This article assumes you have installed the Installing the :Foundation Client. If you have a Registration Email with temporary credentials, follow the procedure in the article, Using the Registration Email.as described in,
What You Need To Know
- When you use SSProtect, you first Login using an Account
- Accounts are uniquely associated with email you control
- There are two types of Accounts: Organization and Individual
Individual Accounts are completely self-managed, do not share configuration with other Accounts, and do not carry implicit Trust relationships with others (instead relying on Third Party Trusts you maintain).
Organizations and Privileged Accounts
If you plan to manage SSProtect for a group of users that will share configuration traits and/ or Trust relationships, you will need to create (or join) an Organization.
Organizations are collections of Accounts managed by Privileged Users (Accounts). These include zero or more Delegates and one single Administrator, the Account used to create the Organization.
For more information, refer to articles in the Quick Start and Concepts Help Topics.
SSProtect starts and runs in the background when you Login to Windows. When SSProtect encounters events associated with managed content, it takes action within the context of a Login Session. If one is not present, you are prompted to Login using the Account's Username (associated email address) and Password (that you set and manage; see below).
Creating and Provisioning Accounts
Unless you've received a Registration Email, you will need to create an Account to use the system. Accounts are created, 1) from within the :Foundation Client, described below, 2) by Organization Administrators/ Delegates, and 3) by DefiniSec Support. The latter two methods generate the noted Registration Email, and are always associated with Organizations.
Click the SSProtect icon in the system Notification Tray to display its' context menu, then choose Refresh Login... to display the Login Prompt:
NOTE: You can double-click the Desktop shortcut to display the Login dialog if an active Login Session is not present. Else, you will see the notification tray advertisement.
This display shows all local Profiles, which allows you to customize the name of an Account instead of relying on its' associated email address. This is helpful when working with multiple Server Sets. For more information, refer to the article, Trusts, Profiles, and Server Sets.
If you haven't previously configured one or more Accounts, you will see, Choose an Action From Below.... Click the Profile dropdown then choose Create New... from the list to display the Create Account dialog:
Enter the email address for an account you control and wish to associate with SSProtect. Check the :Recover option if you wish to utilize seamless backup and restore functionality, and/ or :Email if you wish to use :Email for Outlook message and attachment protection. Org is an advanced topic described at the end of this article. Click Create... to start the Provisioning process.
Adding :Recover for Backup/ Restore
Starting with v6.6.4, you have the option to provision your Account with :Recover. This optional component provides seamless secure cloud data backup and restore for managed content. For general information, refer to the article, Using :Recover. To manage :Recover with your Individual Account, refer to the article, Managing Your Account.
When provisioning your Account to use :Recover, you will be assigned 500MB of Quota space for storage. If you are creating an Organization, you and the other 4 Seats will each have 500MB for a total of 2.5GB, which can be redistributed at any time.
:Recover by default enables Retention Policy, which ensures that the most recent five (5) versions of any managed Item remains in the KODiAC Archive (and available for Restoration/ Recall) at all times.
For more information, refer to the related Organization sections at the end of this article, and also to the article, Archives, Quotas, and Retention Policy for more information.
NOTE: If you are using the Email-only installation package, :Recover will not be available. Refer to the section :Shell Considerations, below, for more.
Registering and Using your Email Code
After you click Create..., you will receive a code in your email account's Inbox. Copy and paste this into the Code edit box, which will be enabled. Choose Verify to complete the process:
The software will now provision your configuration data, which can take a couple seconds, then it will prompt you to create and verify a new Password (which you can change later):
NOTE: Server content will be different for your interface: ssp-a.secdefini.com.
Choose a new (unique) value and enter it twice, then choose Change. This will complete Provisioning and return you to the Login display where you can Login and establish your first SSProtect Session.
There are currently two install packages available for you to choose from - the Primary Package includes a filesystem driver that enables In-Place Encryption. The Alternate Package does not include the driver, and is suitable for Email-only use.
Both Packages install the :Shell component for you. You can make post-Provisioning adjustments to your optional features using the instructions in, Adding Feature Components.
1st Time Operation
The first time you Login after provisioning, you will be presented with additional startup instructions to guide your configuration. These are described in, 1st Time Use.
If you intend to create and Administer an Organization, or if you are are joining an existing Organization (which requires Validation by one of its' Privileged Account holders), check the Org checkbox before you choose Create (you cannot change selected options after choosing Create). This will display an edit control in which you specify the name of an existing or new SSProtect Organization.
Joining an Existing Organization
You can provision your Account to join an existing Organization if you know its' name and if it is configured to receive outside Sign-Up requests as explained in the article, Managing Sign-Ups.
By default, Sign-Ups are disabled when an Organization is created, denying external requests to join during Sign-Up. When enabled, each request to join an existing Organization (using this procedure) requires Validation by a Privileged Account in the target Organization before it is operational. It can also be Dismissed.
Seat License Impact from Sign-Up to an Organization
Note that an Organization Seat License is not assigned to the Account until after it is Validated. This differs from Provisioned Accounts that pre-reserve a License Seat since they are destined to be Validated.
Denied Sign-Up to an Organization
If your request to join an existing Organization is denied, you will receive email notification to that effect, and your Account will be Deleted. You will have to re-provision a new one in order to continue, which will require the assistance of Support (since Accounts are never wholly removed).
Refer to the article, Migrating to an Organization Account if you wish to create your own Organization to Administer.
Using Email Aliases when Joining an Organization
When you intend to join multiple Organizations over time, make sure you're using different email accounts that have 1-1 correlations with the SSProtect Organization Accounts you intend to create. When you do not have corporate email addresses specific to the target Organization, consider using Aliases purposed for each. This will allow you to work with multiple Organizations at a time (using Profiles to simplify matters) while maintaining proper Access Control permissions, data separation, and also safeguards against cross-exposure.
An Organization Name must adhere to the following:
- It must be 127 characters or less in length
- It can include both Uppercase and Lowercase letters
- It can only include the following subset of Symbols:
Organization Names are case-sensitive, though you cannot create two Organizations that are the same from the standpoint of a case-insensitive comparison. For example, if you create an Organization named, "SampleOrg" and later try to join it with, "sampleorg", the operation will fail. In similar fashion, if you try to create a 2nd Organization, "sampleorg", the operation will also fail due to a name collision with "SampleOrg".
Organization Name Approval
When you Provision your Account with for use with an Organization, you start operation as an Individual User while Support reviews your request. Our team will either contact you to discuss alternatives, or approve and apply the name. This will go into effect the next time you Login. You will receive email notification when this process completes.
Organization Consideration: Seats
When you create and manage a new Organization, you are the sole Administrator (though you can provision Delegates with elevated permissions). By default, new Organization created with Sign-Up have 5 Seats, which allows you to deploy 4 more Accounts/ Users with whom you will be working.
Organization Consideration: Shared Data
Organization peers have direct and automatic secured access to your managed content, though you must deliver it to them using any one of the traditional data sharing mechanisms available for sharing conventional application data (email, network file shares, sync and sharing applications, etc). As such, do not provision Users in your Organization unless they are members of your team or company, and should have access to data you intend to manage with SSProtect.
Organization Consideration: Quota
Organization Quota is evenly distributed across Organization Seats, by default. As such, your Account will at first have 500MB of :Recover storage space. You can change this with the Administer Users UI available to Administrators and Delegates, and you can always request more to distribute to your Users. For more information, refer to the article, Managing Organization Users.
This article was updated w/ v9.1.0 of the :Foundation Client