Security Policies Migration
Overview
The security policies have been revamped with a new set of configurations and policies designed to enhance your users’ login experience. We have introduced four new policies, each with unique functionality to provide greater flexibility in managing your organization’s authentication process.
The new set of policies includes:
1. Conditional Access Policies
Conditional access allows you to set policies that dictate how and when a user should be able to access their account. For example, you can set conditions that allow a user to sign in to their Zoho account only on certain days of the week, from certain locations, or
through certain devices.
2. Routing Policies
Routing policies enable you to decide which of your users must use which authentication modes to sign in with.
3. Identity Providers
Identity providers enables both SAML and JWT single sign-on (SSO) from your preferred identity providers to Zoho Directory.
4. Security Policies
Security policies provide you with a customizable password policy and advanced settings.
To learn more about the policies, click here.
Your existing setup will be automatically migrated into this new structure, allowing you to configure more advanced and secure policies for your users.
Security Policies Migration
1. Multi-Factor Authentication (MFA)
If you have configured MFA for a policy and selected any authentication mode for your users, your existing setup will be migrated to the Conditional Access Policies.
In Conditional Access Policies:
- MFA is configured as an action.
When migrated, a Conditional Access Policy will be created with the following settings:
- Condition: None
- Action: Allow with MFA (with your previous authentication mode)
When a policy member attempts to sign in, the “Allow with MFA” action will be triggered, prompting users to authenticate using multi-factor authentication. To learn more about Conditional Access Policies, click here.
If Allow Passwordless Sign-in was disabled for any user then, a routing policy will be created for the user with Password as the authentication mode.
2. Allowed IPs
If Allowed IPs were configured for a policy, the specified IP addresses will be migrated to the Conditional Access Policies.
In Conditional Access Policies:
- Allowed IPs is referred as IP address.
- IP address is configured as a condition.
When migrated, a Conditional Access Policy will be created with the following settings:
- Condition: IP Address (the IP address will retain the name of your original policy and will be selected here)
- Criteria: IP is not
- Action: Deny access
When a policy member attempts to sign in from an IP address that does not match the specified condition, the action "Deny access" will be triggered, blocking the user's sign-in attempt. To learn more about Conditional Access Policies, click here.
3. Session Lifetime and Idle Session Timeout
If Session Lifetime and Idle Session Timeout are configured under Advanced Settings within Security Policies, both settings will be migrated to the Routing Policies.
When migrated:
- A Routing Policy will be created and Session Settings will be configured.
- With this, you can continue to manage users’ web sessions efficiently, enhancing security and user experience.
To learn more about Routing Policies, click here.
4. Device Management
If Device Management is configured for users, the existing setup will be migrated to the Conditional Access Policies.
In Conditional Access Policies:
- Device Management is referred to as Device management status.
- It is configured as a condition.
When migrated, a Conditional Access Policy will be created with the following settings:
- Condition: Device management status
- Criteria: Unmanaged Device
- Action: Deny access
When a policy member attempts to sign in with an unmanaged device that meets this condition, the action "Deny access" will be triggered, blocking the user's sign-in attempt. To learn more about Conditional Access Policies, click here.
5. Multiple Configurations
If Allowed IPs, Device Management, and MFA are all configured for a user under a single security policy, two separate policies will be created under Conditional Access Policy.
Policy 1 with two conditions: A policy will be created with the following settings:
- Condition 1: IP address (the IP address will retain the name of your original policy and will be selected here)
- Criteria: IP is not
- Condition 2: Device management status
- Criteria: Unmanaged Device
- Action: Deny access
This will restrict the user from signing in from any location other than the specified IP address and block user's sign-in from unmanaged devices.
Policy 2: A policy will be created with the following settings:
- Condition: None
- Action: Allow with MFA (with your previous authentication mode)
This ensures users can sign in only after completing multi-factor authentication. To learn more about Conditional Access Policies, click here.
6. Custom Authentication
If you have added IdPs in Custom Authentication and have assigned groups to be authenticated through those IdPs, the setup will be migrated to Routing Policies as authentication mode.
In Routing Policies:
- Custom Authentication is referred to as Identity Providers.
- It is configured as an authentication mode.
When migrated:
- The existing IdP setup will be added to Identity Providers.
- A Routing Policy will be created and assigned to the same users.
- The IdP that is added will be selected as the authentication mode under the Routing Policy.
- The members belonging to these groups will be required to sign in using the same IdP.
To learn more about Routing Policies, click here.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Exempt users from security policies
Go to Zoho Directory. Click Admin panel on the left menu. Select Security. You will land on the Security Policies tab, where you can view the security policies added so far. If you have not added a security policy yet, add one. Click on the security ...Roles and Permissions
The Helpdesk Admins will no longer be able to manage the security operations of your organization. With the new update and additional policies, we have reverted the security permissions of the Helpdesk Admin role and introduced the Security Admin ...Subscription
Previously, all the security features were grouped under Security Policy. With the new update, the policy structure has been redesigned, and the subscription plan has been updated to reflect this change. What's Changing? We are updating and ...Import users to Zoho Directory from other cloud identity solutions
Transferring user information from one identity provider to another can be tedious, and requires utmost care and effort, since even one mistake can lead to data breaches or loss. Zoho Directory provides you with different ways to import your users. ...Configure lock period settings
Pre-requisites: Org owner Org admin To access and impose lock period settings: Log in to Zoho Directory, then click Admin Panel. Go to Security from the left menu. Click open a security policy. If there isn't one added, learn how to add a security ...
New to Zoho LandingPage?
Zoho LandingPage Resources