Authentication & Authorization
Authentication
Verifying the identity of a user is called authentication. The authentication process includes:
1. Checking the password, token, or some other piece of information that proves their identity and confirms that the user is who they claim to be.
2. Once the authentication is complete, the authenticated user is given access to the resources they are permitted to access.
3. In short, it verifies the user's identity and checks whether they are who they say they are, using their digital identity.
For example, your passport, tickets, and other identification documents are checked before you board a plane. Similarly, a computer system checks whether you are who you claim to be before giving the access to digital resources.
How does this work?
The process of authentication requires factors that computer systems can measure. The authenticating factors that are used to verify a user's identity are as follows:
1. Knowledge factor (something the person knows)
Entering a password or answering personal questions is the most common type of knowledge-based authentication factor. In simple terms, only the person who knows the password or answers personal questions correctly can gain access to the resources.
2. Possession factor (something the person has)
This authentication factor requires a mobile phone, OTP authenticator, or hardware security keys such as YubiKey or Titan Security Key. For example, say a user tries to sign in to their account using their username and password, and requests access to that system. A one-time password (OTP) is generated and sent to the user's mobile number. Once the user enters the OTP that was sent to their mobile number, they get access to that particular system. The user must be in possession of the mobile number that gets the OTP in order to access the system.
3. Inherent factor (something the person is)
Inherent authentication factor requires the user's unique qualities that can be accessed only by them, such as biometric information. Computer systems often require users' fingerprints or facial recognition to authenticate the user under inherent authentication.
Authorization
Once the user is authenticated, the next step is authorization. Authorization is the process of giving someone permission to do or have something. During authorization, a system verifies an authenticated user's access rules, and either grants or denies resource access. It permits access for the right user to use the right resources like systems, applications, files, and more.
Authentication is the process of verifying the user, while authorization is the process of checking what they have access to. It determines what the user can and cannot access. The authorization process is executed only after successful authentication.
If a user is unable to prove their identity, they won't be allowed into resources. Access to a resource is protected by authentication as well as authorization. These are the most important parts of IAM.
For example, when you board a plane, say you're allowed to sit in seat number 5A, which is allotted for you. Only you have permission to sit in that seat. Similarly, once the user is authenticated, they gain access to do only the activities they are authorized to do.
Topic Participants
Reena Rai N
Recent Topics
No longer can indent
Hey there! Is it just me or were we used to be allowed to used tab or indent when writing. It’s not working right now, has this always been the case?Upcoming Changes to the Timesheet Module
The Timesheet module will undergo a significant change in the upcoming weeks. To start with, we will be renaming Timesheet module to Time Logs. This update will go live early next week. Significance of this change This change will facilitate our nextFree webinar alert! Seamless Transition with Lossless Migration: Zoho One + Zoho Mail
Hello Zoho Mail Community! 🚀 Attention IT Admins and Email Administrators! Are you planning to migrate your organization's email to Zoho Mail within the Zoho One ecosystem? 📧 Join our exclusive webinar, Seamless Transition with Lossless Migration: ZohoAdd Resource to Export
The Export Data feature does not include a column for the Resource field. Without this column, Zoho Bookings cannot be used by any business for resource-based services or event types e.g. room bookings, equipment bookings. It seems to be an oversight,Client Script | Update - Client Script Support For Custom Buttons
Hello everyone! We are excited to announce one of the most requested features - Client Script support for Custom Buttons. This enhancement lets you run custom logic on button actions, giving you greater flexibility and control over your user interactions.Mandatory field via deluge code
I would like to ask you if it is possible to make a field mandatory via deluge script. For example, if I have a decision box and I click on it then I want a single line field to be mandatory. If uncheck the decision box then to do the single line as optional. I think it is not possible to do that and I have to do it via validation in 'on validate' field.Revenue Management: #1 What does it mean to "recognize" revenue?
Earning revenue isn't just about collecting cash from your customers. It's about recording the income correctly and consistently. Revenue recognition is the process of deciding when and how to record revenue in financial statements so that they reflectPower of Automation :: Auto-Populate Integration Field in Projects with CRM Account Data
Hello Everyone, A custom function is a software code that can be used to automate a process and this allows you to automate a notification, call a webhook, or perform logic immediately after a workflow rule is triggered. This feature helps to automateZoho Forms and ChatGPT - populating a field using AI.
I have a form where I would like the user to enter a response or query, and have another field populated using AI. For example, user enters Field 1, AI populates Field 2 in response. I want to be able to wrap some additional instruction text around thecampo tag para api
debo conectarme a una api de zoho inventory y ocupo tomar el campo tag para poder asi jalar el articulo que cuente con el campo correcto en tag ejemplo que tag existen carro y avion que cuando busque los articulo con tag carro arroje solo estos por masConnecting Zoho Inventory to ShipStation
we are looking for someone to help connect via API shipStation with Zoho inventory. Any ideas? Thanks. UriUploading file as attachment to Zoho CRM
Hi, I am trying to attach a file to a Zoho CRM contact using Zoho Flow. Right now, I try to do it through the “Upload File” field in Zoho CRM (In my screenshots, it’s called Téléchargement du fichier 1). Here is what I tried: Case 1: Webmerge document The Flow is called “Custom Function” (see screenshot 101). Step 1: Creating a Webmerge document (screenshot 99) Step 2: I use “Update module entry” to upload the created file. I upload Webmerge’s “Document” in my “Téléchargemet duZia Answer Bot - Create Ticket
Surprisingly, the current iteration of Zia will try to answer a question and unless you have "transfer to SalesIQ chat" enabled, it won't create a ticket for the user or offer them a method to create a ticket. We don't want it to create chats for us,meassure leads phases
Hi, I need to create a table to meassure the time that a lead stay in blueprint phases. the phases are first contact, second contact, lead spam, contacted, appointment. any idea? I have attached an exampleZoho Desk API Documentation missing a required field
We are trying to create a section using this information. Even after preparing everything based on that page, we still get an error. The error we get is this: {"errorCode":"INVALID_DATA","message":"The data is invalid due to validation restrictions","errors":[{"fieldName":"/translations","errorType":"missing","errorMessage":""}]}In the Custom Module I have 500 Records , this 500 record only want to view to the specific user only example user A ,
In the Custom Module, I have 500 Old records that should only be visible to a specific user, for example, User A. Any new records created from today onwards should be visible to Record owner in the Custom Module. Pls help how i achive this .Invoice template, how to change the text under "Notes" and "Terms and Conditions"
In "Invoice templates", there are two text/info sections at the bottom:"Notes" and "Terms and Conditions". It is possible to change the names of these two headings, but how is it possible to change/alter the text under it. As a standard it says "Thank you for your business" under Notes - I need to change it into something different- How? Thank you.How to reply to thread via API
We have built a webapp for our customers that uses the Zoho Desk API to enable each customer to view their full list of tickets, view individual tickets and raise new tickets. The Zoho Desk API doesn't have the ability to reply to a ticket/thread. RepliesSending merged mail templates for signatures fail since today
We have ZOHO one, we use merge templates in CRM to edit in ZOHO Writer, and from there send it for signature through zoho sign. This all worked up until today, suddenly we read in the log that the merge is succesfull but the sending for signature failed.Feature Request - Make Lead List Larger and Adjustable
Hi LandingPage team, I recently started using LandingPage and I am happy to share my feedback to help improve the app. I've noticed on the Leads page, there is no option to make the columns wider. It would be great if the comlumns expanded to fit theZoho Projects - Pin Recent Projects
Hi Projects Team, It would be great if I could "pin" projects on the Recent Projects list in Zoho Projects. We have some internal projects which we regularly have to add time and some regular client projects. It would be great if I could pin those projectsZDK Error
I get this error when trying to trigger a CRM Function from Client Script: Uncaught (in promise) ZDKError: {"code":"NOT_ACTIVE","details":{"api_name":"activate_client_from_prospect"},"message":"api is inactive for the given custom function","status":"error"}"Disbursing product components in phases, monitoring them, and displaying only the final product."
i have a product composed of multiple components, and these components will be delivered to the customer in batches. However, the final invoice should only show the finished product. How can I issue (or release) the components and track their deliveFollowed Subtasks doesn't show up in the Subtasks Section
I have a task assigned to me now in the same task, there's a subtask and I am added as the follower on that task Even though I am a follower I still don't see that in the subtasks section The view permission for the profile is Related It's supposed toTip #39- Strengthen account security with Multi-factor Authentication (MFA) – ‘Insider Insights’
Securing your organization's data begins with verifying that only the correct individuals have access to it. One of the simplest yet most effective ways to accomplish this is to enable Multi-factor Authentication (MFA) within Zoho Assist. MFA introducesAutomate timeout chat tracking with Workflows in SalesIQ
With our feature-packed Nova release, Workflows has become one of the most powerful tools in Zoho SalesIQ. They let you automate follow-up actions when key events occur, such as when a chat ends, a visitor leaves a bad/good rating, or a lead is updated.Mass edit / Mass update products
Hi, Is there any way to mass update or bulk edit product fields in Zoho Inventory?Automatic Verification of IMAP Integration Status
Our sales staff have their O365 email integrated with CRM, over time this integration requires re-authentication via the UI. I can manually check the integration status by accessing Settings -> Channels -> Email -> Email Sharing -> "Configuration Type"Tip of the Week #68– Share and access files faster with Zoho WorkDrive extension.
Have you ever wasted time searching for the right file to attach to your emails—or worried whether the right people could access it? Without proper sharing settings, files might end up inaccessible to teammates or, worse, visible to people who shouldn’tCV-Library: The Newest Source Booster in Zoho Recruit!
We’ve expanded your sourcing toolkit — CV-Library, one of the UK’s largest and most trusted online job boards, is now available as a Source Booster in Zoho Recruit. This gives recruiters instant access to millions of UK-based candidate profiles, all withoutZoho AI Translate Task as Rest API
I cant find any docs on how to use Zoho AI Translate Task from a rest api call https://www.zoho.com/deluge/help/ai-tasks/translate.html I am working on a custom Widget and I dont think I can execute zoho deluge ai translate task from a custom widget.Is there the possibility to book less than 250 customer portal users?
If you use the Creator, which is included in Zoho ONe, you can create a customer portal and give access to a maximum of 3 external people / customers, right? On the Creator website I saw that you can add 250 users for 100€/month. However, we don't needDisplay Parts custom fields in the Work Order
Hello, I see that is it possible to add custom fields in the Parts module. Would it be possible to also add those custom fields in the Work Order Module under Parts? This would be very useful for customer who want to showcase more information about parts.Unable to edit Saved Estimates
We are facing issue with editing the price or discount for a saved estimate for nearly 1 week.Translation Blueprint & Picklists with Custom Values
Hello everyone, I downloaded the translation file and I'm not finding the blueprint transitions. Does this means that the transitions cannot be translated? Also, the picklist values to be translated in the document are not the same that are actually used the in module. For exemple, for my lead module, the picklist values for Lead Status are : Not-contacted, contacted, junk and lost lead. In the translation document (English to French), this is what I see: PicklistValues.Leads.Lead_Status.ContactHow to create a custom sales signal?
I want to create a custom sales signal for a custom module. is it possible to create one? If anyone know please let me knowMulti-line address lines
How can I enter and migrate the following 123 state street Suite 2 Into a contact address. For Salesforce imports, a CR between the information works. The ZOHO migration tool just ignores it. Plus, I can't seem to even enter it on the standard entry screen.Only show products in offers based on lead source
We work with several lead sources, each with their own products and different pricing. For example, one product might have two or three different prices. Sometimes, when creating a quote, the wrong product is accidentally selected. Is there a way to onlyNarrative 7 - The importance of data sharing
Behind the scenes of a successful ticketing system - BTS Series Narrative 7 - The importance of data sharing Definition Data sharing requires a commitment to preserving the integrity and dependability of shared data throughout its entire lifecycle. ThisTrueSync regularly filling up my local disk
Seems that WorkDrive's TrueSync randomly starts filling up my local hard drive space. None of the folders have been set as "Make Offline" but still it seems to randomly start making file offline. The settings of the app is so minimal and is of no realNext Page