Access Pass Authentication
Access Pass Authentication is an authentication method in LiquidFiles to enable authenticated access for external users with no local user accounts.
This video walks through Access Pass authentication and configuration.
Access Pass Overview
When an external recipient receives an Access Pass, it will look similar to this:
The Access Pass (ZA03-EI4c-nFBi in the email above) will uniquely idenfiy each user. When users click on the link in the email, they will be taken to an Authentication Page like this:
At this page, the user can:
- Enter their Access Pass and be granted access to the Secure Message.
- Request a new Access Pass — in case they've deleted the Access Pass email.
- Login using an existing username and password, for existing users.
There's three available configuration settings for Access Pass authentication:
Access Pass Expiration
The Access Pass Expiration (in seconds) determine how long a user can use an Access Pass. The default is 604800s, or 1 week. This means that if you send a Secure Message to an external user with no user account on your LiquidFiles system, the Access Pass they will receive is valid for 1 week.
Access Pass Remove After
In order to make Access Pass Authentication as user friendly as possible, we keep expired Access Passes on the LiquidFiles system for a fairly long time. On default they will be removed after 90 days. If someone enters an expired Access Pass, they will automatically receive a new one.
Access Pass Resend After
Because users will likely delete the Access Pass email. After this time, defaulting to 12h, a new Access Pass email will be sent. If the previous access pass is still valid, the same access pass will be re-sent in the new email. This is so that there's a balance between reminding users and not be annoying.
If email@example.com receives 5 Secure Messages in a day, he will only receive 1 Access Pass email. It's only after 12h (on default) has passed until he receives another Secure Message that he will receive another Access Pass email.
Access Pass Expiration Example
Lets say a user sends a Secure Message to firstname.lastname@example.org on 1st of February at 9am. email@example.com does not have an account on this LiquidFiles system. We assume this LiquidFiles system has the default configuration above. firstname.lastname@example.org will receive an Access Pass in a separate email: ZA03-EI4c-nFBi. One of three things will now happen:
- email@example.com clicks on the link in the email before 9am on the 8th of Febrary, enters the Access Pass ZA03-EI4c-nFBi and will be successfully authenticated.
- firstname.lastname@example.org clicks on the link in the email after 9am on the 8th of February but before the 1st of March (90 days later), enters the Access Pass ZA03-EI4c-nFBi. Since the Access Pass has expired, it can't be used to authenticate email@example.com, but since it hasn't been removed, we know that Access Pass ZA03-EI4c-nFBi used to authenticate firstname.lastname@example.org so the LiquidFiles system automatically sends a new Access Pass to email@example.com that can be used to authenticate.
- firstname.lastname@example.org clicks on the link in the email after 1st of March. There will no longer be any record of the Access Pass ZA03-EI4c-nFBi so the LiquidFiles system will prompt the user to enter their email address to send a new Access Pass.