Membership

Anyone working with restricted data hosted by your organization must be an approved member. All members are associated with a specific authentication method (e.g., single-sign-on through a university), and must continue to authenticate with this method in order to work with your organization's data.

On the third tab of your organization's settings, you can configure certain defaults and rules around membership in your organization.

Approval

This setting determines the default rules for approval of new members of your organization.

By default, this setting is toggled off, so all membership applications must be manually approved by an organization administrator. If toggled on, new members will automatically be approved – though even approved members will still need to request access to restricted datasets, and can subsequently have their membership revoked.

You can also choose to restrict automatic approval to certain authentications. For example, you might want to configure it such that all individuals who authenticate with your university are automatically approved as members, while external collaborators require manual approval.

Authentication timeout

When working with restricted data, members will be prompted to re-authenticate (with the authentication method specified in their membership) after a period of inactivity. This can be an important configuration in scenarios where researchers may be using public computers or when complying with certain security guidelines.

You can set the enforced period of inactivity to anywhere between 15 minutes up to 3 days (the default). This timeout period will also apply to interactive users of the API.

We recommend avoiding an overly-restrictive timeout when possible, as this can create significant friction for your users.

Preferred authentication

Here you can specify the preferred authentication (login) method to use when applying for membership with your organization. Typically, this will be your university's single sign-on, prompting users to submit this (rather than another university's credentials or a personal email) if they have it.

Last updated