Security Policies - Configure MFA | Admin Guide - Zoho One

Configure MFA

Multi-factor authentication (MFA) adds an additional layer of security to your organization. When MFA is enabled, your users will have to verify their identity not only with their password, but also with a second factor. The second factor could be an authenticator app like  Zoho OneAuth, a hardware security key (YubiKey), or an SMS-based OTP.

When MFA is enabled for a user, they will not be able to sign in without setting up their preferred authentication mode and verifying themself. You can configure the list of MFA modes your users can choose from.

 In the mobile application: 

For iOS devices:

  1. Open the Zoho One app on your mobile device, then tap in the top-right corner.
  2. Tap in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Multi-Factor Authentication.
  4. Tap the toggle bar to enable MFA.
  5. Select the required MFA modes.
  6. Set MFA Lifetime and enable backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser.
  7. Tap Save.
To disable an MFA policy:
  1. Open the Zoho One app on your mobile device, then tap in the top-right corner.
  2. Tap in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Multi-Factor Authentication.
  4. Tap the toggle bar to disable MFA.
  5. Tap Update.

For Android devices:

  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom-right corner, then tap Security Policies.
  3. Tap on the required security policy, then check Multi-factor Authentication.
    1. If you are enabling MFA for the first time for that policy, tap the toggle bar to enable it. Select the required MFA modes.
    2. If MFA is already applied for that policy, then proceed to select the required MFA modes.
  4. Set MFA lifetime and enable the option for users to use backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser.
  5. Tap in the top-right corner.
To disable an MFA policy:
  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom-right corner, then tap Security Policies.
  3. Tap on the required security policy, then uncheck Multi-factor Authentication.
  4. Enter your password, then tap Disable

In the web application:

  1. Sign in to Zoho One  open in new tab icon , then click Directory in the left menu.
  2. Go to  Security , click  Security Policies , then click on the policy you want to configure.
  3. Go to Multi-factor Authentication , then click Setup .
  4. Select the authentication modes that you want your users to choose from. The available authentication modes are:
    OneAuth
    Users will have to sign in using OneAuth. If Enforce Face ID/Touch ID is enabled, users will need to configure their biometrics in OneAuth to sign in. If Allow Passwordless Sign-in is enabled, users can sign in through push notifications, time-based OTPs generated in OneAuth, or by scanning the QR code.
    OTP authenticator
    Users will have to sign in using an authenticator app. A time-based OTP (TOTP) will be generated, which needs to be entered when signing in. OneAuth provides this option for your Zoho account as well as third-party accounts.
    YubiKey
    Users will have to connect their YubiKey hardware authenticator to the device they're trying to sign in from, and verify themselves.
    SMS-based OTP
    Users will have to enter a one-time password sent to their registered mobile number through SMS.

  5. Set MFA Lifetime and enable backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser. 
  6. Click Update Policy.
To remove an MFA policy:
  1. Sign in to Zoho One   , then click Admin Panel in the left menu.
  2. Go to Security , then click Security Policies.
  3. Click on the policy for which you want to remove MFA.
  4. Go to Multi-factor Authentication , scroll down and click Remove MFA.
  5.  Note: Policy priority changes when a policy is removed. 
  6. Enter your password, then click Yes, Remove.
  7. Note: If an MFA policy is removed, the next policy having the top priority will be applied to the user. If there is only one remaining policy, then the default policy will hold good for the user. 

    Zoho CRM Training Programs

    Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

    Zoho CRM Training
      Redefine the way you work
      with Zoho Workplace

        Zoho DataPrep Personalized Demo

        If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

        Zoho CRM Training

          Create, share, and deliver

          beautiful slides from anywhere.

          Get Started Now


            Get started with Zoho Sign

            in a few quick steps!

            Download Help Guide





                      Still can't find what you're looking for?

                      Write to us: support@zohoforms.com


                            




                            

                        Zoho Marketing Automation

                          Zoho Sheet Reources

                           




                              Zoho Forms Resources


                                Secure your business
                                communication with Zoho Mail


                                Mail on the move with
                                Zoho Mail mobile application

                                  Stay on top of your schedule
                                  at all times


                                  Carry your calendar with you
                                  Anytime, anywhere




                                        Zoho Sign Resources

                                          Sign, Paperless!

                                          Sign and send business documents on the go!

                                          Get Started Now


                                              Zoho SalesIQ Resources



                                                  Zoho TeamInbox Resources



                                                          Zoho DataPrep Resources



                                                            Zoho DataPrep Demo

                                                            Get a personalized demo or POC

                                                            REGISTER NOW


                                                              Design. Discuss. Deliver.

                                                              Create visually engaging stories with Zoho Show.

                                                              Get Started Now











                                                                                    • Related Articles

                                                                                    • Configure password policy

                                                                                      Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for ...
                                                                                    • Add security policy

                                                                                      In the mobile application: For iOS devices: Open the Zoho One app on your mobile device, then tap in the top-right. Tap in the bottom-right, then tap Security Policies. Tap Add, then enter the Policy Name.  Choose the groups the policy will be ...
                                                                                    • Security Policies - Overview

                                                                                      Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components: Password policy: This component dictates how strong the users' passwords must be and how often they have to be ...
                                                                                    • Delete a security policy

                                                                                      When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. In the mobile application:  For iOS devices: Open the Zoho One app on your mobile device, then ...
                                                                                    • Policy must be used by at least one group. Apply policy to another group and try again.

                                                                                      Description You may encounter this error when you're trying to remove the only applicable group from a security policy. Reason Security policies have to be applied to groups in order to affect the members of the groups. Without being applied to a ...
                                                                                    Wherever you are is as good as
                                                                                    your workplace

                                                                                      Resources

                                                                                      Videos

                                                                                      Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.



                                                                                      eBooks

                                                                                      Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.



                                                                                      Webinars

                                                                                      Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.



                                                                                      CRM Tips

                                                                                      Make the most of Zoho CRM with these useful tips.



                                                                                        Zoho Show Resources