Support Center

Accounts, Identities, and Roles

Last Updated: Dec 15, 2018 08:28PM PST
This article explains SSProtect Accounts, their associated User Identities, assignable Roles, and the different types of Accounts used by the software.
 
Introduction
The SSProtect :Foundation Client uses a Login Session that defines configuration and policy for execution. Login is not required until you access protected content or use product capabilities.

Account (User) Identity
SSProtect Login uses an Account that identifies you as a unique User. Your identity is a unique email address you provide when Provisioning an Account. You must have control over this email account to work with information SSProtect sends, like the temporary credentials used for Account Registration.
 
Changing your Account Identity
You cannot change the email address associated with an Account, though you can provision a new Account, using a different email address, then migrate data. This concept does not map well to Organization Administrators. More detail is provided below.

 
Account Types
SSProtect supports Accounts that operate independently, and Accounts that operate within the context of an SSProtect Organization.
 
Individual Accounts
Individual Accounts operate without any additional oversight from others - you are the master of your own domain, so to speak, and manage both your configuration and protected content. It's worth noting that managing protected content differs from accessing and working with secure data. This will become more evident as you discover more about the system.

Individual Accounts do not have default trust relationships for data sharing, though you can use Third Party Trusts to create and manage them.

Organization Accounts
Organization Accounts operate within the context of an SSProtect Organization. This is a collection of Accounts (Users) that use the same set of features managed by a set of Privileged Users (a single Administrator and one or more assigned Delegates, described below). Some changes to an Organization affect all Accounts, though many items are individually managed.

Organization Accounts have built-in trust associations with one another, which provides for zero-configuration data sharing between members. Third Party Trusts govern sharing permissions for Accounts outside the Organization.


User Roles
Each Account operates in one of three distinct Roles:
 
  • Non-Privileged User
  • Privileged User; Administrator
  • Privileged User; Delegate

A Non-Privileged User is able to work with, protect, and access managed content, and can also access data shared by Organization peers or Third Party Trusts - as can Administrators and Delegates.

Non-Privileged Users cannot modify their own configuration beyond a few simple adjustments, which generally modify configurable thresholds or switch between operating modes.

The Administrator
Every Organization has one single Administrator. This is the first provisioned Account, typically resulting in a Registration Email to the Administrator email address. For more information, continue to the Deployment Topic's Admins and Organizations article.

Delegates
Delegates manage Organizations on behalf of an Administrator, and have almost the same permissions. The only differences are:

 
  1. Delegates cannot modify an Organization's configuration for Enhanced 2FA
  2. Delegates do not generate Organization Keys

Delegates only exist for Organizations, and the Administrator - and other Delegates - can promote and demote individual Accounts to and from Delegate status.

Individual Account Administrators
Users who operate as Individuals, without an Organization, usually as a result of Creating an Account without an Organization, serve as the single Administrator to an un-named one-User Organization. Though the User Interface is slightly different from that of an Organization Administrator, the managing capabilities are the nearly the same.

Individuals can at a later time create an Organization. This is achieved my migrating the Account to that of a full Organization Administrator. This procedure is detailed in the article, Migrating to an Organization Account.


Additional Resources
You can search this site for more information on various topics, or use 
this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.

In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.

 

This article was updated w/ v8.5.1 of the :Foundation Client

Contact Us

ed5301d112e75fde24d469c55568f50b@definisec.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete