This article shows you how to Migrate an Individual Account to an Organization.
Individual Accounts
Individual Accounts provide single-user execution of SSProtect without the complexity of group Administration and Licensing. Individual Accounts support all major/ core SSProtect capabilities, including Third Party Trusts necessary to securely share data with others. Some Component Services, such as :Respond and :xRecovery, cannot be applied until you migrate to an Organization Account as described in this article.
Individual Accounts are always the result of Creating an Account rather than working with pre-defined Registration delivered via email. Use cases are most often associated with product evaluation and/ or at-home use managing personal finance, sensitive email, and other important electronic data that benefits from proper host encryption and secure remote backup/ restore.
SSProtect Organizations
Organizations are logical groupings of SSProtect Users bound together by common focus, data use, security requirements, and/ or Administration. This most often maps to a team or department within a company, always managed by a single Administrator and one or more Delegates (Privileged Users). Non-Privileged Users do not see Administrative elements in their User Interface, but can be elevated to (or relegated from) a Delegate role at any time.
An Organization can include Users from multiple companies, regions, and countries, though each User or Account can only be a member of one Organization, which once named and established, cannot be renamed.
For more information, refer to the Concepts Section of articles, or more specifically, Accounts, Identities, and Roles.
Migration = Creating an Organization
When you Migrate your Individual Account to an Organization Account, you create a new Organization and become its' one and only Administrator. You can subsequently deploy other Accounts (Users) and manage Component configuration while maintaining Third Party Trusts and other Organization-wide configuration details.
NOTE: You cannot Migrate to an existing Organization though in certain circumstances you may be able to Join an existing Organization. For details, refer to the article, Creating an Account.
Considerations when Migrating to an Organization Account
Before choosing to migrate to an Organization Account, consider the following:
- This is a one-time procedure that cannot be reversed
- You cannot change your Organization name after conversion
- You will be appointed as the single Administrator, authorized to provision new Users and appoint Delegates
The primary advantage of Organization Accounts over Individual Accounts lies in central Administration (and Delegate authority) for sets of Users with the benefit of zero-configuration Collaboration. Else, Individual Accounts are functionally the same as their Organization counterparts.
Organization Names
SSProtect Organization names typically include the name of the company combined with the name of a team or department, for example company-accounting, company-xyzproduct, or company-teamx. It isn't uncommon for a company to have several deployments that use Third Party Trusts to share data. This supports compartmentalized separation while taking advantage of the Principle of Least Privilege, helping to combat Insider Threats.
You must choose an Organization Name that reflects your associated entity. Though you can choose an arbitrary name, it is subject to MSP approval. For automatic and immediate processing, use the following convention:
- Use a prefix that matches your Account's domain/ hostname, without the TLD (.com, .net, .io)
- Use a dash or underscore to separate the prefix from a variable suffix representing a team name or function
- Coordinate with other teams in your business to choose a consistent naming scheme
Be sure to check with your business entity's peers to select a name consistent with any internal convention that's already been chosen. This will help others quickly identify your team when configuring Third Party Trusts.
This is a common - and recommended - deployment methodology, with independently-managed SSProtect Organizations associated with internal teams. This approach protects against internal threats by limiting the authorized scope of sensitive data while maintaining a high degree of collaborative control. Refer to the articles, Protected Data Sharing and, Managing Third Party Trusts in the :Collaborate article series.
IMPORTANT: Refer to the article, Creating an Account, to review information critical to the selection of your Organization Name.
Submitting the Conversion/ Migration Request
When ready, visit the License and Component UI using the notification icon's context menu then choose Convert to select your Organization Name:
You CANNOT change this name once it is approved, and when your name matches the proper auto-approval convention, approval is immediate: You will be taken back to the Login dialog to resume after re-submitting credentials.
NOTE: You cannot request Conversion/ Migration over the phone or through email.
Manual Organization Name Approval
If you choose to submit a non-standard Organization Name, Support will be notified to service your request. You can expect a response consistent with your Support Policy, though can contact Support directly to request prioritized service.
During this period of time, you can continue to use your Account normally. When Support completes Migration, you will receive email notification indicating success or failure. On success, and as directed in notification email, Refresh Login to commence operation as the Administrator of the new Organization. After 1st Login, you will be greeted with popup notification reflecting the change.
Starting in v10.7.1, you can Cancel a pending request to re-submit another name - this is not uncommon if accidentally submitting a name that doesn't match auto-approval conventions.
Exporting Organization Keys
After successful Migration, and after popup notification that your Organization has been created, you will be taken to the Startup sequence and presented with Key Export options. Because you are now managing a new Organization, and because you are the one Administrator, you are responsible for Keys that manage Organization use.
These keys differ from your Individual Account keys, and it's critical that you Export and save them in a safe place.
IMPORTANT: Make sure you Export Keys and store them for future use. This is critical and should not be ignored. For more information, refer to the article 1st Time Use, which provides context around this procedure along with additional links to related considerations.
Getting Additional Help
For more information on the use of Accounts, Organizations, and Components, refer to articles in the Concepts Section of the Administration Category. You can also send additional questions or suggestions to support@definisec.com, or post them here for others to answer see and answer.
This article was updated w/ v10.7.1 of the :Foundation Client