Authentication & Authorization

Authentication & Authorization

Authentication

Verifying the identity of a user is called authentication. The authentication process includes:
1. Checking the password, token, or some other piece of information that proves their identity and confirms that the user is who they claim to be.
2. Once the authentication is complete, the authenticated user is given access to the resources they are permitted to access.
3. In short, it verifies the user's identity and checks whether they are who they say they are, using their digital identity.
 
For example, your passport, tickets, and other identification documents are checked before you board a plane. Similarly, a computer system checks whether you are who you claim to be before giving the access to digital resources.
 
How does this work?
 
The process of authentication requires factors that computer systems can measure. The authenticating factors that are used to verify a user's identity are as follows:
 
1. Knowledge factor (something the person knows)
Entering a password or answering personal questions is the most common type of knowledge-based authentication factor. In simple terms, only the person who knows the password or answers personal questions correctly can gain access to the resources.
 
2. Possession factor (something the person has)
 
This authentication factor requires a mobile phone, OTP authenticator, or hardware security keys such as YubiKey or Titan Security Key. For example, say a user tries to sign in to their account using their username and password, and requests access to that system. A one-time password (OTP) is generated and sent to the user's mobile number. Once the user enters the OTP that was sent to their mobile number, they get access to that particular system. The user must be in possession of the mobile number that gets the OTP in order to access the system.
 
3. Inherent factor (something the person is)
 
Inherent authentication factor requires the user's unique qualities that can be accessed only by them, such as biometric information. Computer systems often require users' fingerprints or facial recognition to authenticate the user under inherent authentication.
 
Authorization 

Once the user is authenticated, the next step is authorization. Authorization is the process of giving someone permission to do or have something. During authorization, a system verifies an authenticated user's access rules, and either grants or denies resource access. It permits access for the right user to use the right resources like systems, applications, files, and more.
 
Authentication is the process of verifying the user, while authorization is the process of checking what they have access to. It determines what the user can and cannot access. The authorization process is executed only after successful authentication.
 
If a user is unable to prove their identity, they won't be allowed into resources. Access to a resource is protected by authentication as well as authorization. These are the most important parts of IAM.
 
For example, when you board a plane, say you're allowed to sit in seat number 5A, which is allotted for you. Only you have permission to sit in that seat. Similarly, once the user is authenticated, they gain access to do only the activities they are authorized to do.



        • Recent Topics

        • Using a custom single line External ID form as merge fields in templates

          Hey everyone, We're looking to integrate a few external systems better with our Zoho CRM, and we had hoped to use external fields for this purpose. In this case, it would mean being able to use our own inoice system's invoice numbers are a direct id compatible

        • Build an approval management system with Custom Modules

          Dear users, Task management is at the heart of project management. But not all tasks are created equal. You can have your tasks reviewed before any work begins, to improve transparency or stay within budget or as part of your process. Zoho Projects allows

        • CRM's sandbox now supports the Zoho Desk integration

          Hello everyone, Sales and customer support teams often collaborate to solve tickets and identify pain points. In Zoho's suite of products, sales teams primarily use Zoho CRM while customer support teams work in Zoho Desk. These two tools are often integrated

        • Countries List Global Set- Complete with Phone Country Code and Continent.

          Dear Zoho Team I saw your recent addition to the Global Sets regarding the Countries list and states. While working on it, why didn't you also add things like Continent and Phone Country Code? Also, some ISO codes from some Countries/regions are mis

        • mask Customer phone number and agents cant see customer phone number

          Is there any way we can integrate Zoom Phone with Zoho CRM while ensuring that customer phone numbers remain masked? We need a solution where agents can make outbound calls but cannot see customer phone numbers. Please let us know if there is any solution

        • Zoho Community Digest — Marzo 2026

          ¡Hola, comunidad! Un mes más os traemos las novedades más interesantes de Zoho para marzo de 2026, incluyendo actualizaciones de producto publicadas oficialmente, cambios de políticas y noticias del ecosistema. ¡Gracias por venir a los Workshops de Madrid!

        • Files Uploaded to Zoho WorkDrive Not Being Indexed by Search Engines

          Hello, I have noticed that the files I upload to Zoho WorkDrive are not being indexed by search engines, including Google. I’d like to understand why this might be happening and what steps I can take to resolve it. Here are the details of my issue: File

        • How can we get payment status updates for payment links in Zoho Books using webhooks?

          When we create and share a payment link in Zoho Books, is there a way to know when the payment is updated? Can we use webhooks to get real-time updates for payment link status instead of checking manually?

        • Uplifted homepage experience

          Editions: All editions. Availability update: 17th February 2026: All editions in the CA and SA DC | JP DC (Free, Standard and Professional editions) 23 February 2026: JP (All Editions) | AU, CN (Free, Standard, Professional editions) 27 February 2026:

        • 【Zoho CRM】住所項目のアップデート:構造化された正確な住所入力を実現

          ユーザーの皆さん、こんにちは。Zoho コミュニティグループの中野です。 今回は「Zoho CRM アップデート情報」の中から、住所項目に関するアップデートをご紹介します。 アップデートの概要 これまでの住所項目は、自由入力形式のテキスト欄が中心でした。 そのため、入力者によって書き方がバラバラになりやすく、データの検索やレポート集計が難しいという課題がありました。 今回追加された新しい住所項目では、住所を構造化されたフォーマットで管理できるようになりました。 以下の要素をそれぞれ個別の項目として分割して管理します。

        • Edit a previous reconciliation

          I realized that during my March bank reconciliation, I chose the wrong check to reconcile (they were for the same amount on the same date, I just chose the wrong check to reconcile). So now, the incorrect check is showing as un-reconciled. Is there any way I can edit a previous reconciliation (this is 7 months ago) so I can adjust the check that was reconciled? The amounts are exactly the same and it won't change my ending balance.

        • Choose Component for User Filter

          This filter in the Choose Component for User Filter would be better if had an Order or Group by function. Also, the Specify the default filter values: is very confusing and limiting.

        • Zoho Desk - Event Calendar View

          Hi Desk team, Are there any plans to introduce a calendar or timeline view for Events in Zoho Desk? It would be very helpful if we could see Events visually in a calendar and/or timeline. This is very helpful when desk side support activities need to

        • Re-Apply SLA When Ticket Reopened from Closed Status?

          If you have an SLA applied, timers are deactivated when going to "On Hold" status type and reactivated when going back to an Open status type. What we discovered is when a customer replies to a closed case and it reopens, the SLA is not applied and timers

        • Option to Delete Chats in IM

          Currently, there is no option to delete any chats in IM, regardless of their source.

        • Time Zones for Users

          I've searched for this topic, but the only answers I see are from years back. We have users all over the country. is there a way for them to set their own time zone? This is important and should be a standard setting, but I do not see how to do it.

        • What is a realistic turnaround time for account review for ZeptoMail?

          On signing up it said 2-3 business days. I am on business-day 6 and have had zero contact of any kind. No follow-up questions, no approval or decline. Attempts to "leave a message" or use the "Contact Us" form have just vanished without a trace. It still

        • Showing the map along with mileage expense

          When you use the GPS to track mileage, it shows you the map of the actual path travelled. It would be very useful and practical to save that map with the mileage expense, so that when the report is created, it provides a map of each mileage expense associated

        • ID:2406331

          Hello, I have sent the form (ID:2406331) but no answer after two days. This is a paid subscription, I am not allowed to use the eighth paid slot of 50GB email space anymore, only 7 are being used. Is anyone going to help me please so I can use the eighth

        • Approval Workflow for Purchase Orders Abrir

          The requirement is , that all purchase orders greater than or equal to 5000 go through an approval process from certain people, but within books I only see that the approvers can be by levels or any approver but we cannot enter a rule like these. Can

        • Transaction Rule Matching

          Q1. Is there a method to have the Transaction Rules applied across multiple Bank Accounts? Q2. To match "contains" text in Transaction Rules, is a wildcard or regular expression required? Is it case sensitive? Would searching for "issue" in the following

        • Notebook on Mac: Fuzzy fonts in list view

          Hi, I am running Notebook on Mac OS 26. Generally it works fine, and the font display in the notes themselves is crisp. However, in the notes list (left of the open note) the font of the note titles as well as first lines is noticeable fuzzy. Attached

        • Trigger workflows from SLA escalations in Zoho Desk?

          Hey everyone, I’m currently working with SLA escalation rules in Zoho Desk and ran into a limitation that I’m hoping someone here has solved more elegantly. As far as I can tell, SLA escalations only support fairly limited actions (like changing the ticket

        • Zoho CRM Email Templates 100% Width No Background How?

          Hi, On the Zoho CRM Email Templates in setup > customization > templates > new templates > I choose blank template, but still it puts in a gray background and a max width for the email. I just want to make an email that looks like an email I would send from gmail that has no background or max width. How do you do this? 

        • ZOHO CRM Quote Export / Quote Report

          How can I either Export my quote list, or create a Report that shows all quotes AND includes the NOTES field in a column. I attempted to Run a Report which includes ALL FIELDS, however it does not include the Notes Field (but oddly does include the fields

        • Introducing Radio Buttons and Numeric Range Sliders in Zoho CRM

          Release update: 1. 2 March 2026: Currently out for CN, JP, AU and CA DCs (Free and standard editions). For other DCs, this will be released by mid-March. 2. 26 March 2026: CA, SA, AU, JP, CN DCs - Free, Standard, Professional, Enterprise, Ultimate, CRM

        • Adding a Mark Up

          Can you use the discount column to be a mar up column on estimates and invoices?

        • URGENT. Recovering email without eArchive

          Hello, I have deleted some email from my trash but do not have eArchive. Is it possible to recovery without this? many thanks!

        • Subscription Statuses - Dunning

          How are other companies handling the scenario when customers don't pay and dunning takes over? Our issue is that in my situations, we want our customers to be able to catch up their late payments and continue their subscription after the dunning process

        • Logo Doesnt appear on email

          Hi, 1. PROBLEM: mails sent to customer from zoho invoice ( Estimates and incoices etc.) Logo doesnt appaer on email. 2. SUGGESTION: there must be an option to select from google fonts if we want specific font to the pdf templates. thanks

        • How to see Statement Details Shown in Unclassified Transactions in All Transactions?

          All, The list of Unclassified Transactions show the Statement Details and Descriptions. What is the method to see that column in the All Transactions list? -Thanks!

        • Non-Avalara Tax Automation wtih Zoho Books

          We are paying a ridiculous amount for Avalara. Our team wants to make a change, but they're the only software fully integrated with Zoho. We also don't have the bandwidth to do this manually, so we do need some sort of automated software solution. We

        • Migrating to the new outgoing webhook model in Zoho Connect

          Dear User, Outgoing webhooks configured across the Zoho Connect Integrations page, Zoho Flow, and Zapier will stop working after May 31, 2026. This is due to an upcoming upgrade to our outgoing webhook flow. This update is mandatory only for networks

        • Create formula calculations in Assemblies for scaling quantities

          Something we have been encountering with our composite items is dealing with scaling of quantity of one or more items within the composite assembly relative to the number of complete units being sold. I.e. running the equation 2(n-1) on one of the assembly

        • Lastest update

          The latest update to notepad has completely trashed all my notes. If I go to view it it just opens up a screen with a box with dotted lines around it for me to add something I can import saved nodes but you can't view them at all. Anybody else having

        • Tip #67- Exploring technician console: Disable Input Devices- 'Insider Insights'

          Hello Zoho Assist Community! Picture this: you are in the middle of a critical remote session, carefully configuring a system or running an important update, and the customer accidentally clicks somewhere or types something that undoes your progress.

        • What matters more in Zoho implementations: tools or system architecture?

          I recently worked on a full-stack migration for a catering equipment business using Zoho One with Shopify, and it raised a few interesting observations. The setup included migrating a large product catalog (around 9,700+ SKUs), integrating multiple supplier

        • Facturation électronique 2026 - obligation dès le 1er septembre 2026

          Bonjour, Je me permets de réagir à divers posts publiés ici et là concernant le projet de E-Invoicing, dans le cadre de la facturation électronique prévue très prochainement. Dans le cadre du passage à la facturation électronique pour les entreprises,

        • [Webinar] Solving business challenges: One tool for documents, forms, PDFs, e-signatures, and more

          Hi Zoho Writer users, Most businesses rely on multiple tools, such as a word processor, form builder, e-signature provider, and PDF editor, for their document workflows. Managing multiple subscriptions, switching between tools, and moving data across

        • Deposit on invoice

          I'm trying to figure out how to customize an Estimate to include a Deposit/Retainer Invoice line within the Estimate. I tried creating my own custom field called "Deposit" where I manually inputted the deposit amount, which was nice. However, my employer

        • Next Page