Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.elementum.io/llms.txt

Use this file to discover all available pages before exploring further.

Overview

External user re-authentication lets Org Admins set a periodic re-verification interval for users in the External Users group. When the interval expires, the user is blocked from accessing the organization until they confirm their identity via a magic link sent to their registered email. This setting applies only to external users and is configured per organization. Verifying in one organization does not extend access to any other.
Before enabling, confirm that your External Users group and email domains are correctly configured. All users in the group will be subject to re-authentication immediately.

Configure Email Verification Gate

  1. Go to Organization Settings > Access Management > Authentication > Email Verification Gate.
  2. Enable the feature.
  3. Set the Link Validity — how long the magic link remains active after it is sent.
    • Options: 5 minutes, 15 minutes, 30 minutes, 1 hour
  4. Set the Session Duration — how long a verified session lasts before the user must re-authenticate.
    • Options: 1 hour, 8 hours, 24 hours, 72 hours
  5. Click Save.

When access expires

When an external user’s interval expires, the next time they access the organization:
  • Access is suspended — the user is redirected to a re-authentication page and cannot navigate the platform.
A magic link is automatically sent to their registered email address. Clicking the link restores full access immediately. Magic links are single-use and short-lived. If the link has expired, the user can request a new one from the re-authentication page. The re-authentication page also allows the user to switch to another organization. Each organization’s expiry is tracked independently.

Notes

  • Internal users are not affected — this policy applies only to the External Users group. Each organization manages its own interval independently.
  • Access assignments are preserved — expiry does not remove group memberships, roles, or data access policies. All access is restored once the user re-authenticates.
  • Email deliverability — ensure automated emails from Elementum are not blocked by the recipient’s domain. See Custom Email Domains for guidance on sending from a verified domain.

Access Management

Manage users and groups, including the External Users system group

Multi-Factor Authentication

Add a second factor to login for all users

Roles & Permissions

Control what external users can do within the organization

Custom Email Domains

Configure a verified sending domain for outbound emails