Assigning unique email addresses to user accounts
On Saturday August 15th, 2020, Navarik is making a change to the way users log in to the Navarik software platform. From this date forward, users will be required to log in to the Navarik Platform using their email addresses and password instead of their usernames and passwords.
This change is being made to improve the security of the Navarik Platform and enable use of enhanced security features such as Multi-Factor Authentication (MFA), Single Sign On (SSO) and Federation.
However, for accounts that are currently associated to a shared inbox, if left unchanged by Friday August 14th, 2020 (00:00 GMT), the following situation may be experienced:
Example current state:
1 | jsmith | John Smith | |
2 | trh33 | Trena Heath | |
3 | thomas1 | Thomas Graham | |
4 | acartier | Anne Cartier | |
5 | rhuisman | Roberto Huisman |
In the above example, users 1 – 3 will have access to the same account as they will be able to reset the password for the account, simply log in and switch between the three profiles. Equivalently, users 4 and 5 will also have a shared account. This may result in unauthorized access to data.
To avoid this, System Administrators / Inspection Administrators must ensure all users have a unique email address assigned to each account. This can be achieved by browsing to the user details page through Catalogue -> User Accounts and Modifying the account in question.
It is noteworthy that all accounts which have not seen any activity over the last two years are being set to the “Inactive” state by default as part of this change as well. Administrators can modify these accounts and set them to Active when needed.