- Quick Start Videos
- PRO vs. GUEST Users
- As a USER, how to...
- As an ADMIN, how to...
Two Factor Authentication (2FA)
This article describes how to manage user identity with DeliverySlip, from an email validation to using a Two-Factor Authentication (2FA) and Single Sign-On (SSO).
Due to the increase in cyber theft, identity management has become an important consideration for any organization. DeliverySlip natively offers three levels of security within your portal. In addition, 2FA is supported by integrating with the customer’s Identity Provider and DeliverySlip SSO. We support Microsoft Office 365 Azure Active Directory (AD) SSO and Google G Suite SSO for any portal, as well as custom SSO deployments for the enterprise.
DeliverySlip Security Levels
Level One Security – Get the Invitation
By default, each portal is configured with Level One Security where new users are only required to receive an invitation email before they can register and create their account. This level offers standard protection similar to most online services and keeps registration simple and secure for recipients.
Level Two Security – Confirm Email Ownership
Level Two Security requires a user to confirm a registration code that is sent to their email address. This ensures a user has ownership over an email mailbox before registering their account with that email address. This configuration is recommended for most organizations.
Level Three Security – Advanced PIN Authentication
For organizations with advanced security and compliance requirements, Level Three Security is available which requires a new recipient to enter a custom PIN or passcode when registering their account for the first time. This PIN can either be defined by the sender manually when sending a secure message to someone for the first time, or else be pulled automatically via the DeliverySlip API from an internal third-party system. This is commonly known as “challenge response authentication” in heavily regulated industries such as healthcare.
Advanced PIN Authentication can be enabled on any portal and ensures that new recipients not only have ownership of an email address but also confirm their identity via an Account Number, Social Insurance Number, or any other value defined by the customer. This level of additional authentication is often required in Government institutions when sharing sensitive information, while remaining easy to use for non-technical recipients. Customers can include custom help links, instructions, and other information to ensure users are able to easily register.
The PIN itself can be entered manually each time a user sends a Secure message (via the WebApp, Outlook Add-in, mobile app, etc) via a prompt that will automatically appear when a new recipient is detected. Alternatively, customers can tie into an internal system via API that will automatically pull values for recipients and prompt end users to enter this value with no manual work required by the sender.
DeliverySlip Single-Sign-On & 2FA
For advanced identity management DeliverySlip can integrate with existing services that offer SSO, 2FA and other services that govern a customer’s user community. Any customer using DeliverySlip can enable SSO via native services in Office 365 Azure AD and Google G Suite to allow users to authenticate with their Microsoft or Google identity. Administrators can also easily provision, manage and disable licenses via a central platform, as well as enable advanced features such as 2FA. For enterprise customers, DeliverySlip offers custom SSO integration with many third-party identity providers using SAML 2.0 and AUTH 2.0 based protocols such as OKTA, Ping Identity, CA SSO SiteMinder, etc.
In addition to custom SSO, DeliverySlip enterprise customers can further leverage advanced customizations such as IP Targeting, Geofencing and “legislated hours of operations” to ensure complete control over how users can interact with the system.
Last updated October 24 2017.