Configure session management
A web session refers to an authenticated instance of your Zoho One account. Put simply, a web session is created every time you sign in to your account from a browser or device, and is closed when you sign out. Signing in from your laptop is considered a web session. Signing in from a different browser in the same laptop is considered a separate web session, and signing in from a mobile browser is also considered a web session. However, signing in from a native mobile app is not considered a web session.
Unaccounted web sessions can pose serious threats to your security, which is why managing your users' sessions is an essential part of organizational administration.
The major problem posed by unaccounted sessions is that as end users, it's easy to lose track of how many unsafe browsers or devices you're currently signed in from. Let's take a look at an example. Jacalyn is a sales representative at Zylker. Due to the nature of her job, she travels around a lot and often connects to work remotely. She usually uses her laptop to connect, and sometime her mobile phone. Since those are personal devices, she never signs out of them. On rare occasions, she connects from internet cafes, and out of habit she does not sign out from them either. Now she has three active sessions, one of which is in a public computer, open for anyone to access. Jacalyn has now put her account and her organization at risk.
Zoho One's session management enables you to protect your organization from these unaccounted sessions, with these three settings:
- Session Lifetime: This setting automatically signs your users out of a session after the specified number of days. If Zylker's admin set the session lifetime as 30 days, Jacalyn will be forced to re-authenticate herself every month. If she buys a new mobile phone and sells her old one without signing out of it, the session will automatically expire in at most a month.
- Idle Session Timeout: This setting automatically signs your users out of a session if they haven't used it in the specified time period. For example, if Zylker's admin set the idle session timeout as one hour, Jacalyn's public computer session will automatically expire an hour after she stops using it, reducing the risk.
- Concurrent Sessions: This setting specifies how many browsers or devices a user can be signed in from at a time. For example, if Zylker's admin set the concurrent session as two, Jacalyn would be able to sign in from only two devices at a time. Once she comes back from the public computer and starts using her regular devices, she'll automatically be signed out of the public computer, preventing any security incidents.
Note: The configured settings will apply only to the sessions created by a user after the policy is applied to them.
In the mobile application:
For iOS devices:
- Open the Zoho One app on your mobile device.
- Tap
in the bottom-right, then tap Security Policies.
- Tap the required security policy, then tap Advanced Settings.
- Set the Session Lifetime, Idle Session Timeout, and Concurrent Sessions.
- Session Lifetime: This setting automatically signs your users out of a session after the specified number of days.
- Idle Session Timeout: This setting automatically signs your users out of a session if they haven't used it in the specified time period.
- Concurrent Sessions: This setting specifies how many browsers or devices a user can be signed in from at a time.
For Android devices:
- Open the Zoho One app on your mobile device.
- Tap
in the bottom-right corner, then tap Security Policies.
- Tap on the required security policy, then tap Advanced Settings.
- Set the Session Lifetime, Idle Session Timeout, and Concurrent Sessions.
- Session Lifetime: This setting automatically signs your users out of a session after the specified number of days.
- Idle Session Timeout: This setting automatically signs your users out of a session if they haven't used it in the specified time period.
- Concurrent Sessions: This setting specifies how many browsers or devices a user can be signed in from at a time.
In the web application:
- Sign in to Zoho One
, the click Directory in the left menu.
- Go to Security, click Security Policies, then click on the policy you want to configure.
- Go to Advanced Settings, then set the Session Lifetime, Idle Session Timeout, and Concurrent Sessions.
- Session Lifetime: This setting automatically signs your users out of a session after the specified number of days.
- Idle Session Timeout: This setting automatically signs your users out of a session if they haven't used it in the specified time period.
- Concurrent Sessions: This setting specifies how many browsers or devices a user can be signed in from at a time.
Note: To manually manage the sessions of individual users,
use the Account Activity tab in their user information page.
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Add security policy
In the mobile application: For iOS devices: Open the Zoho One app on your mobile device. Then tap in the bottom-right corner, then tap Security Policies. Tap Add, then enter the Policy Name. Under Enforced Groups, choose the groups the policy will be ...Security Policies - Overview
Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components: Password policy: This component dictates how strong the users' passwords must be and how often they have to be ...Configure password policy
Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for ...Delete a security policy
When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. In the mobile application: For iOS devices: Open the Zoho One app on your mobile device. Tap in ...Set up Zoho One
Sign up for Zoho One If you're new to Zoho, follow these steps: Go to Zoho One's homepage , then click START YOUR FREE TRIAL. Enter all the requested details, then click GET STARTED NOW. Go through the onboarding tour, choose a category to start ...
New to Zoho LandingPage?
Zoho LandingPage Resources