• Creating security policies
• Configuring custom authentication
• Syncing with Active Directory
• Adding verified domains

This is a one-time setup that the super admin needs to configure to manage user identity, improve organization's account security, and monitor user activity and access.

Security Policy

Security policy comprises a set of rules that directs how your users authenticate themselves. There are four components that contribute to laying down security policy:

• Password policy: Dictates how strong the users' passwords must be and how often they have to be renewed.
• MFA: Dictates which multi-factor authentication modes the user can use to sign in.
• Allowed IPs: Dictates which IP addresses the user can use to sign in. Any sign-in requests from IPs that aren't allowed will be denied.
• Session management: Dictates how many active sessions a user can have, and for how long.

Custom Authentication

When you configure custom authentication, you will be enabling SAML which will allow the users to authenticate themselves through their identity provider (or domain). For instance, if SAML is enabled for examplecorp.com, users logging in from that domain will be verified and allowed to login. Once custom authentication is configured, your users can sign in without their Zoho account passwords. Learn more.

Active Directory Sync

Zoho Directory Sync is a secure and straightforward directory and password synchronization tool which helps in syncing users and their passwords in Active Directory (AD) with Zoho accounts.

Zoho Directory enables you to delegate user authentication and management to your Active Directory or LDAP server via Zoho Directory Sync (ZDSync) tool. This tool performs a one-way synchronization from your existing LDAP server to the Zoho Directory Admin Panel. This enables you to maintain all your user identities in a single place, without having to add, edit, or disable user accounts manually in the Admin Panel. As the synchronization always happens from AD to Zoho, the data in AD is never compromised.

Domains

Associate the domains you own with Zoho Directory to establish your organization's brand and simplify employee onboarding by enabling you to host your mailbox with Zoho.

The association facilitates:

• Custom email addresses: Increase your brand awareness by creating domain-based addresses for your employees
• Easy enrolment: Avoid waiting for Pending Users to accept your invitation. Enter a domain-based email address to directly add them as Confirmed Users
• Group aliases: Easily reach all members of a group by assigning a domain-based email alias for the group
• Active Directory sync: Automate employee enrolment by syncing users with domain-based email addresses from your AD or LDAP server
  

Related Topics