https://man.liquidfiles.com
LiquidFiles Documentation

Access Pass Authentication is an authentication method in LiquidFiles to enable authenticated access for external users with no local user accounts.

Video Overview

This video walks through Access Pass authentication and configuration.

Access Pass Overview

When an external recipient receives an Access Pass, it will look similar to this:

images/authentication/access_pass/access_pass_email.png

The Access Pass (ZA03-EI4c-nFBi in the email above) will uniquely idenfiy each user. When users click on the link in the email, they will be taken to an Authentication Page like this:

images/authentication/access_pass/access_pass_authentication_screen.png

At this page, the user can:

  1. Enter their Access Pass and be granted access to the Secure Message.
  2. Request a new Access Pass — in case they've deleted the Access Pass email.
  3. Login using an existing username and password, for existing users.

Configuration

There's two available configuration settings for Access Pass authentication:

images/authentication/access_pass/access_pass_configuration.png

Access Pass Expiration

The Access Pass Expiration (in seconds) determine how long a user can use an Access Pass. The default is 604800s, or 1 week. This means that if you send a Secure Message to an external user with no user account on your LiquidFiles system, the Access Pass they will receive is valid for 1 week.

Access Pass Remove After

In order to make Access Pass Authentication as user friendly as possible, we keep expired Access Passes on the LiquidFiles system. On default they will be removed after 90 days. If someone enters an expired Access Pass, they will automatically receive a new one.

One of the reasons why we wanted to keep old Access Passes is that say that the user john.doe@company.com can also receive emails as jdoe@company.com or just john@company.com. If we ask the user to enter their email address (how external user authentication worked before LiquidFiles v3.4) if the Secure Message was sent to john.doe@company.com, that's what the user had to enter. The LiquidFiles system has no way of knowing that john.doe@company.com, jdoe@company.com and john@company.com is the same user.

Access Pass Expiration Example

Lets say a user sends a Secure Message to john.doe@company.com on 1st of February at 9am. john.doe@company.com does not have an account on this LiquidFiles system. We assume this LiquidFiles system has the default configuration above. john.doe@company.com will receive an Access Pass in a separate email: ZA03-EI4c-nFBi. One of three things will now happen:

  1. john.doe@company.com clicks on the link in the email before 9am on the 8th of Febrary, enters the Access Pass ZA03-EI4c-nFBi and will be successfully authenticated.
  2. john.doe@company.com clicks on the link in the email after 9am on the 8th of February but before the 1st of March (90 days later), enters the Access Pass ZA03-EI4c-nFBi. Since the Access Pass has expired, it can't be used to authenticate john.doe@company.com, but since it hasn't been removed, we know that Access Pass ZA03-EI4c-nFBi used to authenticate john.doe@company.com so the LiquidFiles system automatically sends a new Access Pass to john.doe@company.com that can be used to authenticate.
  3. john.doe@company.com clicks on the link in the email after 1st of March. There will no longer be any record of the Access Pass ZA03-EI4c-nFBi so the LiquidFiles system will prompt the user to enter their email address to send a new Access Pass.