Organization Security - Zoho Mail Admin Console
Posted by Nishi on 22 June 2025
Organization accounts hold a lot of sensitive data and there's a need for certain security rules to make sure your data stays safe and is not compromised. The administrator can protect their user and organization data with the help of email security features like TFA, Suspicious login alerts, and more.
Suspicious Login Alerts
Zoho Mail has a mechanism to identify logins that are unusual with respect to the user's previous behaviour. These logins are called Suspicious logins. You can choose to send an email to the user whose account registered a suspicious login by enabling the Suspicious Login Alerts option. To enable/disable suspicious login alerts,
-
Login to the Zoho Mail Admin Console.
-
Under the Security and Compliance section in the left pane, navigate to Suspicious Login
-
Enable/ disable the option by switching the toggle to ON or OFF.
S/MIME
S/MIME is an encrypting technology that allows you to protect your emails with the concept of asymmetric cryptography. Learn more about S/MIME.
Enable S/MIME to your organization
-
Login to the Zoho Mail Admin Console.
-
Under the Security and Compliance section in the left pane, navigate to S/MIME
-
Enable/ disable the option by switching the toggle to ON or OFF.
Even though you enable S/MIME to your organization, each user has to be configured with their own S/MIME certificate. You can allow the users to upload their own S/MIME certificate from their mailbox by checking the Allow users to upload their own certificates option.
Configure S/MIME for a user
In case you want to configure S/MIME to users from the Admin Console, follow the steps below.
-
Login to the Zoho Mail Admin Console.
-
Navigate to Users in the left pane, and click on the user you want to configure S/MIME from the listing.
-
On the user page, click Security from the top menu and navigate to S/MIME in the left menu.
-
Click Add.β
-
Choose the email address of the user if the user has multiple email addresses.
-
Upload the user's S/MIME certificate and provide the certificate password.
-
Once done, click Upload.β
Note:
-
The users can upload S/MIME certificates from the mailbox for themselves if the Allow users to upload their own certificates option is enabled.
-
Zoho Mail does not provide S/MIME certificates and has to be purchased from your preferred third-party provider.
Two-factor Authentication
Two-factor authentication (TFA) or Multi-factor authentication (MFA) admits access to an account by verifying a static password and a varying passcode. The varying passcode can be an SMS-based OTP, App-based OTP, Yubikey, or Zoho's OneAuth (highly recommended). If one of the passcodesβstatic (your general password) or variable (the OTP) provided is not correct, then access to the account will be denied. Learn More.
Allowed IP Addresses
Certain organizations expect their users to log in to their mail accounts only from the premises or specific IP addresses. You can restrict access to only authorized locations with respect to the role of your organization users using Allowed IP Addresses. If defined, the users when not part of the specified IP addresses will not be able to access their accounts. Learn More.
Password Policy
Password is the first and foremost gateway for your users to access their accounts. The stronger a password is, the more it gets difficult for a hacker to compromise the same. Although Zoho Mail's default password policy mandates users to create a strong password, you can use the Password Policy option to mandate that your users create passwords that are stronger. Learn More.
SAML Authentication
SAML - Security Assertion Markup Language, developed by the Security Services Technical Committee of "Organization for the Advancement of Structured Information Standards" (OASIS), is an XML-based framework for exchanging user authentication, entitlement, and attribute information. SAML is a derivative of XML. The purpose of SAML is to enable Single Sign-On for web applications across various domains and services. Learn more.
Idle Session Timeout
The Super Administrator of an organization can decide whether an Admin Console session should get locked due to prolonged inactivity. If a super admin enables idle session timeout, Admin Console will get locked and the admins must enter their password to unlock the session. Follow these steps to configure the Idle Session Timeout:
-
Log in to Zoho Mail Admin Console and select Security & Compliance on the left pane.
-
Navigate to Idle Session Timeout section under Security and enable Idle Session Timeout.
-
Select the desired value in the Hours and Minutes drop-downs and click Update.β
When a session gets timed out, admins must enter their password to access the Zoho Mail Admin Console.
Note:
The idle session timeout feature is available only for organizations that use one of our paid plans and will be visible only for the Super Admin.
Was this article helpful?
Subscribe now & Get the latest updates
Zoho Mail Admin Console
Easily manage your organization's email accounts on the go with the Zoho Mail Admin appβavailable for both iOS and Android. This intuitive mobile console empowers administrators to handle user accounts, settings, and security with justΒ aΒ fewΒ taps.
Email hosting setup
Zoho Mail Suite provides enterprise features for email hosting to satisfy the needs of organizations of all types and sizes. Zoho Mail provides custom domain-based email address for all members of your organization in no time.
Troubleshooting Domain Verification
When you register the domain with one provider, but point the Nameservers to another provider, then the CNAME/ TXT/ MX/ SPF records added in your Domain Registrar is not considered valid.
Zoho Mail plugin for cPanel
cPanel provides a control panel for domain owners to manage the different aspects of web hosting. Zoho Mail Plugin for cPanel helps you sign up for email hosting with Zoho Mail from within cPanel. This plugin is available under the Email section.
Zoho Mail for Plesk
Plesk is a web hosting platform with a control panel that allows domain owners to manage the different aspects of web hosting. Zoho Mail Plugin for Plesk helps you sign up for email hosting with Zoho Mail from within Plesk.
Searching Admin Console
Zoho Mail Admin Console provides a centralized interface from where you can manage critical aspects of an organization - the different domains, users, groups, organizational spam control, email policies, to name a few. However, this wealth of information might make navigating through the Admin Console slightly challenging.
Dashboard
The Admin Console Dashboard is the first thing you will see as soon as you login to the Zoho Mail Admin Console. It is a culmination of important data your admin might need at their disposal. You can enable or disable widgets in your dashboard including data on your organization's Email Traffic Stats.
Users
The user details section, provides the list of users already added to the organization. When you click on each user, you can have a detailed view about the particular user. The Admin can also perform a set of actions on the user. The primary email address of the users are listed in the section.
Roles and Privileges
The roles available in Zoho Mail are Super Administrator, Administrator, and User roles. The members of the organizations can assume different roles in Zoho Mail, based on the requirement. The Super Administrator can provide Administrator privileges to other users.
Groups
Groups or Distribution Lists are common email addresses, shared by a set of users for a specific purpose. When an email is sent to the group account, a copy of the email gets delivered to the mailbox of all the members of the Group.
Organization Settings
The administrator can control organization-wide parameters under the Organization section. Settings for the entire organization such as the org name, logo, templates for the welcome email and signature, format for the display name and email address.
Domain Options
Zoho Mail allows organizations to add domains to their organization accounts or even buy domains through Zoho. Your organization members will further be able to send and receive emails using their custom domain-based email addresses in Zoho.
Autodiscovery Settings
The Autodiscovery service ensures that email accounts can easily be configured using the IMAP protocol or on mobile devices using ActiveSync. The procedure varies depending on whether you want to configure it for IMAP or ActiveSync.
Email Policies/ Rules
Email Policies help the administrators control the organization's email sending and receiving parameters. In Zoho Mail, you can define multiple email policies and apply them to various sets of users and groups.
Advanced Delivery Options
With Zoho Mail, you can redirect or send a copy of an email automatically by configuring Email Routing. Email Routing is helpful in many situations like if you want to automatically send a copy of one user's email to another.
Security and Compliance Dashboard
The security and compliance dashboard in the Zoho Mail Admin console provides an overview of all the recommended security configurations. It displays the overall compliance score.
Organization Security
Organization accounts hold a lot of sensitive data and there's a need for certain security rules to make sure your data stays safe and is not compromised. The administrator can protect their user and organization data with the help of email security features.
Organization Spam Control
Zoho Mail is a secure email service with a spam control system that provides multiple options to customize the settings such that they suit your organization's needs.
Zoho Mail Outlook Add-in
Zoho Mail users can now experience enhanced email security and have better control over their preferences with the new Outlook Add-in while using their email client.
Export User Accounts
The Zoho Mail Admin Console provide options to export or backup users' emails, recover any deleted emails and also retry sending of emails that have failed delivery.
Migration to Zoho Mail
Zoho Mail offers a very simple solution to migrate data from your previous email provider to the respective user accounts in Zoho Mail directly. These user accounts need to be created in Zoho Mail before adding the migration.
Zoho Exchange Migration Wizard
Zoho user and email migration wizard can be used to discover users and migrate their emails from the Active Directory/ Exchange environment to their accounts in their Zoho Mail organization accounts.
Application Settings
The administrator can control the settings for other Zoho apps and third-party applications and integrations from the Other App Settings section in the Zoho Mail Admin Console.
Email Retention and eDiscovery
Email retention is the process of retaining emails in an organization for a specific period in an organized manner based on the policies of the organization.
Email Backup and Recovery
Email backup processes and stores emails in a safe, centralized location that can be retrieved at any point in time. It helps prevent data loss by enabling users to restore email content that has been accidentally deleted or lost.
Reports & Statistics
Zoho Mail has a separate Admin Reports section which comprises of statistics on various aspects of your organization's emailing experience. As an administrator, these reports will help you gain information on all aspects of your organization.
Zoho Toolkit
Zoho Mail provides easy-to-use diagnostic tools to troubleshoot some services. There are options to check the domain and registry details. You can run some basic DNS configuration checks for a specific domain, and analyze message headers.
Subscription
Zoho Mail offers different plans to accommodate different users. One can choose the subscription that would suit their organization from the array of available plans. You can also opt for the mix and match plan to have a tailor-made subscription.
Firewall settings
Configure your firewall settings and allow your organization members to access Zoho Mail without any restrictions. All of the below-mentioned domains have to be whitelisted even if you don't see activity at those addresses.