Authentication & Authorization
Authentication
Verifying the identity of a user is called authentication. The authentication process includes:
1. Checking the password, token, or some other piece of information that proves their identity and confirms that the user is who they claim to be.
2. Once the authentication is complete, the authenticated user is given access to the resources they are permitted to access.
3. In short, it verifies the user's identity and checks whether they are who they say they are, using their digital identity.
For example, your passport, tickets, and other identification documents are checked before you board a plane. Similarly, a computer system checks whether you are who you claim to be before giving the access to digital resources.
How does this work?
The process of authentication requires factors that computer systems can measure. The authenticating factors that are used to verify a user's identity are as follows:
1. Knowledge factor (something the person knows)
Entering a password or answering personal questions is the most common type of knowledge-based authentication factor. In simple terms, only the person who knows the password or answers personal questions correctly can gain access to the resources.
2. Possession factor (something the person has)
This authentication factor requires a mobile phone, OTP authenticator, or hardware security keys such as YubiKey or Titan Security Key. For example, say a user tries to sign in to their account using their username and password, and requests access to that system. A one-time password (OTP) is generated and sent to the user's mobile number. Once the user enters the OTP that was sent to their mobile number, they get access to that particular system. The user must be in possession of the mobile number that gets the OTP in order to access the system.
3. Inherent factor (something the person is)
Inherent authentication factor requires the user's unique qualities that can be accessed only by them, such as biometric information. Computer systems often require users' fingerprints or facial recognition to authenticate the user under inherent authentication.
Authorization
Once the user is authenticated, the next step is authorization. Authorization is the process of giving someone permission to do or have something. During authorization, a system verifies an authenticated user's access rules, and either grants or denies resource access. It permits access for the right user to use the right resources like systems, applications, files, and more.
Authentication is the process of verifying the user, while authorization is the process of checking what they have access to. It determines what the user can and cannot access. The authorization process is executed only after successful authentication.
If a user is unable to prove their identity, they won't be allowed into resources. Access to a resource is protected by authentication as well as authorization. These are the most important parts of IAM.
For example, when you board a plane, say you're allowed to sit in seat number 5A, which is allotted for you. Only you have permission to sit in that seat. Similarly, once the user is authenticated, they gain access to do only the activities they are authorized to do.
Topic Participants
Reena Rai N
Recent Topics
Cant Save Gauge on Creator Page
How to Save Gauge on Creator Page see movie https://vimeo.com/1116410860?share=copy#t=0Apply Advance option not shown in report
We are facing an issue in Zoho Expenses. While approving an Expense Report, the "Apply Advance" option is not appearing under the three dots (More Options). Details: Module: Expense Reports Issue: "Apply Advance" option not visible Status of Report: AwaitingAuto Capitalize First Letter of Words
Hi I am completely new to ZOHO and am trying to build a database. How can i make it when a address is entered into a form field like this: main st it automatically changes is to show: Main St Thank YouFollow-up emails via Workflow Automation not staying in the same thread
Dear Zoho Support Team, I am currently using Workflow Automation in Zoho Campaigns to send follow-up emails. In my test case, I noticed the following behavior: All emails in the automation have the same subject line. If the follow-up email is sent withinClient Script refuses to set an initial value in Subform field
I tried a very simple, 1 line client script to set a default value in a custom subform field when the "Add Row" button is clicked and the user is entering data. It does not work - can someone tell me why? ZDK documentation suggests this should be doable.Emails Are Not Being Delivered to My Inbox
Hello Zoho Support Team, I am experiencing an issue with my Zoho Mail account. The most important problem is that emails are not being delivered to my inbox. Details: My Zoho Mail address: info@coreforcelife.com What happens: I am not receiving any incomingHelp Center IFrame Issue
I have had a working Help Center on my website using an iframe for a while. But now for some reason the sign in page gets a refused to connect error. Can someone please help. If I go to the url manually it works correcltyComment Templates
Is it possible to add a template option for comments? We have some agents in the process who's responses require a pre-formatted layout. It would be incredibly handy to have a template for them where they can insert the template and then add their responses[ZohoDesk] Improve Status View with a new editeble kanban view
A kanban view with more information about the ticket and the contact who created the ticket would be valueble. I would like to edit the fields with the ones i like to see at one glance. Like in CRM where you can edit the canvas view, i would like to editAdding Markdown text using Zoho Desk API into the Knowledge Base
Hi Zoho Community members, We currently maintain the documentation of out company in its website. This documentation is written in markdown text format and we would like to add it in Zoho Knowledge Base. Do you know if there is REST API functionalityAn Exclusive Session for Zoho Desk Users: AI in Zoho Desk
A Zoho Community Learning Initiative Hello everyone! This is an announcement for Zoho Desk users and anyone exploring Zoho Desk. With every nook and corner buzzing, "AI's here, AI's there," it's the right time for us to take a closer look at how the AIShared values: From classroom lessons to teaching moments in customer service
While the world observes Teachers’ Day on October 5, in India, we celebrate a month earlier, on September 5, to mark the birth anniversary of Dr. Sarvepalli Radhakrishnan, a great teacher, renowned scholar, educationist, and advocate for empowerment.Create a list of customers who participated in specific Zoho Backstage events and send them an email via Zoho CRM
How to create a list of customers who participated in specific Zoho Backstage events and send them an email via Zoho CRM? I was able to do a view in CRM based on customer that registered to an event, but I don't seems to be able to include the filterZoho Desk blank page
1. Click Access zoho desk on https://www.zoho.com/desk/ 2. It redirects to https://desk.zoho.com/agent?action=CreatePortal and the page is blank. Edge browser Version 131.0.2903.112 (Official build) (arm64) on MacOSI hate the new user UI with the bar on the left
How can I reverse this?Question regarding import of previous deals...
Good afternoon, I'm working on importing some older deal records from an external sheet into the CRM; however, when I manually click "Add New Deal" and enter the pertinent information, the deal isn't appearing when I look at the "Deals" bar on the account'sClient Script also planned for Zoho Desk?
Hello there, I modified something in Zoho CRM the other day and was amazed at the possibilities offered by the "Client Script" feature in conjunction with the ZDK. You can lock any fields on the screen, edit them, you can react to various events (fieldOne person/cell phone to manage multiple accounts
Hi. I have a personal Free account to keep my own domain/emails. Now I need to create a Business account to my company's own domain, but I have only one mobile phone number I use to everything. How do I do to manage this? Can I manage a Free domain andTracking KPIs, Goals etc in People
How are Zoho People users tracking employee targets in People? For example, my marketing assistant has a target of "Collect 10 new customer testimonials every month". I want to record attainment for this target on a monthly basis, then add it to theirZoho Desk: Ticket Owner Agents vs Teams
Hi Zoho, We would like to explore the possibility of hiding the ‘Agents’ section within the Ticket Owner dropdown, so that we can fully utilise the ‘Teams’ dropdown when assigning tickets. This request comes from the fact that only certain agents andCan not Use Attachment Button on Android Widget
this always pops up when I touch the attach button on android widget. going to settings, there is no storage permission to be enabled. if I open the app, and access the attach feature there, I can access my storage and upload normally.Announcing new features in Trident for Mac (1.24.0)
Hello everyone! Trident for macOS (v.1.24.0) is here with interesting features and thoughtful enhancements to redefine the way you plan and manage your calendar events. Here's a quick look at what's new. Create calendar events from emails. In additionVendor Master Enhancements for Faster Purchase Entry
I’d like to suggest a few features that will improve accuracy and speed during purchase voucher entry: Automated Item Tax Preference in Vendor Master Add an option to define item tax preference in the vendor master. Once set, this preference should automaticallyMass Mail Statistics - Number of unsent emails
How do I find out which emails were not sent?Est-il possible d'annuler l'envoi d'un mail automatique ?
Bonjour, Lorsque je refuse un candidat, il reçois un mail dans les 24h pour l'informer que sa candidature n'est pas retenue. J'ai rejeté un candidat par erreur. Savez-vous s'il possible d'annuler l'envoi de ce mail ? Merci d'avance pour votre aide.embed a form in an email
Hello, how to embed a form in an email that populates Zoho CRM cases? I would like to send emails to a selected audience offering something. In the same email the recipients - if interested - instead of replying to can fill in a Zoho CRM form that createsZoho Bookings - Reserve with Google
Does Zoho Bookings plan to to integrate with Reserve with Google?How to add Zoho demo site page designs to my Zoho Sites website
Hi, I would like to add the design from the following demo URLs into my current Zoho website. I have already created two new pages on my site, named “Menu2” and “Menu3.” For the “Menu2” page, I want to use the design from this demo: https://naturestjuice-demo.zohosites.com/menuDigest Août - Un résumé de ce qui s'est passé le mois dernier sur Community
Bonjour chère communauté ! Voici le résumé tant attendu de tout ce qui a marqué Zoho le mois dernier : contenus utiles, échanges inspirants et moments forts. 🎉 Découvrez Zoho Backstage 3.0 : une version repensée pour offrir encore plus de flexibilité,Text snippet
There is a nice feature in Zoho Desk called Text Snippet. It allows you to insert a bit of text anywhere in a reply that you are typing. That would be nice to have that option in Zoho CRM as well when we compose an email. Moderation Update: We agree thatKaizen #206 - Answering your Questions | Displaying Related Purchase Orders from Zoho Books in CRM Deals using Queries
Hello everyone! We're back with another post in the Kaizen series. We're grateful for the feedback we received from all of you! One of the questions we received was "I would like to see the list of Purchase Orders in Zoho Books for a Deal in CRM." WeAdd Analytics function for Title case (capitalising each word in a string)
At present, you can only capitalise each word in a string in Analytics during data import. It would be really useful to be able to do this with a formula column, but there is no Title Case function.How to conditionally embed an own internal widget with parameters in an html snippet?
Hello everyone, I'm trying to create a dynamic view in a page using an HTML snippet. The goal is to display different content based on a URL parameter (input.step). I have successfully managed to conditionally display different forms using the followingWhere can I find rejected inbound mails and their reason for rejection
Hi, I was recently made aware by a mailing list which I am subscribed to (ffmpeg-devel@ffmpeg.org) that my Zoho mail Mail account is rejecting some emails. If I look under Admin Panel > Security & Compliance > Quarantine > Incoming, the list there isSync more than one Workdrive
Hello Please I'm facing some difficulties since some days. In my company we have many zoho accounts in different organisations. And I have to find a way to sync all these Workdrives. I spend many hours to search it on zoho Workdrive but no solution. Could someone help me ? Any idea how I can achieve it ? Thanks in advance. RegardsZoho writer unable to merge documents to PDF with basic fonts in Hebrew or fonts from my computer
I created several forms that will be merged into PDF files through Zoho Writer and I am unable to receive the PDF in the basic fonts of the Hebrew language or in the fonts I have on my computer. The writer exports to PDF an exchange font that looks veryBase Currency Adjustment Reversal
Two questions surrounding the base currency adjustments (BCA). I recently ported over from QB so I need to enter the base currency adjustments. In QB, it will calculate the BCA for you at the end of the year and then reverse it at the top of the following year. Makes sense. Does Zohobooks not do this as well? I created a BCA for Dec 31, 2016 but no reversing entry was made Jan 1, 2017. Am I supposed to manually do a reversal? I'm not even allowed to post journals directly to the 'exchange gain loss'Please implement UAE Central Bank FX rates
Hello, as I understand from your knowledge base, any UAE business account created from September 15, 2018 does not have foreign exchange rates fetched automatically. This is a serious inconvenience and I am not sure why ZOHO has not looked into the waysSearch Records returning different values than actually present
Hey! I have this following line in my deluge script: accountSearch = zoho.crm.searchRecords("Accounts","(RS_Enroll_ID:equals:" + rsid + ")",1,200,{"cvid":864868001088693817}); info "Account search size: " + accountSearch.size(); listOfAccounts = zoho.crm.searchRecords("Accounts","(RS_Enroll_ID:equals:"Super Admin Access to All Courses and Spaces in Zoho Learn
Dear Zoho Learn Team, We hope this message finds you well. We are using Zoho Learn extensively for internal and agent training. While managing our courses and spaces, we encountered a significant limitation regarding admin access and course management.Next Page