To ensure the security and integrity of your administrator accounts and the data your organization stores in govDelivery, we offer a number of optional security features and protocols to keep your organization safe and secure. From IP address restrictions to automatically expiring passwords, we provide a wide variety of security options within govDelivery.


To enable any of the following options, contact our Support team by clicking the 'Contact Support' button on the right side of this page, and we'll be glad to assist you in adding any of the below features.

Trusted and Restricted IP Addresses

You can provide Granicus with a list of known IP addresses you trust. We will store these IP addresses in your account and you can use this list in one of two ways:

  • IP Address Restriction: You can limit administrator access to your govDelivery account to only the IP addresses and NetMask ranges in your trusted list. Using this feature ensures that all administrator logins are coming from a safe location identified by your agency. When an administrator attempts to access your account from an unknown IP address, the administrator will be denied access to govDelivery, and will see the following error message:

  • IP Address Monitoring: Instead of restricting IP addresses for login, you can monitor login activity from IP addresses outside of your trusted locations. On the Administrator Login History Report, you can see the IP address for each login attempt, and a note as to whether the attempt was from one of your trusted IP addresses. 

    TrustedIPAddresses.png

Password Auto Expire

This feature allows you to require administrators within your organization to change their password at a regular interval. Granicus recommends that administrators change their password every 60 to 90 days, but you can select exactly how often you want your administrators to change their govDelivery password using this feature.

govDelivery will automatically notify administrators 10 days prior to when their passwords expire, reminding them to change their password before then. Administrators will receive a reminder email each day for 10 days unless they change their password. The email reminder administrators receive will include the email address of the account for which the password requires resetting.

Once the password expires, govDelivery will not send additional reminders, but the administrator will not be able to login to govDelivery without resetting their password first. Password expiration requirements apply to both govDelivery administrations that log in through the user interface and Web Services users.

Password Requirements

A standard security feature Granicus employs are password strength requirements. Administrator passwords must be at least eight characters long and contain three of the following character types:

  • Upper case letters
  • Lower case letters
  • Numbers
  • Symbols

Passwords that do not meet these requirements cannot be saved, and the administrator will be prompted to enter a different valid password, if the password they entered does not meet the above requirements.

Complex Passwords

Some organizations require an even higher degree of security and password complexity than the above standard password requirements. If you would like to require administrators in your organization to have more secure passwords, govDelivery can require new administrators and administrators that are resetting their passwords to have complex passwords. Requirements for complex passwords are as follows:

  • At least 12 characters in length
  • Include both upper and lower case letters
  • Include at least one number
  • Include at least one special character/symbol

Complex passwords comply with FedRAMP requirements. 

Authentication Limits

Your organization also has the option to temporarily lock administrators out of govDelivery after a predetermined number of failed login attempts in a set amount of time. By default, an administrator's account is locked for 30 minutes after three unsuccessful login attempts from the same user ID and IP address within 5 minutes. You can also customize the number of login attempts and the time frame for locking an account (for example, ten login attempts within 60 minutes).

Once an account is locked, govDelivery will not send any communication to the administrator, including password reset emails. To unlock the account, the administrator must either:

  • Wait 30 minutes and then either attempt to re-login or reset their password via the link on the login page.
  • Contact Customer Support to request that their account be unlocked (this will also send a password reset to the email address on file).

Inactivity Log Out

Administrators are automatically logged out if they have been inactive for 60 minutes, in order to prevent an unattended govDelivery session being accessed by an unintended user.

Viewing Login Attempts for Administrators

To keep track of when and where your account is being accessed, your organization also has the ability to view the login attempts for all administrators within your account. To view a report of login attempts for all administrators in your account:

  1. On the menu on the left side of your screen, click on Administrators.
  2. In the upper-right corner, click Login History.

The report details the administrator's email address, whether the login was successful or failed, the date and time of the login attempt, the IP address, the administrator's browser and browser version number, and their computer's operating system. The report also indicates whether the attempt from a trusted IP address, if you have provided a list of trusted IP addresses for your account to Granicus.

Administrator Auto-Expire

Enabling this feature locks inactive administrators (designated number of days) from logging in until assisted.