Admins reserve the right to manage users in their organization. However, there are certain restrictions imposed on admins when it comes to resetting a user's password or MFA and few other actions. These restrictions are dependent on the domain of the user's email address.
What is a domain name?
A domain name refers to the address of a website. In simple terms, if your house is a website, then the house address is the domain. When someone buys a domain, they become the domain owner. It's important for the owner to get their domain verified in Zoho One, in order to confirm their identity.
Domains can be broadly classified into verified and unverified domains.
Verified vs. unverified domains
Let's look at a scenario to explain the difference between these types of domain.
Assume that Walter has bought the domain name
zylker.com for his company. Next, he hires employees for his company, with each employee getting an email address with the domain
zylker.com, such as
megan@zylker.com and
james@zylker.com. Since Walter owns the domain, he can
verify it in Zoho One. Once it is verified, Walter can reset any employee's password.
Now, for some additional work, Walter hires external consultants. These external consultants will have corporate and personal email addresses of their own, for example, leonard@zohomail.com or antony@gmail.com. When Walter adds them to his organization in Zoho One, the domain of their email addresses cannot be verified in Zoho One since Walter doesn't own either of the domains. In such cases, Walter will not be able to reset their password.
What is the need for domain verification restriction?
By having domain verification restrictions, only the domain owner gets the authority to perform user action. If you own a domain and got it verified in Zoho One, you can perform all the user actions under that domain. However, if there are external users or users with personal emails, they will have to reset their passwords/generate backup code themselves for identification and security reasons.
Whose password can an admin reset?
Admins can reset the passwords of those users who have email addresses with verified domains. If a particular user has an email address with an unverified domain, they will have to
reset their password themselves by signing into
Zoho Accounts.
To strengthen account security and safeguard user management settings, we are imposing domain-based restrictions for user account-focused admin actions in Zoho One. The actions are as follows:
- Reset MFA
- Disable MFA
- Generate backup code for a user
- Create Mailbox
- Manage Email Address
This enhancement will prevent admins from performing these actions on users with unverified domains. This is to prevent unauthorized recovery or access attempts by ensuring that these actions are limited to users belonging to trusted, verified domains.