Support Center

Managing Third Party Trusts

Last Updated: Mar 25, 2019 07:10PM PDT
This article shows you how to grant permission to external users to access your protected content, whether using an Organization or Individual Account.

Overview
Third Party Trusts allow you to share protected content with external SSProtect Users. External Users are defined as those not already members of your Organization, or for those using an Individual Account, any other User. This is a one-way association scoped to a single external User. You can authorize as many external Users as you like.

For general information related to :Collaboration, see Protected Data Sharing.

Scope
Third Party Trusts can only be assigned by Privileged Users since scope is all-inclusive with respect to Organization data. That means any item protected by any member of an Organization can be shared with authorized Third Party Trust resources, though of course only in a protected manner using SSProtect and proper credentials.

SSProtect is compatible with major business offerings and designed to work with and extend protections in ways not managed by these solutions. That said, you can layer access control permissions by utilizing the capabilities of both systems at the same time. This provides additional flexibility to work with existing and future systems without limiting your choices.

Adding and Removing Third Party Trusts with the Quick Action Menu
The Quick Action menu is designed to avoid the complexity that comes with the Third Party Trust management UI. To add a Trust using this interface:
  1. Click on the SSProtect icon in the notification tray
  2. Choose the Sharing Policy context menu item
  3. Select the Add Trust submenu item:




 
  1. Enter the Username (email address) of the Account you wish to add
  2. Choose OK to commit the change
  3. Acknowledge the 2nd-factor prompt (if applicable)
You will receive confirmation that the Trust has been added, or an error message. The dialog will then be presented again for you to add another trust. Click on the, "X" to close, or Escape from the keyboard.

To remove a Trust, use the same process though you will instead choose the Remove Trust submenu. Operation is the same.

Notification
When you add or remove a Third Party Trust, the recipient will receive email notification that their status has changed. The recipient must Refresh Login... (from the notification icon's context menu) before new associations are valid, since keys are exchanged on subsequent Login. Removal is immediate.


One-Way Association
Third Party Trust associations are one-way. Reverse the procedure to gain reciprocal access, and note that configuration is independent - revoking an external Trust does not change that they may have also provided you with access to their Organization. Just as with Adding and Removing, Revocation uses a one-way association.

Working with Materials as a Third Party Trust
When you receive information as a Third Party Trust, you have the same ability to review and modify as you would with any other protected resources you manage. However, when you change and save this content, your Explorer icon overlay will not turn red - it will remain yellow (or orange). This is an indication that the file is not managed by you or your Organization. In fact, if you send this to one of your peers (not a Third Party Trust to the sending Organization) he/she will not be able to access content even though you have made changes to it (and thus generated the encryption/decryption key using resources associated with your Account and Organization).

Managing Third Party Trusts
The Third Party Trust UI shows you which users you have trusted, and which users trust you. Access the UI by choosing the Manage submenu of the Sharing Policy context menu item:




The left side of the display shows all Users you have invited to access your Organization's materials. The right side shows all Organizations that have invited you to access their materials.

To Add a Trust using this interface:
  1. Click Invite...
  2. Enter the third party's SSProtect Username (email address) you wish to authorize
  3. Choose OK then acknowledge subsequent notification/ 2nd-factor prompt(s)
Disabling a Third Party Trust
You can temporarily disable a Third Party Trust, meaning you can suspend external User access to your Organization's materials. This is useful if a Third Party is going to be unavailable for an extended period of time or if there is reason to believe they may be at risk of exposing sensitive materials due to a breach (though remember that SSProtect provides continuous protection, even on potentially compromised hosts). To disable:

 
  1. Choose the proper Third Party Trust resource from the user list on the left
  2. Choose Disable
  3. Acknowledge subsequent notification/ 2nd-factor prompt(s)
You can re-enable the Trust using the same procedure, as the Disable button will change to Enable after you commit the change.

Removing a Third Party Trust
As noted before, you can remove Third Party Trusts using the Remove Trust Quick Action submenu. However, from this display:

 
  1. Choose the proper Third Party Trust resource from the user list on the left
  2. Click Delete
  3. Acknowledge subsequent notification / 2nd-factor prompt(s)

Changes Are Immediate
Disabling, Removing, and Deleting Third Party Trusts are immediate actions - any subsequent attempt by the Third Party Trust to access your Organization's data will be affected by these changes. Note however that any materials open at the time of such changes are not affected until they are closed.

Shared State from External Organizations
The right side of the Third Party Trust UI shows the Organizations that trust you to access their content. The Active column will show, "Yes" or, "No" to indicate whether or not the Third Party Trust is active. Remove inactive Trusts by choosing the respective entries then click Remove.

Summary
Third Party Trusts allow you to extend protected content to Users outside your Organization (or to any other use when operating as an Individual Account holder). Together with :Recover and :Assess, these controls provide a great deal of flexibility in sharing sensitive content without unnecessary exposure to unauthorized resources.


Additional Resources
You can search this site for more information on various topics, or use 
this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
 

This article was updated w/ v9.1.3 of the :Foundation Client
 

Contact Us

ed5301d112e75fde24d469c55568f50b@definisec.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete