What is Login Security?
Login Security helps stop Business Email Compromise (BEC), the leading cause of claims (2026 Coalition Claims Report), by monitoring suspicious email-account activity and automatically kicking out attackers before they can do damage.
It is built for Microsoft 365 and Google Workspace environments and is designed to help protect inbox access without requiring new software installs or ongoing management from your team.
How do I set up Login Security?
Before you start
You will need:
- Access to Coalition Control(R).
- Admin access for your Microsoft 365 or Google Workspace environment to approve the one-time connection.
There is nothing to install locally, and there is no software agent to deploy. Once connected, Login Security begins monitoring suspicious login activity and related identity signals automatically.
Step-by-step: Microsoft 365 (see clickthrough tutorial)
- Log in to Coalition Control
- Under the Login Security section on the Coalition Control homepage, click “Complete Set Up”
- Choose Microsoft 365 as your identity provider.
- Sign in with a Microsoft 365 admin account and approve the one-time connection.
Step-by-step: Google Workspace (see clickthrough tutorial)
- Log in to Coalition Control
- Under the Login Security section on the Coalition Control homepage, click “Complete Set Up”
- Choose Google Workspace as your identity provider.
- Sign in with a Google Workspace admin account and approve the connection.
- Return to set up and select Google Alert Center.
- To authorize Login Security in Google Alert Center, you will need to grant access to the client.
- Granting Access
- Login to https://admin.google.com
- Go to Menu > Security > API controls > Manage Domain Wide Delegation
- Click Add New
- Enter 110095815816827055854 as the Client ID
- Enter https://www.googleapis.com/auth/apps.alerts as the OAuth Scopes
- Click Authorize
- Granting Access
- Get your customer ID
- Login to https://admin.google.com
- Go to Menu > Account > Account Settings > Profile
- Copy your Customer ID
- Return to Login Security setup in Coalition Control
- Enter your customer ID from above
- Enter your customer email. This should be your email address. Otherwise, provide an email for an administrator of your organization.
- To authorize Login Security in Google Alert Center, you will need to grant access to the client.
- Once you’ve connected Google Workspace and Google Alert Center, you are all set.
Is there a cost associated with Login Security?
Login Security is included with Coalition Control, which is complimentary for all Coalition Policyholders. If you are not a Coalition policyholder and are interested in using Login Security, reach out to securitysales@coalitioninc.com.
What does Login Security look for?
Login Security looks for signs that an email account may be compromised, including:
- Suspicious logins and other anomalous login patterns.
- Unlikely travel or unusual locations.
- Anomalous IPs and other signs of suspected intrusion.
- Malicious inbox rules that attackers create to hide activity or redirect information.
- Failed sign-in patterns, suspicious mailbox activity, and suspicious OAuth or consent-related activity where available.
What do the terms used in Login Security mean?
Suspicious login
A suspicious login is a sign-in that looks inconsistent with expected user behavior or matches patterns commonly associated with account takeover, such as unlikely travel, anomalous IPs, or known bad actors.
Malicious inbox rule
A malicious inbox rule is an email rule an attacker creates after getting into an inbox, often to hide messages, auto-forward mail, or cover their tracks.
Auto-Remediation
Auto-remediation means Login Security has taken action on a confirmed threat automatically and no further action is needed by you, rather than just sending an alert and leaving the work to your team.
Forced password reset
If needed, Login Security can require a user to reset their password on next sign-in so an attacker cannot immediately re-enter the account.
What happens when Login Security finds a threat?
When Login Security detects a high-confidence threat, it can:
- Terminate active sessions.
- Force a password reset on the next sign-in.
- Disable the account if needed to stop ongoing access.
You can also review a clear, auditable record of what was detected and what actions were taken.
Will I need to resolve alerts manually?
Usually, no. Login Security is designed to resolve confirmed threats automatically, with no IT intervention needed for the core containment step.
If follow-up is required, the most common next steps are:
- Make sure the affected user completes their password reset.
- Review the alert details in Coalition Control to understand what happened.
- Review mailbox rules or related account activity if your team wants to validate what the attacker attempted.
- Re-enable a user only after your team has confirmed the account is secure.
Customers will receive emails when threats are contained or unstable integrations require attention. If a security event requires follow-up, the email and the Coalition Control activity history will explain what happened and what action, if any, your team should take.
Is it safe to connect Microsoft 365 or Google Workspace to Login Security?
Yes, connecting your Microsoft 365 or Google Workspace account uses industry-standard security protocols designed to protect your organization's data without ever exposing your credentials.
By connecting your workspace, Login Security can monitor for anomalous behavior and flag unauthorized access attempts in real-time—keeping your business safer.
Here is exactly how your data and environment remain protected:
- We Never See or Store Your Password: The connection is established using OAuth 2.0, the global standard for secure integration. When you authenticate, Microsoft or Google issues a secure, encrypted digital token to Login Security. Your actual passwords never leave your identity provider.
- Principle of Least Privilege: Login Security operates under a strict "need-to-know" model. We only request the exact, limited permissions required to analyze authentication logs and protect your active sessions. We cannot read your emails, access your documents, or modify your organization's core settings.
- Secure Encryption: Any metadata exchanged between Login Security and your workspace is fully encrypted both in transit (using TLS 1.3) and at rest (using AES-256 encryption).
- You Maintain Complete Control: You are always in the driver’s seat. If you ever decide to disable the integration, you can instantly revoke access with a single click from either your Login Security dashboard or directly within your Microsoft/Google admin console.
Will using Login Security affect my insurance premiums or coverage?
No. Login Security is meant to help reduce the risk of loss by monitoring suspicious email-account activity and preventing attackers from compromising inboxes. Using Login Security, and the information it generates, is not intended to affect your premium or coverage under your current policy. Your coverage and premiums remain subject to your policy terms and underwriting.
Where is Login Security available?
Login Security is available to Coalition policyholders globally, with the exception of Quebec. Some Login Security alerts will appear in English only.
How long does Login Security retain data?
Login Security retains data until the entire feature or a particular integration is removed. To permanently delete all your data, you can at any time by going to the Login Security tab within Settings and opting to “Remove Login Security”. This action is not reversible. If you just want to delete data with a particular integration, you can do this through the “manage” option on the homepage or Login Security tab.
How do I delete an integration within Login Security?
You can delete a particular Login Security integration by clicking “Manage” and then “Delete” on a particular integration from the Coalition Control homepage or within the Login Security page. Deleting an integration will permanently delete all data associated with that integration. You can re-add integrations through the “Manage” page as well.