Update on the "Reset Password" flow enhancements

Update on the "Reset Password" flow enhancements

Greetings, Zoho Directory Admins!

This forum post is for every admin user who signed up before March 6, concerning a couple of changes in the Reset password flow, which are set to take effect from June 4.

The current flow allows a Zoho Directory admin to reset the password of any user of the organization, irrespective of the verification status of their email domain. To put it simply, a Zoho Directory admin can even reset the password of a user whose email domain isn't verified in Zoho Directory yet. Examples of such users with unverified domains who can co-exist with other users in an organization include clients, accountants, vendors, partners, and the like. Thus, an admin is granted immoderate access to reset the password for someone who could technically be outside the organization's sphere of verified domains. Entitling an admin to exert control over them might have significant security concerns, leading to the introduction of the new flow changes.

With the first one of the soon-to-come changes in place, the permission to reset someone's password will be restricted based on whether the domain is verified in Zoho Directory or not. Therefore, the admins cannot reset the password of any user whose email domain remains unverified. Once a user's domain is verified in a Zoho Directory organization, they can be regarded as a confirmed user of that organization and within the admin's scope of resetting their password.


Another change is the replacement of the option to set any different password than the existing one with the easier method of OTP verification. With this change, only an OTP is shared, and the account owner is allowed to reset their password on their own. The admin doesn't reserve the right to determine any user's password, thus averting even the slightest security issue possible. Learn how to reset a user's password in Zoho Directory.

These changes are already in implementation by default for all new users who signed up after March 6 and also to potential newcomers henceforth. From June 4, this will be extended to old users too. Please be sure to have your users verified in your Zoho Directory organizations in order to avoid concerns as discussed earlier. Please note, any user can change their password at any time at accounts.zoho.com.

Regards,
The Zoho Directory Team
    Zoho Desk Resources

    • Desk Community Learning Series


    • Digest


    • Functions


    • Meetups


    • Kbase


    • Resources


    • Glossary


    • Desk Marketplace


    • MVP Corner


    • Word of the Day


      Zoho CRM Plus Resources

        Zoho Books Resources


          Zoho Subscriptions Resources

            Zoho Projects Resources


              Zoho Sprints Resources


                Zoho Orchestly Resources


                  Zoho Creator Resources


                    Zoho WorkDrive Resources



                      Zoho Campaigns Resources

                        Zoho CRM Resources

                        • CRM Community Learning Series

                          CRM Community Learning Series


                        • Tips

                          Tips

                        • Functions

                          Functions

                        • Meetups

                          Meetups

                        • Kbase

                          Kbase

                        • Resources

                          Resources

                        • Digest

                          Digest

                        • CRM Marketplace

                          CRM Marketplace

                        • MVP Corner

                          MVP Corner




                          Zoho Writer Writer

                          Get Started. Write Away!

                          Writer is a powerful online word processor, designed for collaborative work.

                            Zoho CRM コンテンツ




                              ご検討中の方