Standard Registration Process as Part of an Authentication Solution
It is an essential part of IT security and data protection that every employee of a company has independent and individual access (logins) to the IT systems. This is the only way to track who has performed which action in the systems and when. The reasons for this are manifold. On the one hand, this is to prevent unauthorized persons from gaining access to the systems. If there are only shared company accounts, employees will sooner or later be careless with these general login credentials, since no one can prove who passed on the login credentials anyway. On the other hand, actions can only be assigned to employees with individual user accounts. This is particularly important in order to be able to professionally answer queries or to uncover criminal behavior and to be able to meaningfully differentiate authorized from unauthorized access by third parties (like hackers). Last but not least, it is essential and legally required to protect personal data within the framework of the General Data Protection Regulation (GDPR).
The basis for providing individual logins is always the existence of an individual (company) e-mail address. This is required for the sign-up process as well as for subsequent reset or 'forgotten password' processes. Furthermore, individual login procedures such as the Magic Link can only be used with the use of a personal e-mail account.
Even if not all employees have a work e-mail account, the use of personal (private) e-mail accounts must be discouraged for security and data protection reasons.