Add conditional access policy

Add conditional access policy

The steps to add conditional access policy vary for the User Interface versions supported in Zoho One. Select the UI version you use from the tabs below and proceed with the steps that follow.
Spaces UI
Unified UI
Spaces UI
  1. Sign in to Zoho One, then click  on the top-right corner.
  2. Go to the Security tab, then go to Conditional Access Policies.
  3. Click Add Policy.
  4. Enter a name for your policy, and choose what type of action should be taken based on your policy. 
  5. If you chose the Allow with MFA action, set up MFA settings.
    1. Configure MFA Factors: Select the MFA factors your users should be allowed to configure for themselves. 
    2. Browser Trust Lifetime: Select if your users can mark a browser as a trusted browser, and if they do, how long they can sign in without MFA in that browser after marking it.
    3. Backup Verification Codes: Select if users can generate and use backup verification codes to bypass MFA.
    4. Prioritize Policy Above: Select the priority of this policy with other conditional access policies with the Allow with MFA action. 
  6. Click Next.
  7. Select which type of apps the policy's conditions should be applied for.
    1. Web and mobile apps: These are Zoho's own web and mobile apps.
    2. Client apps: These are apps with limited authentication control, like mail clients. When users sign in to these types of apps, only the IP address and Country conditions will be checked due to the limitations of the apps.
  8. Configure the required conditions, and select if the policy should be applied when all conditions match, or when at least one condition matches. 
  9. Click Next.
  10. Select if the policy should be applied only for specific groups, or for everyone in your organization. You cannot edit this choice later.
  11. If you choose to apply the policy to specific groups, select the groups you want.
  12. Select if any users should be excluded from the policy, even if they are part of the selected groups (or even when you've chosen to apply the policy to everyone in your organization).
  13. Click Add. You may be asked to verify your identity by re-authenticating yourself.
Unified UI
  1. Sign in to Zoho One, then click Directory in the left menu.
  2. Go to the Security tab, then go to Conditional Access Policies.
  3. Click Add Policy.
  4. Enter a name for your policy, and choose what type of action should be taken based on your policy. 
  5. If you chose the Allow with MFA action, set up MFA settings.
    1. Configure MFA Factors: Select the MFA factors your users should be allowed to configure for themselves. 
    2. Browser Trust Lifetime: Select if your users can mark a browser as a trusted browser, and if they do, how long they can sign in without MFA in that browser after marking it.
    3. Backup Verification Codes: Select if users can generate and use backup verification codes to bypass MFA.
    4. Prioritize Policy Above: Select the priority of this policy with other conditional access policies with the Allow with MFA action. 
  6. Click Next.
  7. Select which type of apps the policy's conditions should be applied for.
    1. Web and mobile apps: These are Zoho's own web and mobile apps.
    2. Client apps: These are apps with limited authentication control, like mail clients. When users sign in to these types of apps, only the IP address and Country conditions will be checked due to the limitations of the apps.
  8. Configure the required conditions, and select if the policy should be applied when all conditions match, or when at least one condition matches. 
  9. Click Next.
  10. Select if the policy should be applied only for specific groups, or for everyone in your organization. You cannot edit this choice later.
  11. If you choose to apply the policy to specific groups, select the groups you want.
  12. Select if any users should be excluded from the policy, even if they are part of the selected groups (or even when you've chosen to apply the policy to everyone in your organization).
  13. Click Add. You may be asked to verify your identity by re-authenticating yourself.