Slate employs login checkpoints when a user attempts to login from an unrecognized location.
- There is an exclusive permission, "Security Administrator", that should be assigned to those users that are in charge of monitoring the security of your database. Each partner must have at least one designated Security Administrator. We will send reminders to all administrators for your database until one or more users has been chosen as a Security Administrator. These users will become the primary contacts for all security communications from Technolutions.
- If a user attempts to login from an unrecognized location that is outside of the partner's home country and in a country that has not been visited by this user within the past 30 days, an email notification will be generated to the email address on record for the user, requiring the user to verify the login by clicking on a link. A separate notification will be sent to all security administrators for the database.
- Logins will be automatically allowed from countries that have a confirmed event associated with the authenticating user and occurring +/- 7 days of the current date.
- If the user allows the login, he or she may proceed as normal, and there will be no additional verifications for that user when he or she logs in from that country, so long as that user's access in that country does not idle for more than 30 days.
- If the user denies the login as unauthorized, an additional, high priority email will be sent to the user and to all security administrators for the database reporting the unauthorized login attempt.
- Once a login notification has been triggered, login notifications will also be generated for login attempts from the home country until a login is verified again.
We believe that these checkpoints will present no major obstacles for users that may be traveling abroad. For users that reside outside of the partner's home country, you can edit the user account to set a new home country for which checkpoints will not be required, irrespective of idle time or activity.
When a user requires checkpoint authorization, he or she will receive the following message when attempting to login:
As the message indicates, we will send an email to the email address on record for the user with an authorization link, as shown in the example message below:
Upon clicking the link, the user will be directed to a page as shown in the example below:
If the user allows the access, he or she will be able to proceed with authentication. If the user denies the access, a separate email will be sent to the security administrators, with high priority, indicating that the user's account may be compromised.
These checkpoints form just part of a comprehensive security strategy to identify suspicious activity and behavior.