When you start using SSProtect, your Organization comes pre-configured with a certain number of seats available for users at your discretion. These seats are usable in any way you see fit - if an employee leaves your company, you can reclaim that seat without losing the history or even the information associated with that employee's use.
To understand how these pieces fit together, we must explain certain resource and their roles.
Accounts, Organizations, and Servers
Your use of SSProtect is uniquely defined by your Account, and you identify yourself to this Account with your Username, which is an email address. Each Account belongs to a single Organization, and each Organization is associated with and unique to a set of Servers.
For more insight, refer to the article, Accounts, Identities, and Roles.
This section's information regarding Server Sets applies to those that are working with both Internet-managed KODiAC Cloud Service deployments, such as that managed by DefiniSec, and also corporate-deployed and independently, in-house managed systems. This is not currently common, however the information is offered for completeness and further operational insight.
A Server Set is a collection of cloud Servers. KODiAC Cloud Services have been designed to work with one or more instances of High Availability Server Clusters. These can be hosted in a single Data Center or, by using any number of High Availability technologies, globally distributed. As such, the singular reference to a Server is a logical association that has more to do with the common data set being used than the Servers that are dispatching and controlling communications.
In most cases, this is irrelevant, as most users choose to utilize the DefiniSec-hosted KODiAC Cloud Services solution, which handles :Foundation Client associations to the proper geographically distributed Server Sets (and thus Data Centers) while also managing Global Scope and visibility for sharing and/ or replication to other geographic regions around the globe. This is an advanced topic for Multi-National corporation deployments, and should be revisited once the basic concepts of deployment have been mastered.
As such, in this article, we will refer to a singular Server reference as, "Server Set". For more insight, refer to the article, Trusts, Profiles, and Server Sets.
Email Addresses and Multiple Accounts
A single Server Set manages multiple Organizations, each containing a unique set of Accounts and thus unique set of Usernames. A Username is unique across a single dataset: You must use a different Username for every Account attached to an Organization managed by the same Server Set. As a result, your email address cannot be used with multiple Accounts on the same Server Set.
You can however use a single email address with multiple Accounts so long as they are part of Organizations managed by two different Server Sets. For example, you could register your email address with an Account at work that uses an in-house deployment of SSProtect. Obviously the Server Set would be independent from those managed by DefiniSec on the Internet, thus the datasets would be independent and, as a result, would not be in conflict.
NOTE: We do NOT recommend using the same email address for multiple Accounts, even when possible. This can be problematic when using :Email and trying to determine why a particular incoming message is not accessible - and it almost always boils down to being Logged into the wrong context.
To simplify matters, we have created Profiles to represent the combination of email address, Username, Account, Organization, and Server. This is a unique combination which is easier referred to by moniker, i.e., "Work" or, "Home". Access Profiles from the Advanced Login display, where you can edit to rename or even delete them.
In fact, deleting a Profile only serves to remove data from the host computer - Profile configuration is securely stored by KODiAC Cloud Services, and it can be re-provisioned at any time. See the article Remote Profile Deployment for details.
Before you deploy to an individual, consider the environment in which they are working. Check to insure their host computer meets system Requirements, and be aware of any possible software compatibility issues. Compatibility issues hold higher potential with consumer products than with corporate business applications. Anti-virus software, VPN software, and other security software can but does not usually conflict with SSProtect. For questions, contact Support as noted at the end of this article.
Procedure for Adding a New User
To Provision a New User in your Organization, navigate to the Administer Users menu from the notification tray icon, then choose the Manage submenu item to display User Administration:
- Click New
- For Username, enter the user's email address that uniquely defines an Account
- Check Delegate if you want this user to have Administrator privileges
- Check Unsigned Containers if you want this user to have the ability to access protected content using software applications that are not digitally signed
- Check Release Protections if you want this user to be able to shift-right-click and choose SSProtect Release
- Choose :Recover if your Organization is using :Recover and you want this user's files to be stored by KODiAC Cloud Services (affecting Quota)
- Chose No 2nd Factor to disable the 2nd factor prompts. This is typically used with less-experienced users while they become accustomed to using the software. Note that this option will be unchecked when you use 2FA hardware tokens
- For Acct Quota, choose the amount of space you want to reserve for this user's KODiAC Cloud Archive file storage. The information in the same vicinity shows how much is available for your Organization.
- Choose Save
This will send an email to the address you used for the Username providing instructions for the user to acquire and install the software (see Email Notifications for further details on notification). You will receive an email message when this user completes Registration so you can perform Validation.
Validation allows you to make certain that the Account you provisioned wasn't intercepted by an intruder before permitting access to Organization data. After the provisioned user goes through Registration, you will as noted receive an email notification indicating that he/she is ready for Validation. Speak to this person and verify that they carried out the Registration to be absolutely sure, then:
- Return to Administer Users
- Choose the target Username from the list of Users
- Click Validate
This will generate notification email for the end-user to inform them that the Account is ready to be used. Their first subsequent Login transfers the keys necessary for them to access Organization content - though no content is transferred to them, as it must be shared using traditional or existing collaboration software methods and/ or infrastructure - a core principle of SSProtect in supplementing existing systems with compatibility.
For More Information
If you have questions or concerns, contact our support staff at firstname.lastname@example.org, who can offer assistance in better understanding how to make the best use of these policies, and other related capabilities.
This article was updated w/ v9.3.2 of the :Foundation Client