Secure Messaging

Learning Center

Back to top

Search Results

Security Policies

Use the Security Policies section to set various security settings related to user sessions and registration rules. Once configured, the customer implementation can self-provision itself by automatically assigning User Groups to specific users based on their email domain.

  1. Default User Groups: This option sets the default User Group for new users when they are invited (receive a secure message for the first time). Individual users can be upgraded to other User Groups at the Dashboard once registered. These default settings apply if there are no specific rules applied below in the ‘Registration Filters’ section.
  2. Webmail Session Expiry: set the various secure session time for all users of the same portal:
    • User Session Expiry Time (minutes): This option sets the amount of time of inactivity before a user’s session expires in the Secure Webmail. After the session expires, the user is redirected to the login screen where they must login again. Different privacy laws require different session expiry time. The default is set at 60 minutes.
    • Forgot Password Expiry Time (minutes): This option sets the amount of time before the ‘Forgot Password’ session (token) expires. Users have the indicated amount of time in minutes to complete process before the ‘forgot password link’ (token) expires, and they must restart the process. The default is set at 120 minutes.
    • Registration Code Expiry Time: This option sets the amount of time before the Registration Code expires for Full Registration. Users have the indicated amount of time in minutes to complete the ‘Registration’ process before registration code expires, and they must restart the process. The default is set at 360 minutes.
  3. Open Access VS Controlled Access: Open Access allows Professional users to invite new users. The only restrictions are any email addresses or email domains that are blocked in the ‘Registration Filters’ section. Controlled Access limits users to invite only addresses or domains specifically set to ‘Allowed’ in the ‘Registration Filters’ section.
  4. By Invitation Only:: The ‘By Invitation Only’ feature sets whether users have the ability to register at the login page without an invitation from a Professional user type. With this option unchecked, the link ‘Register’ appears on the login page and anyone can register with the Secure Messaging platform (not recommended). With this option checked a user must be invited by a Professional user before he / she can register. The link ‘Have you been invited?’ appears on the login page. Users who have not been invited (but try to register anyway) will see a message informing them that they must be invited in order to register.

    Allow Quick Registration: This option turns on the ‘Level 1 Security (Get the Invitation – Quick Registration)’, which streamlines the registration process but is less secure. New users who receive an invitation to register will be sent to the ‘Quick Registration’ page, where they enter their credentials. Once they click submit, their registration is complete and they will be logged in automatically. Disabling this option turns on the ‘Level 2 Security (Confirm Email Address – Registration)’ where new users registering must complete an additional confirmation step to confirm that they are the owner of the email address. After entering and submitting their credentials, a confirmation code will be sent to their basic email account. This email will include a link which, when clicked, will complete the registration.

  5. Allow Remember Me & Keep Me Logged In: This first option enables the ‘Remember Me’ feature. With this feature enabled, the system remembers the user’s email address at the Webmail and mobile app login screen. Users have the option to select this feature at the login screen. Disabling this feature will hide this option at the login screen making it unavailable for users. The ‘Allow Keep Me Logged In’ option enables the system to automatically login a user when they navigate to the Secure Webmail. This feature keeps the user logged in for 14 days. Users have the option to select this feature at the login screen. Disable this feature if you do not want to give users the option of staying logged in on a computer (more secure).
  6. Show EULA On Registration: This option enables the EULA Terms and Conditions as part of the Registration process. With this feature enabled, a user must agree to the Terms and Conditions to complete the Registration. The link to review the customer Terms and Conditions is customizable at the User Group and is customized per VPS.
  7. Disable Registration Confirmation Notification Message: This option disables the Registration Confirmation Notification message that is sent at the end of the registration process. Turn this option on you do not want your users to receive this message (recommended, on by default).
  8. Password Management: offers support for administrator to set requirements for user password strength selection: Minimum Password Length / Maximum Password Length / Minimum Capital Characters / Minimum Numeric Characters / Minimum Symbols. This feature is enabled for all users of a customer instance. By default this feature is disabled not enforcing any restrictions on user password creation.
  9. Challenge Response Authentication (CRA): The CRA feature turns on the ‘Level 3 Security (Challenge Response Authentication – CRA)’ and allows for an additional layer of security on registration. When a user invites a new user, they must assign a code or password that the recipient user must enter when registering. This can be set to the new User’s customer ID or PIN number assigned by your organization. With CRA enabled, all new users will require a CRA code by default to register. However, exemptions can be made for specific email addresses or email domains (such as internal domains, if your organization’s employees are not required to have a CRA code to register). This exemption is set at the ‘Registration Filters’.

    The caption can be specified to ensure that the new user knows what to enter (for example ‘PIN Code’ or ‘Membership ID’). This will be displayed for both the inviter on send, and the new user at registration.

    • Sender Help Link: This link is displayed for the sender when composing a secure message to a new user. This page should provide custom information to your user instructing them on how to use the feature, and what code they must enter. This page can be set up within your organization’s website to ensure the content can be easily updated.
    • Recipient Help Link: This link is displayed for the recipient on the registration page, below the box where they must enter their ‘CRA’ code. This page should provide custom information to new users instructing them on how to use the feature, and what code they must enter. This page can be set up within your organization’s website to ensure the content can be easily updated.