Authentication & Authorization

Authentication & Authorization

Authentication

Verifying the identity of a user is called authentication. The authentication process includes:
1. Checking the password, token, or some other piece of information that proves their identity and confirms that the user is who they claim to be.
2. Once the authentication is complete, the authenticated user is given access to the resources they are permitted to access.
3. In short, it verifies the user's identity and checks whether they are who they say they are, using their digital identity.
 
For example, your passport, tickets, and other identification documents are checked before you board a plane. Similarly, a computer system checks whether you are who you claim to be before giving the access to digital resources.
 
How does this work?
 
The process of authentication requires factors that computer systems can measure. The authenticating factors that are used to verify a user's identity are as follows:
 
1. Knowledge factor (something the person knows)
Entering a password or answering personal questions is the most common type of knowledge-based authentication factor. In simple terms, only the person who knows the password or answers personal questions correctly can gain access to the resources.
 
2. Possession factor (something the person has)
 
This authentication factor requires a mobile phone, OTP authenticator, or hardware security keys such as YubiKey or Titan Security Key. For example, say a user tries to sign in to their account using their username and password, and requests access to that system. A one-time password (OTP) is generated and sent to the user's mobile number. Once the user enters the OTP that was sent to their mobile number, they get access to that particular system. The user must be in possession of the mobile number that gets the OTP in order to access the system.
 
3. Inherent factor (something the person is)
 
Inherent authentication factor requires the user's unique qualities that can be accessed only by them, such as biometric information. Computer systems often require users' fingerprints or facial recognition to authenticate the user under inherent authentication.
 
Authorization 

Once the user is authenticated, the next step is authorization. Authorization is the process of giving someone permission to do or have something. During authorization, a system verifies an authenticated user's access rules, and either grants or denies resource access. It permits access for the right user to use the right resources like systems, applications, files, and more.
 
Authentication is the process of verifying the user, while authorization is the process of checking what they have access to. It determines what the user can and cannot access. The authorization process is executed only after successful authentication.
 
If a user is unable to prove their identity, they won't be allowed into resources. Access to a resource is protected by authentication as well as authorization. These are the most important parts of IAM.
 
For example, when you board a plane, say you're allowed to sit in seat number 5A, which is allotted for you. Only you have permission to sit in that seat. Similarly, once the user is authenticated, they gain access to do only the activities they are authorized to do.

      • Recent Topics

      • Applying Excess Payments & Conflict Invoices Due to Cancelled Items

        I’m running into several issues that appear to stem from deeper-than-expected overlap between Zoho Finance (Books/Inventory) and Zoho POS. The level of coupling between these systems seems greater than what was originally communicated, and it’s leading

      • Zoho Sprint Backlog View, filter by item status

        Hello, In Zoho Sprints, it would be great to be able filter out specific items in the Backlog based on their status. We would like to track items that were Removed from our backlog without seeing them constantly in the Backlog view, as this view should

      • WATERFALL CHART IN ZOHO ANALYTICS

        Hi Team, I would like to know whether Zoho Analytics currently supports a Waterfall Chart as a built-in visualization type. If yes, could you please share the steps to create one? If not, is there any workaround or recommended method to build a Waterfall

      • Export contacts from Bigin's mobile app to your Android device

        Hello everyone! We're happy to announce that you can now export customer contacts from the Bigin mobile app to your device. Scenario A small-scale business owner has two pipelines in Bigin—one for procuring raw materials and the other for selling his

      • ASAP iOS SDK – Xcode Compatibility Update

        Hello everyone, We have been delivering the ASAP iOS SDK developed using Xcode 16.1 to provide Help Center support within mobile applications. Thus, ASAP iOS SDK versions upto 4.5.8 are compatible with development environments running in Xcode 16.1 and

      • Not able to import transactions from Razorpay

        Hi, tried implementing Razorpay integration with books,also added a webhook, but while this added a razorpay clearing account it does not have any data in it. Neither is it getting updated with new transactions happening on Razorpay. This problem is compounded

      • A note-taking app right inside your project management space

        How do you feel when you check off the last task from your to-do list after a long day at work? Euphoric, blissful, satisfied? Now, imagine completing the same checklist from your PM platform, without juggling tools. Sounds simple and handy? That’s exactly

      • Email Forwarding: Maintain business continuity

        As an administrator, ensuring uninterrupted email communication is critical when a role-based employee is unavailable due to extended leave or a temporary role change. Emails from customers, partners, and internal teams must continue to be received and

      • Tip #61- Collaborate live with Invite Technician- 'Insider Insights'

        Hello Zoho Assist Community! From the series of Technician Console, we will be exploring Session. Let's jump right into a brief overview. We’ve all been there: you’re deep into a complex remote session, and you realize you need a second pair of eyes.

      • How to integrate Zoho CRM, Zoho Forms and a WIX Web Site

        Attached video demonstrates how to use Zoho Forms included in Zoho One, to design a Contact Us form to be embedded into a WIX web site and integrated into Zoho CRM.

      • Bug Causing Major Sync & SO Access Failures in Zoho POS

        We are experiencing critical and recurring issues in Zoho POS that all trace back to role-permission handling defects in the latest POS app version. These issues directly affect syncing, login ability, and Sales Order access for role-restricted users

      • Add Custom Reports To Dashboard or Home Tab

        Hi there, I think it would be great to be able to add our custom reports to the Home Tab or Dashboards. Thanks! Chad Announcement: The feature is being rolled out across DC's and Edition in phases. To know more refer to the announcement post here.

      • How to block whole domain?

        I am getting at least 50-75sometimes over 100 spams emails a day. I see a lot of the spam is coming from .eu domains. I would like to block /reject all email coming for the .eu domain. I do not have any need for email from .EU domains. Why won't the BlackList

      • Hiding Pre-defined Views

        You can enhance Zoho with custom views - but you cannot hide the pre-defined views. Most users focus on 4 or 5 views. Right now for EVERY user EVERY time they want to move to one of their 4 or 5 views - they have to scroll down past a long list of pre-defined

      • why can't agent see accounts & contacts

        My new user, with 'Agent' privileges, cannot see records that don't belong to them. How can I give them access? Why isn't this the default configuration in Zoho?

      • 【Zoho CRM】フィルター機能のアップデート:ルックアップ項目を使ったデータフィルタリング

        ユーザーの皆さま、こんにちは。コミュニティチームの藤澤です。 今回は「Zoho CRM アップデート情報」の中からフィルター機能のアップデートをご紹介します。 ルックアップ項目を使ったデータフィルタリングがより詳細に行えるようになりました。 この機能は詳細フィルターとカスタムビューで利用でき、必要な情報を正確に取得できます。 これにより、タブ間を移動することなく、より深く正確な方法でデータを絞り込むことが可能になります。 ◉できること 詳細フィルターとカスタムビューで、ルックアップ先タブの項目が選択可能

      • Zoho Books | Product updates | July 2025

        Hello users, We’ve rolled out new features and enhancements in Zoho Books. From plan-based trials to the option to mark PDF templates as inactive, explore the updates designed to enhance your bookkeeping experience. Introducing Plan Based Trials in Zoho

      • Zoho Books | Product updates | August 2025

        Hello users, We’ve rolled out new features and enhancements in Zoho Books. From the right sidebar where you can manage all your widgets, to integrating Zoho Payments feeds in Zoho Books, explore the updates designed to enhance your bookkeeping experience.

      • Weekly Tips: Protect Confidential Information with PGP in Zoho Mail

        We deal with confidential information almost every day, whether it is being sent out or received. Though emails sent using Zoho Mail are encrypted both during transit and at rest, attempts to access and steal your sensitive data are always a threat that

      • Quotes Approval

        Hey all, Could you please help in the following: When creating quotes, how to configure it in a way, that its approval would work according to the quoted items description, not according to quote information. In my case, the quote should be sent to approval

      • Important Update: Facebook Pages API Deprecation

        Dear Zoho Analytics users, As of January 26, 2026, Facebook has officially deprecated Facebook Pages API version 18. This update involves the removal of several metrics that were previously supported by the API. As a result, these changes will affect

      • Adding a Deal to and Existing Contact

        I want to easily add a Deal to an existing Contact. If I click on New Deal on the Contact page this currently this is what happens: All of the mandatory field (and other field) information exists within the Contact. Is there a simple way for it to automatically

      • Default font size for printing is too big

        A recent issue in printing e mails is that the default font size is huge. This happens in both Edge and Firefox. In order to get what I would call a "normal" printout of an e mail it is necessary to go into the printer preferences / options and set the scale to 75%, otherwise a short e mail with signature and logos etc printed at 100% can take 3 or 4 pages. The annoying thing is that it is necessary to do this each time a printout is to be made as a change in scale only applies to that particular

      • Custom SMTP is now available in Zoho Sign

        Hi there! Want to send Zoho Sign emails from your organization's or personal email server? Look no further! Zoho Sign has introduced custom Simple Mail Transfer Protocol (SMTP) for Enterprise users across all data centers. By enabling custom SMTP, you

      • ZohoMail is so close to being Perfect BUT

        Why don’t you have HILIGHTING???!! I've been trying to find a substitute for Edison Mail but I want & need hilighting (preferably in more than just yellow)! Is this even on your To Do list? I’m so disappointed. 🙄

      • Deleting a memorized email address

        How can I delete a memorized email address? Even though the address has been deleted from Contacts, Zoho mail still auto suggests the address when typing it into the TO field. Thanks!

      • cant upload images in signature- urgent help needed. ta!

        HI, I have been trying to insert the company logo in the signature. i have tried it several times since yesterday, the longest I waited was 1 hour and 12 minutes for the pop up window to upload a 180 KB .jpg file. what am i doing wrong.. an urgent reply

      • How do I get complete email addresses to show?

        I opened a free personal Zoho email account and am concerned that when I enter an email address in the "To", "CC", fields, it changes to a simple first name. This might work well for most people however I do need to see the actual email addresses showing

      • Email was sent out without our permission

        Hi there, One customer just reached out to us about this email that we were not aware was being sent to our customers. Can you please check on your end?

      • Flexible Partial-Use Coupons (Stored Value Credits)

        Subject: Feature Request: Ability for users to apply partial coupon balances per transaction Problem Statement Currently, our coupons are "one-and-done." If a user has a $50 coupon but only spends $30, they either lose the remaining $20 or are forced

      • Migrating Brevo Automation Logic to Zoho Campaigns

        Hello Zoho Campaigns Support Team, I am in the process of migrating my email marketing from Brevo to Zoho Campaigns. I have around 10,000 contacts, which I have already successfully exported from Brevo and imported into Zoho Campaigns. I now need guidance

      • Is there a way to delete workspaces?

        I want to remove one of the workspaces in my Campaigns account. I don't see any obvious way to do this. Am I missing something?

      • Make CAMPAIGNS email look as simple as possible

        Hi there I'm trying to make my Campaigns email look as much like a normal email as possible. I'm a bit stuck with the "justification" of the email email block. Can I LEFT JUSTIFY the "whole email" to make it look "normal"? (Please see screenshot attached)

      • Canadian Banks ?

        Can you advise which Canadian Banks can be used to fully sync credit cards and bank accounts? Thanks

      • Sorry! we encountered some problems while sending your campaign. It will be sent automatically once we are ready. We apologize for the delay caused.

        Hello. Lately we are having problems with some campaigns, which show us this error message. Sorry! we encountered some problems while sending your campaign. It will be sent automatically once we are ready. We apologize for the delay caused. We can't find

      • Can I remove or divert certain contacts from an active Campaigns workflow?

        I have created a workflow in Zoho Campaigns, which sends different emails, once contacts have been added to a mailing list. To choose which email to send to the contacts, there are conditions, which divert contacts based on their company type and their company size. There was a subsection of this workflow, where company size wasn't selected correctly, and some contacts have been sent down the wrong path and received the wrong email. The workflow contains a reminder loop and a further series of emails.

      • How to map fields from Zoho Recruit to Zoho People

        I've got these fields from my Job Offer that I'm trying to map to the Work information fields in Zoho People, but they arent showing up. For example, how do I get the department name field (in the job post) to map to the work information field in Zoho

      • UTM in zoho campaigns

        Helloo everybody!!! Someone know how IF ZOHO CAMPAIGNS has UTM for tracking the url of any campaigns. thank u

      • Full Context of Zoho CRM Records for Zia in Zoho Desk for efficient AI Usage

        Hello everyone, I have a question regarding the use of Zia in Zoho Desk in combination with CRM data. Is it possible to automatically feed the complete context of a CRM record into Zia, so that it can generate automated and highly accurate responses for

      • Knowledge base printing

        I saw a posting about printing the knowledge base as I was looking for the answer, but we would like the ability to print out the entire knowledge base with a click, keeping the same organization format.   Bonus would include an index of keywords and

      • Next Page