Security Policies - Configure MFA | Admin Guide - Zoho One

Configure MFA

Multi-factor authentication (MFA) adds an additional layer of security to your organization. When MFA is enabled, your users will have to verify their identity not only with their password, but also with a second factor. The second factor could be an authenticator app like  Zoho OneAuth, a hardware security key (YubiKey), or an SMS-based OTP.

When MFA is enabled for a user, they will not be able to sign in without setting up their preferred authentication mode and verifying themself. You can configure the list of MFA modes your users can choose from.

 In the mobile application: 

For iOS devices:

  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Multi-Factor Authentication.
  4. If your enabling MFA for the first time, tap the toggle bar to enable it. Select the required MFA modes.
  5. If the MFA is already applied, proceed to select the required MFA modes.
  6. Set MFA Lifetime and enable backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser.
  7. Tap Save.
To disable an MFA policy:
  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Multi-Factor Authentication.
  4. Tap the toggle bar to disable MFA.
  5. Tap Update.

For Android devices:

  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom-right corner, then tap Security Policies.
  3. Tap on the required security policy, then check Multi-factor Authentication.
    1. If you are enabling MFA for the first time for that policy, tap the toggle bar to enable it. Select the required MFA modes.
    2. If MFA is already applied for that policy, then proceed to select the required MFA modes.
  4. Set MFA lifetime and enable the option for users to use backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser.
  5. Tap in the top-right corner.
To disable an MFA policy:
  1. Open the Zoho One app on your mobile device.
  2. Tap in the bottom-right corner, then tap Security Policies.
  3. Tap on the required security policy, then uncheck Multi-factor Authentication.
  4. Enter your password, then tap Disable

In the web application:

  1. Sign in to Zoho One  open in new tab icon , then click Directory in the left menu.
  2. Go to  Security , click  Security Policies , then click on the policy you want to configure.
  3. Go to Multi-factor Authentication , then click Setup .
  4. Select the authentication modes that you want your users to choose from. The available authentication modes are:
    OneAuth
    Users will have to sign in using OneAuth. If Enforce Face ID/Touch ID is enabled, users will need to configure their biometrics in OneAuth to sign in. If Allow Passwordless Sign-in is enabled, users can sign in through push notifications, time-based OTPs generated in OneAuth, or by scanning the QR code.
    OTP authenticator
    Users will have to sign in using an authenticator app. A time-based OTP (TOTP) will be generated, which needs to be entered when signing in. OneAuth provides this option for your Zoho account as well as third-party accounts.
    YubiKey
    Users will have to connect their YubiKey hardware authenticator to the device they're trying to sign in from, and verify themselves.
    SMS-based OTP
    Users will have to enter a one-time password sent to their registered mobile number through SMS.

  5. Set MFA Lifetime and enable backup recovery codes if needed. MFA Lifetime refers to the duration for which users will not be enforced to use MFA after signing in from a trusted browser. 
  6. Click Update Policy.
To remove an MFA policy:
  1. Sign in to Zoho One   , then click Admin Panel in the left menu.
  2. Go to Security , then click Security Policies.
  3. Click on the policy for which you want to remove MFA.
  4. Go to Multi-factor Authentication , scroll down and click Remove MFA.
  5.  Note: Policy priority changes when a policy is removed. 
  6. Enter your password, then click Yes, Remove.
  7. Note: If an MFA policy is removed, the next policy having the top priority will be applied to the user. If there is only one remaining policy, then the default policy will hold good for the user. 

    Access your files securely from anywhere

      Zoho CRM Training Programs

      Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.

      Zoho CRM Training
        Redefine the way you work
        with Zoho Workplace

          Zoho DataPrep Personalized Demo

          If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

          Zoho CRM Training

            Create, share, and deliver

            beautiful slides from anywhere.

            Get Started Now


              Zoho Sign now offers specialized one-on-one training for both administrators and developers.

              BOOK A SESSION









                                            You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.




                                                Manage your brands on social media

                                                  Zoho Desk Resources

                                                  • Desk Community Learning Series


                                                  • Digest


                                                  • Functions


                                                  • Meetups


                                                  • Kbase


                                                  • Resources


                                                  • Glossary


                                                  • Desk Marketplace


                                                  • MVP Corner


                                                  • Word of the Day


                                                    Zoho Marketing Automation

                                                      Zoho Sheet Resources

                                                       

                                                          Zoho Forms Resources


                                                            Secure your business
                                                            communication with Zoho Mail


                                                            Mail on the move with
                                                            Zoho Mail mobile application

                                                              Stay on top of your schedule
                                                              at all times


                                                              Carry your calendar with you
                                                              Anytime, anywhere




                                                                    Zoho Sign Resources

                                                                      Sign, Paperless!

                                                                      Sign and send business documents on the go!

                                                                      Get Started Now




                                                                              Zoho TeamInbox Resources



                                                                                      Zoho DataPrep Resources



                                                                                        Zoho DataPrep Demo

                                                                                        Get a personalized demo or POC

                                                                                        REGISTER NOW


                                                                                          Design. Discuss. Deliver.

                                                                                          Create visually engaging stories with Zoho Show.

                                                                                          Get Started Now









                                                                                                              • Related Articles

                                                                                                              • Configure password policy

                                                                                                                Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for ...
                                                                                                              • Add security policy

                                                                                                                In the mobile application: For iOS devices: Open the Zoho One app on your mobile device. Then tap in the bottom-right corner, then tap Security Policies. Tap Add, then enter the Policy Name. Under Enforced Groups, choose the groups the policy will be ...
                                                                                                              • Delete a security policy

                                                                                                                When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. In the mobile application: For iOS devices: Open the Zoho One app on your mobile device. Tap in ...
                                                                                                              • Security Policies - Overview

                                                                                                                Security Policies provide you with a customizable password policy and advanced settings. Enforce users to create a strong and secure password with password policy. The user's concurrent sessions and lock period setting can be configured with the ...
                                                                                                              • Apply an existing security policy to new groups

                                                                                                                When applying a policy to a new group, remember to take the policies already applied to the group into account. When a group has multiple security policies, they will be applied based on the policy priority. In the mobile application: For iOS ...
                                                                                                                Wherever you are is as good as
                                                                                                                your workplace

                                                                                                                  Resources

                                                                                                                  Videos

                                                                                                                  Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.



                                                                                                                  eBooks

                                                                                                                  Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.



                                                                                                                  Webinars

                                                                                                                  Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.



                                                                                                                  CRM Tips

                                                                                                                  Make the most of Zoho CRM with these useful tips.



                                                                                                                    Zoho Show Resources