Organization Security

Organization accounts hold a lot of sensitive data and there's a need for certain security rules to make sure your data stays safe and is not compromised. The administrator can protect their user and organization data with the help of email security features like TFA, Suspicious login alerts, and more.

Suspicious Login Alerts

Zoho Mail has a mechanism to identify logins that are unusual with respect to the user's previous behaviour. These logins are called Suspicious logins. You can choose to send an email to the user whose account registered a suspicious login by enabling the Suspicious Login Alerts option. To enable/disable suspicious login alerts,

  1. Login to the Zoho Mail Admin Console.
  2. Under the Security and Compliance section in the left pane, navigate to Suspicious Login
  3. Enable/ disable the option by switching the toggle to ON or OFF.


Secure Multipurpose Internet Mail Extension (S/MIME) is an encrypting technology that allows you to protect your emails with the concept of asymmetric cryptography. Learn more about S/MIME.

Enable S/MIME to your organization

  1. Login to the Zoho Mail Admin Console.
  2. Under the Security and Compliance section in the left pane, navigate to S/MIME
  3. Enable/ disable the option by switching the toggle to ON or OFF.

Even though you enable S/MIME to your organization, each user has to be configured with their own S/MIME certificate. You can allow the users to upload their own S/MIME certificate from their mailbox by checking the Allow users to upload their own certificates option. 

Configure S/MIME for a user

In case you want to configure S/MIME to users from the Admin Console, follow the steps below.

  1. Login to the Zoho Mail Admin Console.
  2. Navigate to Users in the left pane, and click on the user you want to configure S/MIME from the listing.
  3. On the user page, click Security from the top menu and navigate to S/MIME in the left menu.
  4. Click Add.
  5. Choose the email address of the user if the user has multiple email addresses.
  6. Upload the user's S/MIME certificate and provide the certificate password.
  7. Once done, click Upload.


  1. The users can upload S/MIME certificates from the mailbox for themselves if the Allow users to upload their own certificates option is enabled. 
  2. Zoho Mail does not provide S/MIME certificates and has to be purchased from your preferred third-party provider.

Two-factor Authentication

Two-factor authentication (TFA) or Multi-factor authentication (MFA) admits access to an account by verifying a static password and a varying passcode. The varying passcode can be an SMS-based OTP, App-based OTP, Yubikey, or Zoho's OneAuth (highly recommended). If one of the passcodes—static (your general password) or variable (the OTP) provided is not correct, then access to the account will be denied. Learn More.

Allowed IP Addresses

Certain organizations expect their users to log in to their mail accounts only from the premises or specific IP addresses. You can restrict access to only authorized locations with respect to the role of your organization users using Allowed IP Addresses. If defined, the users when not part of the specified IP addresses will not be able to access their accounts. Learn More.

Password Policy

Password is the first and foremost gateway for your users to access their accounts. The stronger a password is, the more it gets difficult for a hacker to compromise the same. Although Zoho Mail's default password policy mandates users to create a strong password, you can use the Password Policy option to mandate that your users create passwords that are stronger. Learn More.

SAML Authentication

SAML - Security Assertion Markup Language, developed by the Security Services Technical Committee of "Organization for the Advancement of Structured Information Standards" (OASIS), is an XML-based framework for exchanging user authentication, entitlement, and attribute information. SAML is a derivative of XML. The purpose of SAML is to enable Single Sign-On for web applications across various domains and services. Learn more.

Idle Session Timeout

The Super Administrator of an organization can decide whether an Admin Console session should get locked due to prolonged inactivity. If a super admin enables idle session timeout, Admin Console will get locked and the admins must enter their password to unlock the session. Follow these steps to configure the Idle Session Timeout:

  1. Log in to Zoho Mail Admin Console and select Security & Compliance on the left pane.
  2. Navigate to Idle Session Timeout section under Security and enable Idle Session Timeout.
    idle session timeout
  3. Select the desired value in the Hours and Minutes drop-downs and click Update.
    timeout settings

When a session gets timed out, admins must enter their password to access the Zoho Mail Admin Console.


The idle session timeout feature is available only for organizations that use one of our paid plans and will be visible only for the Super Admin.

Still can't find what you're looking for?

Write to us: