you are unable to verify using MFA and don't have backup verification codes, you can contact your admin to reset MFA for you. Once your admin resets MFA for your account, you can just sign in to your account without MFA and then re-configure MFA.
Enforce custom SSO authentication
If your organization's user directory is stored in a dedicated Identity Provider (such as Microsoft Entra ID, Okta, and Auth0), your admin can enforce you to sign in to your Zoho account through that Identity Provider (i.e., by using your IdP credentials instead of your Zoho credentials).
Restrict federated sign-in
Federated sign-in allows you to sign in to your account using other services such as Google, Facebook, LinkedIn by linking these external accounts with your Zoho account. However, your admin can restrict you from linking these other services with your account and signing in using them.
Enforce IP-based access restriction
Through security policies, your organization admin can set up some IP addresses as "Allowed IP addresses" and let you access your account only from those IP addresses. If such a policy is enforced, when you try to access your account from an IP address that is not in the Allowed IP addresses list, you will be denied access. Learn more about IP restriction
Enforce multi-factor authentication (MFA)
Multi-factor authentication (MFA) adds one or two extra layers of verification to your sign-in process, besides just entering your username and password. Although users can set up MFA for their account themselves, an organization admin can set up an MFA policy and enforce it for the organization users in order to dictate the organization's security practices.
Through MFA policy, the admin can define the following for organization users:
- Enforce specific MFA modes
There are four MFA modes available: Zoho OneAuth, SMS-based OTP, OTP authenticator, and Security key. The admin can set one or more of these modes as available MFA modes for your account. If your admin has set only one mode as available, you will need to set up that particular mode for your account. If there are two or more modes made available by your admin, you can choose which modes to set up for your account.
- Set MFA lifetime
If you frequently sign in from the same device using a particular browser, you can set it as a trusted browser and skip MFA verification whenever your sign in from that browser, for as long as the trust exists (i.e., MFA lifetime). Your admin can define how long this MFA lifetime should be. Your admin can also restrict you from trusting a browser, which means you will never be able to skip MFA verification.
- Allow/Restrict usage of backup verification codes
Backup verification codes allow you to recover your account if you are unable to verify using your MFA mode. You can generate these codes from accounts.zoho.com. But your admin can restrict you from generating and using these backup verification codes. If your admin has restricted backup codes and you're unable to verify using MFA, you will need to contact your admin to reset MFA for your account.
Set up and enforce password policy
Your admin can set up a password policy and enforce it for your account. Via the password policy, the admin can dictate your password's complexity, the minimum password age, and the maximum password age.
- Password complexity
The password complexity encompasses how long your password must be, whether it should contain any special characters, numbers, lowercase and uppercase alphabets.
- Minimum password age
This dictates the time duration between two successive password changes. For example, if your admin has set the minimum password age as 1 day, you can only change your password 1 day after the previous time you changed your password.
- Maximum password age
This dictates the maximum duration a password will be valid. For example, if your admin has set the maximum password age as 3 months, you will need to change your password every 3 months.
Enforce session policy
Your organization admin can define and enforce the following session policies for your account:
- Session lifetime
It means how long an active session can remain signed-in before it gets signed out automatically. By default, the session lifetime is 30 days. However, your admin can set the lifetime between 1 day to 30 days.
- Idle session timeout
It means how long an idle session can remain signed-in before it gets signed out automatically. Your admin can set the timeout up to a minimum of 30 minutes.
- Concurrent session limit
It means the maximum number of active sessions you can have at a time. The default limit is 50 concurrent sessions. However, your admin can set the limit between 1 session to 50 sessions.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Who are external users?
In the Zoho environment, certain apps follow an organization model (which represents the actual institution you're part of). Each organization will have an organization owner/super admin, and will include one or more apps under it. Let's say there ...Close your Zoho account/organization (for personal accounts and single-user organizations)
Important: If yours is an organization with multiple users present, refer to this help article for instructions. This article is applicable only to personal accounts and single-user organization accounts. Things to know before Closing account: When ...Contact organization administrator to disable MFA/reset password
You might be unable to sign in to your account due to one of the following reasons. Unable to complete multi-factor authentication (MFA) and have no recovery options configured Forgot password and unable to reset it In such a case, you can contact ...How administrators can disable/re-enable MFA for users
To disable/re-enable MFA for your organization users, we recommend using Zoho Directory. It allows you manage your users across multiple Zoho apps from a single place. Refer to instructions below However, if you have enforced MFA from other apps such ...Why have I been locked out of my Zoho account?
Our service temporarily blocks users from signing in to Zoho services if it detects any threat in the network. We manually analyze the problem and if we find that there is nothing wrong with the network being used, we enable the user's account after ...
New to Zoho LandingPage?
Zoho LandingPage Resources