Requiring any new email address to be validated through a link would both improve our email deliverability (no unvalidated emails sent to mailgun means less traffic sent to the blacklist) and account security.
Example of validation flow:
- I add a user to the system, specifying name, role, and email address
- The platform sends an email to the specified address that contains a link for the user to verify that they can receive email at that address
- Clicking the link brings the user to a Set Password page
- Once the user has saved their desired password, they can access the platform
Guest
