Please enable JavaScript.
Coggle requires JavaScript to display documents.
Securing Email Clients (Email client password (What is it made of? numbers…
Securing Email Clients
Initial Setup
Users without MFA
-
Do we want to make client passwords available to users who have not enrolled for 2FA? :check: AVAILABLE with 2FA Only, any changes managed via CR
-
Users with MFA
Where do we communicate about getting email client password? i.e. is it when user has successfully completed 2FA enrollment?
-
-
Do we display the password in 2FA enrollment journey?
Display App password on MyVM Portal. :check: YES
App password on converged App: :check: YES
-
User comms? :check: When user generates App password , we need to send out comm - This needs to be added to an existing MFA comms and add App password info after checking if user has got mailbox or not :star:
-
Password to be displayed only during first time enrollment of 2FA for users that have got VM mailbox :check: :star:
Mailbox creation - If user is creating new mailbox and if they have got 2FA setup, they must be asked to generate App password
(Primary users who hasn't setup mailbox)
Separate comm required for informing user that they have got App password generated - This could be part of any existing mailbox creation comm we may have? :check: :star:
-
-
Is this available for both primary users & sub users independently? :check: Completely independent : :star:
-
Label or categories email client password
i.e. Outlook etc. :red_cross: Not required because only 1 pwd
In-Life
-
-
-
Once MFA authenticated,
User able to see email client password
already generated (within MyVM > MFA section) :red_cross: NOT to be displayed but CAN ONLY BE REGENERATED, can be displayed at point of regeneration
What should happen if user leaves VM? :check: same rules as mailbox should apply. As long as mailbox remains valid, App password should work. When we delete mailbox, app password to be deleted. :star:
Do we need customer facing digital articles &
FAQs to help with email client passwords? :check: Separate section for App password :star:
Help & Support
What can go wrong technically and what do we need for support teams? :check: Standard fusion support for new API service to follow :star:
-
Email client password
What is it made of? numbers, symbols?
:check: Compliant to NCSC password guidelines or other security equivalent :star:
Length? Check with Jan on what is max password length supported by mail cloud :question: Andy to recommend pwd, to be validated with Tom G Emailed Jan
-
Any specific storage requirement? considering security & compliance :check:
Store it in two different format, Sai to provide
Emailed Sai B
Do we generate only one password? to be used for all clients :check: ONE FOR ALL Client for email service :star:
-
-
NFRs/Volumetric
Volume of users touching mail cloud provisioning API :question: Work this out based on % of users that have mailbox, % take up of MFA :star:
-
What options user may have if password generation isn't available or fails? :check: Display error message with an option to try again later, if problem continues call into care :star:
-
If App password solution isn't ready by the time MFA is launched, then users setting up must be warned about changing their MyVM password to make it strong
-