Mail KeepAlive Plugin
Strengthen the security of your platform by disabling accounts whose email address is no longer accessible thanks to the MailKeepAlive module.
When to use this plugin ?
Do you manage all or part of your users outside of a company directory, and do you need to regularly check the validity of user accounts ? The MailKeepAlive module makes your life easier by periodically checking for you whether users still have access to their mailboxes and automatically deactivating them if this is not the case. This is particularly useful in the case of sites enabling free registration or with external member synchronization.
What does thisp plugin do ?
The MailKeepAlive module allows you to detect that email addresses associated with user accounts are no longer being accessed, and to automatically deactivate them in that case.
Implicit and explicit mode
This module uses two complementary detection modes:
- Explicit : a specific verification email is sent and the user must make an explicit action to validate that he or she can still access this email address.
- Implicit : the verification is inserted in a standard e-mail alert from the platform which implicitly validates the e-mail address when the user consults this alert.
The implicit mode hence reduces the number of e-mails sent. The explicit mode can be temporarily deactivated, in particular at the installation of the module, to avoid a massive sending of verifications and to leave the implicit mode for a certain time only.
The explicit mode is systematically used :
- upon account creation,
- when the e-mail address is modified,
- after a certain period of time has elapsed without verification,
- or if the user has never validated his/her e-mail address
When a user account is deactivated by the module, it can be assigned to defined groups for global management of deactivated users.
For each user account, the last verification sent by the module is logged, whether it is pending or validated
The module allows the following configuration :
- The delay before deactivation (default 35 days)
- The delay between each verification request (default 365 days)
- The groups to which users are added when they are deactivated
- The groups of users who are notified if a member's deactivation fails
- The groups whose members for which the verification does not apply
What our customers like about it
A bespoke automation process
Thanks to the different module options an parameters , the management of the deactivation of accounts with unreachable e-mail addresses is automated according to our own policy : the periodicity of the checks, the delay left to the user to validate, as well as the groups automatically assigned to the account at the time of its deactivation.
Implicit validation that avoids unnecessary emails
Intelligent and implicit detection of mailbox access through alerts reduces explicit validation requests to be made by users. This improves the day-to-day user experience, while enhancing access security by disabling unnecessary accounts.
Add the plugin to your JPlatform application and restart.
The plugin is ready for use.
2. Recommanded configurations
2.1 Define target users
The plugin offers 2 options to define the users whose mailbox should or should not be checked.
- Group of members to be verified
- Group of members excluded from verification
Fill in these 2 options according to your security expectations.
It may be appropriate to specifiy the administrators group in the members excluded from the verification.
2.2 Disable explicit validation at the beginning, and schedule its activation.
In order to improve the user experience, by avoiding a mail validation request to the users as soon as the module is installed, we recommend the following approach :
- enable automatic validation, and disable explicit validation (this is the default configuration)
- Automatic Validation : yes
- Explicit Validation : no
- wait a few days/weeks/months for the validation of the really active accounts to take place automatically (thanks to the tracker present in all emails received by the users from the site).
you can monitor validated accounts in the administration area, in the "E-mail validations" section (available when the module is installed), in the "Last validations" tab.
- When you consider that enough users have benefited from this automatic validation, enable explicit validation.
- Explicit Validation : yes
2.3 Follow up on deactivations
In order to track account deactivations performed by the :
- create a dedicated group, for example "Users disabled by MailKeepAlive",
- fill in this group in the plugin configuration, in the option "Group of disabled members".
This way, you will be able to quickly find and act on all the disabled members in the Members and Groups management interface, in the administration area of the site.
2.4 Configure the recipients of alerts in case of failed deactivations
If a user cannot be disable, for example because he is the last administrator of a workspace, the plugin sends an alert to the group specified in the option "Group of members notified in case of deactivation failure".
To be alerted :
- create a dedicated group, for example "Users notified on member deactivation failure",
- fill in this group un the plugin configuration, in the option "Group of members notified in case of deactivation failure"