Feature update: Advanced security settings

Feature update: Advanced security settings

We've previously written about how using security policies could be beneficial for admins. To enable you to better protect your organization, we've come up with a few additional settings for security policies in Zoho One that can be used to regulate your users' web sessions.

What are web sessions?

A web session refers to the period of time you stay signed in to your Zoho One account. You create a new web session every time you sign in to Zoho One (or any of its included apps), and this session exists until you sign out.

Why is session management important?

Although defining web sessions is easy, managing them isn't. As end users, we often create new web sessions (and forget them) without even realizing it. Today, everyone has at least two devices and uses at least two browsers (and a few in-app mobile browsers) in each of those devices. On top of this, we often use a friend or relative's device to type out a late-night email or reply to a colleague's message. Every time we sign in to our account on these various browsers, we end up creating concurrent web sessions. However, we rarely sign out of these sessions manually, resulting in unaccounted sessions.
These unaccounted sessions could expose your organization's data to insecure devices or software, and consequently to malicious parties.

How to use session management to mitigate these threats?

As an admin, you can now enforce a secure session management policy for your entire organization using these three settings:
  • Session lifetime
  • Idle session timeout
  • Concurrent sessions

Regulating session lifetime

Session lifetime refers to the maximum period of time a user can stay signed in on a browser or device before being forcefully signed out of it. If your session lifetime is set as 30 days, you'll be signed out 30 days after signing in to your account, even if it is on a browser or device that you use everyday.

Setting up idle session timeout

Idle session timeout refers to the maximum period of time users can sign in and stay inactive on a browser or device before being forcibly signed out of it. For example, assume your idle session timeout is set as three hours. If you spend more than three hours away from Zoho One, you'll be automatically signed out.

Limiting concurrent sessions

Concurrent sessions refer to multiple sessions present in different browsers or devices at the same time. For example, you might be signed in to your account on your laptop as well as your mobile at the same time. Or you might be signed in on two different browsers in your laptop at the same time. Limiting the number of concurrent sessions you're allowed to have will protect you from creating too many unaccounted sessions. Once you reach the maximum number of sessions, you'll be forced to clear your older sessions, thereby signing you out of all other sign-ins.

Besides enforcing these settings through security policies, you can also use the Account Activity subtab in a user's information screen to monitor and manage an individual user's active sessions.
To learn more about configuring session management, go through our Knowledge Base article on it.

We hope this was useful. Have any thoughts or questions about the new feature? Drop a comment, and we'll discuss.


    • Sticky Posts

    • Connect with Zoho users from your industry, virtually!

      A couple of years ago, we started setting up industry-wise channels for users with similar businesses to chat and discuss Zoho contextually. We started with Real Estate and E-commerce sectors, creating a chatroom and hosting regular meetups on niche areas

    • Feature update: Advanced security settings

      We've previously written about how using security policies could be beneficial for admins. To enable you to better protect your organization, we've come up with a few additional settings for security policies in Zoho One that can be used to regulate your users' web sessions. What are web sessions? A web session refers to the period of time you stay signed in to your Zoho One account. You create a new web session every time you sign in to Zoho One (or any of its included apps), and this session exists

      • Recent Topics

      • LinkedIn verification link and otp not receiving

        For the last 2 to 3 weeks I'm trying to verify my LinkedIn account to access my company's LinkedIn page, Linkedin is sending verification links and codes to this email address but I have not received any codes or links. Please help me here. Looking forward

      • Admin Control for Default Email Templates in Zoho Desk

        Hi Zoho Desk Team, We would like to request a feature enhancement related to default email templates. Currently, agents can select and set their own default email templates when replying to tickets. However, we believe this setting should be managed centrally

      • Unlocking New Horizons: A Year in Review

        As we bid farewell to 2024, let's celebrate and revisit the key highlights of the year. From adding a new edition to cross-platform enhancements, here’s a roundup of all the feature updates designed to simplify accounting, optimize financial management,

      • Zoho desk desktop application

        does zoho desk has a destop applicaion?

      • send file to ftp or another external service

        i'v created a zoho creator application for take a picture and rename it by phone. Now i need to send Each renamed pictures to my ftp or to specific folder on google drive...then, delete it from creator. (every picture recived it will processed by another program and stored on my Erp) HOW CAN I DO ??

      • Error 403: Forbidden When Updating Email Signature via API

        Hi Zoho Desk team, First, congratulations again on the excellent Zoho API. But, I’m encountering an issue while attempting to update an email signature via the API. Whenever I make a request to update the signature, the response returns an HTTP 403 Forbidden

      • Has anyone built a ticket export that allows Help Center users to export the tickets shown in the My Area list they are looking at?

        Hi, We are moving to Zoho Desk soon. Our current support system displays an option in our help center allowing customers to export their Open, Closed, or all tickets based on which list they are looking at. We need to offer the same in Zoho Desk help

      • Mass pdfs into OCR field

        I am working on a Creator app that my org will use internally. Is there any way to mass upload pfs through a form with an OCR file upload field? Is Creator capable of this, or would I need to use Catalyst?

      • How to upload a file to form file upload field from deluge script.

        Hi guys, I need to store API response into Form File upload field . I'm not getting any errors but PDF file is not assigned to file upload field. You can check possibilities using below details: Method: POST URL: https://v2.convertapi.com/convert/web/to/pdf?Secret=<<SecretKey>>&Token=<<APIKey>>&Url=https://www.google.com You need to generate secretKey and APIKey by Login to https://www.convertapi.com/a/su Response: { "ConversionCost": 4, "Files": { "FileName": "www_google_com.pdf", "FileSize": 68342,

      • Export view via deluge.

        Hi, Is it possible to export a view (as a spreadsheet) via deluge? I would like to be able to export a view as a spreadsheet when a user clicks a button. Thanks     

      • Subform Time field showing as null in script.

        Good Afternoon everyone. I am trying to take the information from my subform and populate it into a multiline field in the CRM. The code below works with no errors. The problem is, it shows that the Open and Close (Time fields) are null. But they are

      • Zoho Payroll's Year in Review 2024

        As we roll into 2025, we'd like to pay tribute to all the milestones we hit in 2024! From releasing out new features that streamlined your workflows to updates that made payroll management smoother, we’ve had a prolific year—all while keeping you, our

      • Is there a way to sort report on record template by a specific field like date field

        Hi, Is it possible to sort the report on the record template by the date field and not the default Added Time. Please check the example bellow: The records are sorting by the added time I wand to change that by the date field,

      • Shared subfolders

        Am I right in thinking that there is no Zoho email application that allows me to create a shared inbox and then add additional folders/subfolders under that inbox? If so, this is really quite incredible and probably a deal breaker for us to start using

      • Update Multi select field values to another form table as individual record

        Hi, I am new to coding and do basics within deluge. I need help with the deluge script to meet the following requirement. Form Student Attendance The fields are : Attendance Date Course (Lookup to Course Form) Class (Lookup to Class Form) Students (Multi

      • Shared Mailbox - Mark as read for all users

        Hi all, Maybe someone can help me out. At the moment we have a shared mailbox without streams. When a users reads an mail or marks it as read other users will not see this. How can we resolve this? We now archive the mails when read and followed up. However

      • Allocate emails to user in a shared mailbox

        Hi, This might be obvious, but I cannot find the answer. I have 3 shared mailboxes so any team member can see the emails. Is there a way of allocating a specific email to a user so that it is their responsibility to deal with it? Thanks in advance.

      • How to view shared mailbox in Outlook

        How to view shared mailbox in Outlook or in another software

      • Search mails in shared mailbox

        Hi everyone, is there a way to search mails in shared mailbox's? Search in streams or mail doesn't return anything from mails in shared mailboxes. Thanks! Rafal

      • How to send binary data in invokeurl task?

        Hello, I am using Adobe's Protect PDF API. Source: https://developer.adobe.com/document-services/docs/overview/pdf-services-api/ Everything works fine in Postman. But for some reason after encrypting the file, it is empty after password protecting the

      • Customising the approval email

        Is there anyway to customise the Approval email or to add further fields as the default looks so basic and unlike any of the other email notifications from Desk. My users just thought it was spam.

      • Feature request - pin or flag note

        Hi, It would be great if you could either pin or flag one or more notes so that they remain visible when there are a bunch of notes and some get hidden in the list. Sometimes you are looking for a particular name that gets lost in a bunch of less important

      • Pushing GCLID info from Gravity Forms to ZohoCRM

        We are switching to Gravity Forms from Zoho Forms and I cannot find any good info on how to make sure my GCLID tracking info is pushed through to the CRM through my new forms. There was an article in the documentation about placing something within the

      • Issue Configuring SSO Integration with Cognito in Zoho Help Center

        Dear Zoho Support Team, We have been working on configuring SSO integration for our Zoho Help Center using Amazon Cognito. While the setup appears to be completed successfully, we are encountering an issue when attempting to access the Help Center. The

      • Need manual aggregate column pathing help

        See linked video here: https://workdrive.zohoexternal.com/external/a5bef0f0889c18a02f722e59399979c604ce0660a1caf50b5fdc61d92166b3e7

      • Add blueprint buttons to listview and kanban

        Hello, just started to use the Blueprints feature - really useful. I have one suggestion to help this work even better - can there be transition buttons that appear on the top of listview & Kanban? Maybe an option as well - "Blueprint transitions appear

      • Merging contacts does fail because of help center membership

        I'm trying to merge two contact records (they are the same contact) where one of them is a member on the help center. The system warns me about this situation and then I de-activate this contact as an "End User" for the help center. Right now the system

      • Duplicate Contacts - how to get merge or delete

        I have noticed that our list of contacts in Zoho Desk duplicates contacts periodically.  I have yet to identify when or why.  How do I merge or delete them?  I see there is a "Deduplicate" but I am unable to find anything that explains this feature.

      • Admin Access to Direct Messages in Zoho Cliq

        Hi Zoho Cliq Team, We would like to request a feature enhancement to enable admin access to one-on-one conversations (direct messages) conducted through Zoho Cliq. Use Case: As administrators, there are situations where it becomes essential to access

      • "Mark as Spam" not working as expected

        Dear support, in the below scenario, clicking on "Mark as spam" identifies only the first of the checked emails as spam, removes that email from the visible list and leaves the rest of the list still visible & unchecked. I've tried check-marking them

      • Massive price increase for user licenses of Zoho Portal

        This actually a complaint about this announcement: https://help.zoho.com/portal/en/community/topic/free-user-licenses-across-all-portal-user-types You present this as an enhancement. And, yes, while reading the main part, I'd agree that (for smaller companies),

      • Elevating Email Security on Zoho Desk: DKIM Now Mandatory

        Hello Zoho Desk Users! It has been a wonderful journey with you on Zoho Desk. As we welcome 2025, we are strengthening our efforts to ensure a secure and seamless experience for you. To enhance email security, DKIM configuration will be mandatory for

      • Free user licenses across all Portal user types

        Greetings everyone, We're here with some exciting and extensive changes to the availability of free user licenses in CRM Portals. This update provides users with access to all Portal user types for free to help them diversify their user licenses and explore

      • Calendar - "super compact" week view

        every time i go to my calendar i have to re-engage the "super-compact view" for the week view...is there a way to make "super-compact" a default view so I dont have to keep on setting it manually?

      • Calendar - "pop up" locations

        One of the attractive features of google calendar and outlook calendar is that locations for events will start to automatically populate the location drop down menu as you type. Adding this feature to zoho calendar would be the final feature i need.

      • Using Zia in Zoho Sheet data to research the internet and return answer to a cell in Zoho Sheet

        I'm trying to see if Zia (connected with OpenAI key) can take data parameters stored in a Zoho Sheet to conduct research out on the internet then return an answer into the same Sheet. I'm trying to do the equivalent of using something like the =AI() function

      • [Free Webinar] Learning Table Series - Creator for the Education Industry

        Hello Everyone! We're thrilled to invite you to the Learning Table Series—a year-long initiative to demonstrate how Zoho Creator can transform industries with innovative and automated solutions. Each month focuses on a specific industry, and this time,

      • Remove the [## XXXX ###] from subject replies

        For our organisation we would like to have the [## XXXX ###] removed from subject replies. Cheers, Jurgen 365VitaalWerken

      • Self Client Authorization Issue

        Hi. Trying to test the api integration for Zoho Desk with the Self Client - Client Credintials flow method. I've created the self client, obtained the client id and secret, inputted "Desk.tickets.ALL" as my scope, and "ZohoDesk.[My Zoho Desk Org ID]"

      • Recurring Events Not Appearing in "My Events" and therefore not syncing with Google Apps

        We use the Google Sync functionality for our events, and it appears to have been working fine except: I've created a set of recurring events that I noticed were missing from my Google Apps calendar. Upon further research, it appears this is occurring

      • Next Page