General Info: The Free plan allows only the defaut security policy. The Standard plan allows up to 5 additional security policies.
Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components:
- Password policy: This component dictates how strong the users' passwords must be and how often they have to be renewed.
- MFA: This component dictates which multi-factor authentication modes the user can use to sign in.
- Allowed IPs: This component dictates which IP addresses the user can use to sign in. Any sign-in requests from IPs that aren't allowed will be denied.
- Session management: This component dictates how many active sessions a user can have, and for how long.
Security policies in Zoho Directory are highly customizable as the strictness of the policy should depend on each user's privileges and responsibilities. For example, a Sales Representative might only need a fairly safe password policy, while a Payroll Manager might need a very strong password policy and MFA. A Sysadmin with access to the organization's directory will need maximum security, and should probably only be allowed to sign in from an allowed IP address.
You can configure multiple security policies and apply them to different groups based on your requirements. To learn more about how security policies are applied when a group has multiple policies, check
Policy Priority.