Conditional access - overview

Conditional access allows you to set policies that dictate how and when a user should be able to access their account. For example, you can set conditions that allow a user to sign in to their Zoho account only on certain days of the week, from certain locations, or through certain devices.

Conditions

When a policy is applied to a user, the conditions are checked for their current sign-in attempt. If the conditions match, the corresponding action will be done. Currently, the following conditions are supported:

Day of the week
Time of the day
Platform: This condition checks the OS of the device the user is signing in from. Supported options are: Windows, Mac, Linux, Android, iPhone, and iPad.
Applied routing policy: This condition checks whether the user is assigned to the mentioned routing policies or not. Learn more about routing policies
Device management status: These are conditions based on the Device Management feature. This condition checks whether the device is managed via MDM or not and what the Device Security Score of the device should be. Learn more about device management
IP address: This condition checks whether the user is trying to sign in from the approved IPs or not. IPs can be added in three ways:

Current IP: The IP you're accessing Zoho Directory from when setting up the policy is detected and auto-filled.
Static IP: You can enter a specific IP address manually.
IP Range: You can enter a range of IPs manually.

Country: This condition checks the geographical location from where the user is trying to sign in.

Actions

Actions dictate how the sign-in attempt is handled when it matches the conditions of a policy applied to a user. There are three possible actions:

Allow: If the user's sign-in attempt matches with any of the policies applied to them with the Allow action, they will be allowed to sign in.
Allow with MFA: If the user's sign-in attempt matches with any of the policies applied to them with the Allow with MFA action, they will be asked to verify with MFA before being allowed to sign in.
Deny: If the user's sign-in attempt matches with any of the policies applied to them with the Deny action, they will not be allowed to sign in.

Policies with the Allow action are checked first, Allow with MFA next, Deny last. If none of the policies match, then the default action is applied.

MFA Factors

When the Allow with MFA action is selected, you will be asked to set which MFA factors have to be used when a user matches that specific policy. The supported factors are:

Zoho OneAuth - Zoho's own authenticator app. Learn more
OTP Authenticator - Any 2FA authenticator app. Learn more
Security Key - A hardware security key. Learn more

Since these factors are configured separately for each policy, the order of priority is important for MFA policies. Learn more about policy priority

Default Action

When conditional access is set up, and a user's sign-in attempt doesn't match with any policies or fails all matching policies, the default action is carried out. The options are the same as any other policy—Allow, Allow with MFA, and Deny.

When planning your conditional access setup, it is suggested to stick with one of two approaches:

Allow by default: In this approach, set your default action to be Allow or Allow with MFA. Then set up all other policies with the Deny action. In other words, during each sign-in attempt, Zoho Directory will check the Deny conditions to see if there is any reason to deny access. If there are no reasons, then the user will be allowed to sign in.
Example policies would be having conditions such as:

Deny if the sign-in attempt is not from the selected countries
Deny if the sign-in attempt is on a Sunday
Deny if the sign-in attempt is not from the selected IP addresses

Deny by default: In this approach, set your default action to be Deny. Then set up all other policies with the Allow or Allow with MFA action. During each sign-in attempt, Zoho Directory will check if the sign-in attempt matches any of the allowed conditions. If it doesn't, then the user will not be allowed to sign-in. Example policies would be having conditions such as:

Allow if the sign-in attempt is between 9AM and 6PM
Allow with MFA if the sign-in attempt is from a managed device
Allow if the sign-in attempt is from a Mac laptop

Create. Review. Publish.

Write, edit, collaborate on, and publish documents to different content management platforms.

Get Started Now

Access your files securely from anywhere

Zoho CRM Training Programs

Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

Redefine the way you work

with Zoho Workplace

Start your free trial

Zoho DataPrep Personalized Demo

If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

Create, share, and deliver

beautiful slides from anywhere.

Get Started Now

Zoho Sign now offers specialized one-on-one training for both administrators and developers.

BOOK A SESSION

Zoho Workerly Home
Forums
Connect With Us:

Zoho Recruit Home
Forums
Connect With Us:

Start tracking your website metrics today

Use PageSense to understand what your visitors are looking for, how they are behaving, and where they are facing problems on your website.

Ready to improve your website's performance?

Install the PageSense code snippet on your site in a matter of minutes and start collecting in-depth data about the website visitors to grow your business.

Track and measure every business goal

Set up goals in PageSense to measure every single action performed by visitors on your website like button or link clicks, form submissions, and page engagements.

Understand the customer journey on your website

Create funnels in PageSense to quickly see which pages visitors use to enter your website, where they navigate to next, and which pages they decide to leave without converting.

Visualize your visitor's behavior with color codes

Set up heatmaps in PageSense to see where users have clicked more, how far they've scrolled, and on which parts of a page they've spent the most time using color-coded patterns in reports.

Measure customer engagement with your web forms

Use form analytics in PageSense to see how people interact with different fields in your form, whether they complete the form successfully or not, and where exactly they drop out on your form.

Record real visitor interactions on your website

Use session recordings in PageSense to watch a video of all the visitor actions performed on your website including the pages they navigate, the buttons they click, the UX issues they face, and more.

Test and optimize webpages for better conversions

Run A/B or Split URL tests in PageSense to figure out which version of your web page works best for your business and results in the best conversion rate.

Give each customer a unique website experience

Use personalization in PageSense to deliver customized versions of your website for every individual customer based on their demographics, local weather, browsing history, and more.

Grow your business through customer feedback

Run polls on your website using PageSense to understand what your customers think about your products/services and what needs improvement on your site.

Send timely updates that customers love

Use web push notifications in PageSense to schedule and notify your customers about an upcoming flash sale, product releases, promotional coupons, and a lot more that can spark conversions on your website.

Advertise your business to website visitors

Use pop-ups in PageSense to instantly grab the attention of visitors by showing attractive signup offers, coupon code discounts, or email newsletters that can eventually convert them into subscribers.

Access more advanced settings in PageSense

Use PageSense's advanced features like creating mutually exclusive groups, enabling cross-domain tracking, configuring customized project JS, and more to get deeper insights about your website.

Try easy-to-use extensions

Download the PageSense extension app available for your web browser with a few clicks and start collecting all of your required website metrics in real time.

Discover your favorite integrations with PageSense

Get a deeper look at your website's data by seamlessly integrating PageSense with a host of popular third-party apps like Google Analytics, Mixpanel, Intercom, and more.

Quick Links	Workflow Automation	Data Collection
Web Forms	Enterprise	Online Data Collection Tool
Embeddable Forms	Banking	Begin Data Collection
Interactive Forms	Workplace	Data Collection App
CRM Forms	Customer Service	Accessible Forms
Digital Forms	Marketing	Forms for Small Business
HTML Forms	Education	Forms for Enterprise
Contact Forms	E-commerce	Forms for any business
Lead Generation Forms	Healthcare	Forms for Startups
Wordpress Forms	Customer onboarding	Forms for Small Business
No Code Forms	Construction	RSVP tool for holidays
Free Forms	Travel	Features for Order Forms
Prefill Forms	Non-Profit
Intake Forms	Legal	Mobile App
Form Designer	HR	Mobile Forms
Card Forms	Food	Offline Forms
Assign Forms	Photography	Mobile Forms Features
Translate Forms	Real Estate	Kiosk in Mobile Forms
Electronic Forms
Drag & drop form builder
Notification Emails for Forms	Alternatives	Security & Compliance
Holiday Forms	Google Forms alternative	GDPR
Form to PDF	Jotform alternative	HIPAA Forms
Email Forms	Formstack alternative	Encrypted Forms
	Wufoo alternative	Secure Forms
		WCAG

Quick Links

New to Zoho Writer?

Signup Now

Zoho Writer

What's new

Help Guide

Blogs

Forums

Webinars

API

Developers

Build Extensions

Create. Review. Publish.

Write, edit, collaborate on, and publish documents to different content management platforms.

Get Started Now

Zoho Campaigns Resources

Campaigns Community Learning Series

New to Zoho CRM Plus?

Deliver unforgettable customer experiences

ACCESS ZOHO CRM PLUS

New to Zoho CRM Plus?

Deliver unforgettable customer experiences

ACCESS ZOHO CRM PLUS

New to Zoho Marketing Plus?

Everything you need to run your marketing

ACCESS ZOHO MARKETING PLUS

New to Zoho Marketing Plus?

Everything you need to run your marketing

ACCESS ZOHO MARKETING PLUS

Zoho Pagesense Resources

You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.

New to Zoho Survey?

Access Zoho Survey

Latest Feature Updates

Explore our Pricing & Plans

Zoho Survey Resources

Android Mobile Surveys

Insurvey Blogs

Insight Blogs

Tips & Tricks

New to Zoho Social?

Manage your brands on social media

Access Zoho Social

Desk Community Learning Series
Digest
Functions
Meetups
Kbase
Resources
Glossary
Desk Marketplace
MVP Corner
Word of the Day
Ask the Experts

Zoho Sheet Resources

New to Zoho Forms?

Latest Feature Updates

Explore our Pricing & Plans

Zoho Forms Resources

Secure your business

communication with Zoho Mail

Get started

Mail on the move with

Zoho Mail mobile application

Go Mobile

Stay on top of your schedule

at all times

Get started

Carry your calendar with you

Anytime, anywhere

Get started

Latest Announcements

New to Zoho Sign?

Zoho Sign Resources

Sign, Paperless!

Sign and send business documents on the go!

Get Started Now

Zoho SalesIQ Resources

New to Zoho TeamInbox?

Zoho TeamInbox Resources

Connect with us

New to Zoho ZeptoMail?

LEARN MORE

Latest Feature Updates

Zoho DataPrep Resources

New to Zoho DataPrep?

Access Zoho DataPrep

Zoho DataPrep Demo

Get a personalized demo or POC

Design. Discuss. Deliver.

Create visually engaging stories with Zoho Show.

Get Started Now

New to Zoho Workerly?

Access Zoho Workerly

New to Zoho Recruit?

Access Zoho Recruit

New to Zoho CRM?

Signup Now

Access Zoho CRM

Latest Feature Updates

New to Zoho Projects?

Access Zoho Projects

New to Zoho Sprints?

Access Zoho Sprints

New to Zoho Assist?

Access Zoho Assist

New to Bigin?

Signup Now

Access Bigin

Latest Feature Updates

Related Articles
Groups - Overview
Groups are used in Zoho Directory to simplify user management. Groups allow you to provide app access to and enforce security policies for multiple users simultaneously. If you're using Zoho Mail, you will also be able to create email aliases for ...
Rename conditional access policy
Sign in to Zoho Directory, then click Admin Panel in the left menu. Go to the Security tab, then go to Conditional Access Policies. Click on the policy you want to rename, then click Rename. Enter the new name, then click Rename.
Delete conditional access policy
Sign in to Zoho Directory, then click Admin Panel in the left menu. Go to the Security tab, then go to Conditional Access Policies. Click on the policy you want to delete, click the icon, then click Delete. Confirm your action by clicking Delete ...
Deactivate conditional access policy
Sign in to Zoho Directory, then click Admin Panel in the left menu. Go to the Security tab, then go to Conditional Access Policies. Click on the policy you want to deactivate, click the icon, then click Deactivate. Confirm your action by clicking ...
Edit conditional access policy
Sign in to Zoho Directory, then click Admin Panel in the left menu. Go to the Security tab, then go to Conditional Access Policies. Click on the policy you want to edit. Use the sub-tabs to edit the policy: Policy Info: You can add or remove users to ...