The comprehensive security strategy in Slate identifies suspicious, unauthorized activity and behavior through checkpoints for administrative users.

Checkpoint Trigger Conditions

Checkpoints are triggered when a user attempts to sign in under the following conditions:

• The attempt is from outside their home country.

• The user has not signed in from this IP or country in the last 30 days.

• The user is using an unrecognized device.

• The user has no event, interview, or trip stop in the login country during the previous or following seven days.

• The attempt is using a commercial or non-university VPN or anonymizing service.

Important

If a users triggers a checkpoint for a commercial or non-university VPN, Slate locks their account, and only a Security Administrator can release the account. The user cannot access Slate until their account is released. Refer to the Account Blocking section of this article for additional information.

These checkpoints should present no major obstacles for users traveling abroad. For users who live outside the organization's home country, edit the user account to set a new home country where checkpoints will not be required, regardless of idle time or activity.

Checkpoint Trigger Notifications

When a checkpoint is triggered, Slate sends an email notification to the user’s email address on record, with a link to a page where they can allow or deny the login. The link is active for 30 minutes from when it is sent.

A separate notification is sent to all Security Administrators for the database to inform them that the user has been instructed to perform the allow-or-deny procedure.

If the user allows the login: Users can proceed normally once they allow the sign in, and they will receive no further email notifications or additional verifications when they sign in from that country as long as their access in that country is not idle for more than 30 days. Security Administrators receive no additional notifications if the user allows the access.

If the user denies the login: If the user denies the login as being unauthorized, an additional email is sent to the user and all Security Administrators for the database to report the unauthorized access attempt.

Ongoing Notifications: Once a login notification has been triggered, additional notifications will also be generated for attempts from the home country until access is allowed.

Login Checkpoint

When a user requires checkpoint authorization, they will receive a message when attempting to sign in.

Login Notification

As the message indicates, an email is sent to the email address on record for the user with an authorization link.

Login Checkpoint Upon Receiving Login Notification

After clicking the link, the user is directed to select Allow or Deny and Report.

Account Blocking

To prevent unauthorized access, Slate prohibits all attempts to access its network from commercial or non-university VPN networks, as well as anonymizing from services like Tor and open proxy servers.

Tip

Users should use their institutional VPN instead of a commercial one to avoid having their accounts blocked or suspended.

When access is blocked for this reason, Slate sends a notification email to the blocked user and also to the Security Administrators; the user cannot access Slate until a Security Administrator releases the account.

Releasing a User Account

To release a user’s account, the Security Administrator performs the following procedure:

1. Select Database on the Slate navigation bar. The Database page appears.

2. In the Users & Access section, click User Permissions. The Active Users summary page appears with a list of active user accounts.

3. Click the user’s entry in the list. The user’s summary page appears.

4. Click Edit User. The settings popup for the user’s account appears.

5. Locate the Checkpoint setting and clear the checkbox for "Lock account until checkpoint passed..."

6. Click Save.

Note

The Checkpoint option will not appear in a user’s account settings unless a checkpoint has been activated.