By default, when a user resets their password, they cannot gain access to their workspaces until an administrator re-issues the relevant encryption keys. Re-approval is a one-click process for the administrator, and this grants the user a fresh copy of the keys for the workspace. However, this need for admin approval creates a delay and sometimes the administrator is unavailable.
What is the Re-Auth Bot?
The Re-auth bot is a small, isolated service running within our infrastructure. You can choose to share workspace keys with the bot, such that when a user changes their password, the bot can grant keys and re-approve access immediately, without the delay for manual approval. There is a security implication of this: it means that keys for the affected workspaces would be available to our system, but we've made sure to limit this access to one small part (the bot) and the bot has only one purpose (re-approvals). Enabling the bot does not enable access for the team at Safelink or any other subsystems.
To enable the Re-Auth Bot, click 'Manage Workspace'.
On the workspace settings page, scroll down to the security section and tick 'Automatically re-issue workspace keys when a user resets their password'.
Note: For highly confidential workspaces where you would still like for keys to be completely unavailable to our systems, we recommend you leave the re-auth bot disabled and Safelink's current behaviour will continue to apply.
Scroll to the bottom and click 'Save'.
Final notes: By ticking this box, you will be sharing encryption keys used for this workspace with the Safelink Re-Auth Bot, which will automatically re-authorise access to this workspace when a member of the workspace resets their password. If you leave this box un-ticked, a workspace manager will need to manually re-authorise access to the workspace when a member of the workspace resets their password, and the encryption keys will not be available to Re-Auth bot.
Updated on: 17 / 09 / 2020