Woven customer email address: security and access controls
To achieve the business objective of a great candidate experience that wins engineering hires, Woven requires access to an email group/address at the customer’s domain. A typical email address might be engineering-jobs@YOURDOMAIN.com
This email address is typically used like a `help@YOURDOMAIN.com` support email group might be used.
An important security principle is to avoid usage of shared accounts. This document outlines Woven security procedures to ensure that all usage of this email account can be traced back to a single authenticated Woven team member.
Front provides unique account authentication and authorization
To ensure that all access of our customer’s email account is uniquely authenticated to a single user, we use a Helpdesk tool called Front. Front itself is SOC 2 Type II certified.
Front features:
- Access control on which individual users have what level of access to the email account (read versus send)
- Authentication, including enforced multi-factor authentication
- Audit logging of which user actual sent which messages on behalf of the shared account, with timestamps
FAQ
Q: Do I need to disable Multi Factor Authentication (MFA) for Woven’s email account on my domain?
No. MFA is a best practice for security and we’re able to support MFA for your domain via Front.
It is actually a double MFA. MFA will be sent to your server. Each Woven user will also need to authenticate with MFA.
