Application  Multi-factor Authentication  MFA for Endpoints  Identity360 and Enterprise Applications
 

Identity360 and Enterprise Applications

Identity360 protects logins using passwordless authentication, with additional MFA factors providing enhanced security. By requiring multiple forms of verification, it safeguards user accounts and data ensuring only authorized users gain access to the Identity360 portal and other enterprise applications.

Prerequisites for authentication through Identity360

  1. A valid Identity360 licensing plan is required to enable MFA for portal login. This includes any of the Identity360 license components, such as MFA and SSO, or LCM. Find the details here.
  2. Disable MFA in linked source directories (Azure AD, Salesforce) and Zoho Accounts when configuring additional authentication factors in Identity360. This prevents multiple MFA prompts and ensures Identity360 is the sole MFA provider.

Steps to enable MFA for Identity360 and enterprise applications

  1. Navigate to the Applications tab and go to Multi-factor Authentication > MFA for Endpoints > Identity360 and Enterprise Applications.
  2. Select the authentication methods for first-factor authentication from the First-factor authentication drop-down menu. The drop-down lists the following:
    • Linked Source Authentication: If enabled, users can authenticate via their linked directories for first-factor authentication. If disabled, passwordless authentication becomes the default method. To enable this, ensure that integrated external directories, such as Azure AD and Salesforce are enabled.
    • Passwordless Authentication: If enabled, users can verify their identity using passwordless authenticators supported by Identity360 or use linked source authentication as the first factor, with passwordless authentication for MFA. By default, users will verify their identity via email verification if they have not enrolled in any of the configured passwordless authenticators. Once verified, they must enroll in at least one of the configured authenticators, before logging in.

      Note: Turn on the Enable users to authenticate via Zoho Accounts when their primary source is set as Universal Directory toggle to redirect users to Zoho Accounts for authentication. This option is useful for Zoho Accounts users who wish to continue to authenticate through the same. For users with Universal Directory as their primary source, disable the toggle to use Identity360's passwordless authentication.

  3. For configuring additional authentication factors, ensure that the Enable additional authentication factors box is checked, and choose the number of authentication factors and authenticators of your choice from the drop-down menu. Refer to the Authenticators Setup page for the list of supported authentication methods and their configuration details, and Advanced Settings for further customization.
  4. Click Save.
Note:
  • If a user is not enrolled or is only partially enrolled, they will be required to complete the enrollment for the additional authentication factors after successfully authenticating with the first factor.
  • Login will be denied if:
    • Linked Source Authentication is the only enabled first-factor method, and the user is not part of any configured directories.
    • SMS verification is mandatory for the first factor or additional authentication factors, but the Allow users to add a secondary mobile number option is disabled in Advanced Settings, and the user does not have a primary mobile number.
  • If you are a Super Admin, you can use email verification to verify your identity, regardless of any restrictions.
MFA for endpoints
Navigate to Previous Previous Topic Next Topic Navigate to next

Copyright © 2025, ZOHO Corp. All Rights Reserved.