Security Policies - Configure MFA | Admin Guide - Zoho One

Configure MFA

Multi-factor authentication (MFA) adds an additional layer of security to your organization. When MFA is enabled, your users will have to verify their identity not only with their password, but also with a second factor. The second factor could be an authenticator app like  Zoho OneAuth, a hardware security key (YubiKey), or an SMS-based OTP.

When MFA is enabled for a user, they will not be able to sign in without setting up their preferred authentication mode and verifying themself. You can configure the list of MFA modes your users can choose from.

 In the mobile application: 

For iOS devices:

  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Multi-Factor Authentication.
  4. If your enabling MFA for the first time, tap the toggle bar to enable it. Select the required MFA modes.
  5. If the MFA is already applied, proceed to select the required MFA modes.
  6. Set MFA Lifetime and enable backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser.
  7. Tap Save.
To disable an MFA policy:
  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Multi-Factor Authentication.
  4. Tap the toggle bar to disable MFA.
  5. Tap Update.

For Android devices:

  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom-right corner, then tap Security Policies.
  3. Tap on the required security policy, then check Multi-factor Authentication.
    1. If you are enabling MFA for the first time for that policy, tap the toggle bar to enable it. Select the required MFA modes.
    2. If MFA is already applied for that policy, then proceed to select the required MFA modes.
  4. Set MFA lifetime and enable the option for users to use backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser.
  5. Tap in the top-right corner.
To disable an MFA policy:
  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom-right corner, then tap Security Policies.
  3. Tap on the required security policy, then uncheck Multi-factor Authentication.
  4. Enter your password, then tap Disable

In the web application:

  1. Sign in to Zoho One  open in new tab icon , then click Directory in the left menu.
  2. Go to  Security , click  Security Policies , then click on the policy you want to configure.
  3. Go to Multi-factor Authentication , then click Setup .
  4. Select the authentication modes that you want your users to choose from. The available authentication modes are:
    OneAuth
    Users will have to sign in using OneAuth. If Enforce Face ID/Touch ID is enabled, users will need to configure their biometrics in OneAuth to sign in. If Allow Passwordless Sign-in is enabled, users can sign in through push notifications, time-based OTPs generated in OneAuth, or by scanning the QR code.
    OTP authenticator
    Users will have to sign in using an authenticator app. A time-based OTP (TOTP) will be generated, which needs to be entered when signing in. OneAuth provides this option for your Zoho account as well as third-party accounts.
    YubiKey
    Users will have to connect their YubiKey hardware authenticator to the device they're trying to sign in from, and verify themselves.
    SMS-based OTP
    Users will have to enter a one-time password sent to their registered mobile number through SMS.

  5. Set MFA Lifetime and enable backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser. 
  6. Click Update Policy.
To remove an MFA policy:
  1. Sign in to Zoho One   , then click Admin Panel in the left menu.
  2. Go to Security , then click Security Policies.
  3. Click on the policy for which you want to remove MFA.
  4. Go to Multi-factor Authentication , scroll down and click Remove MFA.
  5.  Note: Policy priority changes when a policy is removed. 
  6. Enter your password, then click Yes, Remove.
  7. Note: If an MFA policy is removed, the next policy having the top priority will be applied to the user. If there is only one remaining policy, then the default policy will hold good for the user. 

    Zoho CRM Training Programs

    Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

    Zoho CRM Training
      Redefine the way you work
      with Zoho Workplace

        Zoho DataPrep Personalized Demo

        If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

        Zoho CRM Training

          Create, share, and deliver

          beautiful slides from anywhere.

          Get Started Now


            Zoho Sign now offers specialized one-on-one training for both administrators and developers.

            BOOK A SESSION








                                You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.




                                    Manage your brands on social media

                                      Zoho Desk Resources

                                      • Desk Community Learning Series


                                      • Digest


                                      • Functions


                                      • Meetups


                                      • Kbase


                                      • Resources


                                      • Glossary


                                      • Desk Marketplace


                                      • MVP Corner


                                      • Word of the Day


                                        Zoho Marketing Automation

                                          Zoho Sheet Resources

                                           

                                              Zoho Forms Resources


                                                Secure your business
                                                communication with Zoho Mail


                                                Mail on the move with
                                                Zoho Mail mobile application

                                                  Stay on top of your schedule
                                                  at all times


                                                  Carry your calendar with you
                                                  Anytime, anywhere




                                                        Zoho Sign Resources

                                                          Sign, Paperless!

                                                          Sign and send business documents on the go!

                                                          Get Started Now




                                                                  Zoho TeamInbox Resources



                                                                          Zoho DataPrep Resources



                                                                            Zoho DataPrep Demo

                                                                            Get a personalized demo or POC

                                                                            REGISTER NOW


                                                                              Design. Discuss. Deliver.

                                                                              Create visually engaging stories with Zoho Show.

                                                                              Get Started Now







                                                                                            You are currently viewing the help articles of Sprints 1.0. If you are a user of 2.0, please refer here.

                                                                                            You are currently viewing the help articles of Sprints 2.0. If you are a user of 1.0, please refer here.



                                                                                                  • Related Articles

                                                                                                  • Configure password policy

                                                                                                    Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for ...
                                                                                                  • Add security policy

                                                                                                    In the mobile application: For iOS devices: Open the Zoho One app on your mobile device. Then tap in the bottom-right corner, then tap Security Policies. Tap Add, then enter the Policy Name. Under Enforced Groups, choose the groups the policy will be ...
                                                                                                  • Security Policies - Overview

                                                                                                    Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components: Password policy: This component dictates how strong the users' passwords must be and how often they have to be ...
                                                                                                  • Delete a security policy

                                                                                                    When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. In the mobile application: For iOS devices: Open the Zoho One app on your mobile device. Tap in ...
                                                                                                  • Apply an existing security policy to new groups

                                                                                                    When applying a policy to a new group, remember to take the policies already applied to the group into account. When a group has multiple security policies, they will be applied based on the policy priority. In the mobile application: For iOS ...
                                                                                                    Wherever you are is as good as
                                                                                                    your workplace

                                                                                                      Resources

                                                                                                      Videos

                                                                                                      Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.



                                                                                                      eBooks

                                                                                                      Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.



                                                                                                      Webinars

                                                                                                      Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.



                                                                                                      CRM Tips

                                                                                                      Make the most of Zoho CRM with these useful tips.



                                                                                                        Zoho Show Resources