Emails for security events

The security of your site and its users is of the highest priority. Some critical settings can be managed by the user, while others require assistance from Diligent staff, upon request and approval. When sensitive changes are made to your site, a security alert email communicates the potential impact to users, including their ability to access their site and book content. If a site has designated recipients, they also receive corresponding security alert emails. This topic describes the security events that trigger alert emails.

A user's email address is added, removed, or changed

There are three types of email addresses affiliated with a user's account:

  1. Account email address

  2. Board email address

  3. Sign in email address

Depending on the type and conditions, email addresses can be added, removed, or changed by the user, an administrator, or Diligent staff. When any type of email address is updated, a security alert email is sent to the user to ensure they can sign in and receive notifications about their account and books.

Note

The user must sign in at least once to start receiving security alert emails.

A user's password changes

After changing their password, the user receives a security alert email to confirm their new sign-in credentials.

A user's phone number for 2-factor authentication (2FA) changes

If 2FA is enabled, the user receives a security code via SMS text message during the sign-in process. When their 2FA phone number changes, a security alert email is sent to the user to ensure the security code will be sent to their preferred device.

A user's security questions change

Security questions are used to confirm a user's identity when they reset their password or contact Diligent Support for assistance. The user can either change a security question or update the answer to an existing question. These actions trigger a security alert email to the user.

A user's committee or role assignment changes

The committee to which a user is assigned determines the books, documents, and other content they can open. The user's role ensures they have the correct permissions to access the features they need, such as approvals. When an administrator adds or removes a user from a committee, or they change a user's roles and permissions, a security alert email is sent to the designated recipients to provide a record of what changed and who made the changes.

The site's security settings change

When a site's security settings change, the new configurations could impact all users' access. Possible changes include adding or removing multi-factor authorization, offline access, timeout settings, and biometric enablement (Face ID) for mobile devices. The designated recipients receive a security email to alert them that the site's security settings have been updated.

Note

To confirm or receive a report with details of the security setting changes, contact your Customer Success Manager.