This article shows you how to Migrate an Individual Account to an Organization Account, which always creates a new Organization for you to Administer.
Individual Accounts
Individual Accounts provide single-user execution of SSProtect without the complexity of group Administration and Licensing. Individual Accounts support all SSProtect capabilities, including Third Party Trusts necessary to securely share data with others.
Individual Accounts are always the result of Creating an Account rather than working with pre-defined Registration delivered via email. Use cases are most often associated with product evaluation and/ or at-home use managing personal finance, sensitive email, and other important electronic data that benefits from secure, remote backup and restore.
Organization Account Names
Organizations are logical groupings of SSProtect Users bound together by common focus, data use, security requirements, and/ or Administration. This most often maps to a team or department within a company, always managed by a single Administrator and one or more Delegates (Privileged Users). Non-Privileged Users do not see Administrative elements in their User Interface, but can be elevated to (or relegated from) a Delegate role at any time.
An Organization can include Users from multiple companies, regions, and countries, though each User or Account can only be a member of one Organization, which once established, cannot be changed.
For more information, refer to the Concepts Section of articles, or more specifically, Accounts, Identities, and Roles.
Migration = Creating an Organization
When you Migrate your Individual Account to an Organization Account, you create a new Organization and become its' one and only Administrator. You can subsequently deploy other Accounts (Users) and manage component configuration while maintaining Third Party Trusts and other Organization-wide configuration details.
NOTE: You cannot Migrate to an existing Organization though you can Sign-Up, "into" an Organization. For details, refer to the article, Creating an Account.
Considerations when Migrating to an Organization Account
Before choosing to migrate to an Organization Account, consider the following:
- This is a one-time procedure that cannot be reversed
- You cannot change your Organization name after conversion
- You will want to manage Third Party Trust expectations - see below for more
- You will be appointed the single Administrator, and can appoint other Delegates
The primary advantage of Organization Accounts over Individual Accounts lies in central Administration (and Delegate authority) for sets of Users, and also the scope of zero-configuration Collaboration. Else, Individual Accounts are functionally the same as their Organization counterparts.
Organization Names
SSProtect Organization names typically include the name of the company combined with the name of a team or department, for example company-accounting, company-xyzproduct, or company-teamx. It isn't uncommon for a company to have several deployments that use Third Party Trusts to share data. This imposes the Principle of Least Privilege on users while helping combat the Insider Threat.
Note that you cannot arbitrarily choose an Organization name, which is to say you must utilize a name associated with your entity. Naming is restricted during Account Creation and when using this Migration subject to ISP approval. If there is a problem or conflict with the name you've requested, Support will contact you to resolve concerns before arriving at a final, acceptable name for you to use.
IMPORTANT: Refer to the article, Creating an Account, to review information critical to the selection of your Organization Name.
Third Party Trusts
There is a very brief period of time, spanning 1-2 minutes - where Third Party Trust access will be denied. Shared content, already in-use before this brief interruption, will convert back to protected form using the created Organization. This will be reflected in :Assess Report details.
Unless you have an exceptionally high frequency of Third Party Trust access to shared materials, it's unlikely anyone will encounter this interruption. That said, retry after a brief pause.
SSProtect/ KODiAC do not send notification before/ after this slight interruption, and as a result it is up to the Administrator and/ or his/ her Delegates to decide if, how, and when to notify Third Party Trust contacts.
Submitting the Conversion/ Migration Request
If you plan to use other components, such as :Recover, it's easier to request those changes first, then convert to an Organization Account. See Adding Features/ Components for details.
When ready, visit the License and Component UI using the notification icon's context menu:
Choose Convert and you will be prompted for the Name of your Organization. Remember, you CANNOT change this name, and it must be approved by Support. If there is a conflict or other issue with the chosen name, you will be contacted to resolve the issue prior to Migration.
NOTE: You cannot request Conversion/ Migration over the phone or through email, even if your presence and Account ownership are authenticated. This helps protect against social engineering and exploitation of dynamic shifts in Account/ Organization responsibilities that Support cannot properly verify.
Migration Request Processing
After you choose and submit your new Organization Name, Support will be notified to service your request. You can expect a response consistent with your Support Policy, though can contact Support directly to request prioritized service.
During this period of time, you can continue to use your Account normally. When Support completes Migration, you will receive email notification indicating success or failure. On success, and as directed in notification email, Refresh Login to begin operation in your new Organization Administrator context. You will at that time receive popup notification that you are now managing your newly formed Organization.
Exporting Organization Keys
After successful Migration, and after popup notification that your Organization has been created, you will be taken to the Startup sequence and presented with Key Export options. Because you are now managing a new Organization, and because you are the one Administrator, you are responsible for Keys that manage Organization use.
IMPORTANT: Make sure you Export Keys and store them for future use. This is critical and should not be ignored. For more information, refer to the article 1st Time Use, which provides context around this procedure along with additional links to related considerations.
Getting Additional Help
For more information on the use of Accounts, Organizations, and Components, refer to articles in the Concepts Section of the Administration Category. You can also send additional questions or suggestions to support@definisec.com, or post them here for others to answer see and answer.
This article was updated w/ v9.4.2 of the :Foundation Client