This article shows you how to create an SSProtect Account and start using the software.
Prerequisites
This article assumes you have installed the SSProtect :Foundation Client as described in, Installing the :Foundation Client. If you have a Registration Email with temporary credentials, follow the procedure in the article, Using the Registration Email.
Finally, if you are Licensing SSProtect using AWS Marketplace, refer to the article, Provisioning with AWS Marketplace.
What you need to know:
- When you use SSProtect, you first Login using an Account
- Accounts are uniquely associated with email you control
- There are two types of Accounts: Organization and Individual
Individual Accounts are completely self-managed, do not share configuration with other Accounts, and do not carry implicit Trust relationships with others (instead relying on Third Party Trusts you maintain).
Organizations and Privileged Accounts
If you plan to manage SSProtect for a group of users that will share configuration traits and/ or Trust relationships, you will need to create (or join) an Organization.
Organizations are collections of Accounts managed by Privileged Users (Accounts). These include zero or more Delegates and one single Administrator, the Account used to create the Organization.
For more information, refer to articles in the Quick Start and Concepts Help Sections.
Running SSProtect
SSProtect starts and runs in the background when you Login to Windows. When SSProtect encounters events associated with managed content, it takes action within the context of a Login Session. If one is not present, you are prompted to Login using the Account's Username (associated email address) and Password (that you set and manage; see below).
Creating and Provisioning Accounts
Unless you've received a Registration Email, you will need to create an Account to use the system. Accounts are created, 1) from within the :Foundation Client, described below, 2) by Organization Administrators/ Delegates, and 3) by DefiniSec Support. The latter two methods generate the noted Registration Email, and are always associated with Organizations.
Login Display
Click the SSProtect icon in the system Notification Tray to display its' context menu, then choose Refresh Login... to display the Login Prompt:
NOTE: You can double-click the Desktop shortcut to display the Login dialog if an active Login Session is not present. Else, you will see the notification tray advertisement.
This display shows all local Profiles, which allows you to customize the name of an Account instead of relying on its' associated email address. This is helpful when working with multiple Server Sets. For more information, refer to the article, Trusts, Profiles, and Server Sets.
If you haven't previously configured one or more Accounts, you will see, Choose an Action From Below.... Click the Profile dropdown then choose Create New... from the list to display the Create Account dialog:
Enter the email address for an account you control and wish to associate with SSProtect. Check the :Recover option if you wish to utilize seamless backup and restore functionality, and/ or :Email if you wish to use :Email for Outlook message and attachment protection. Org is an advanced topic described at the end of this article, and AWS is described in the aforementioned article, Provisioning with AWS Marketplace.
Click Create... to start the Provisioning process. This will begin the process of provisioning an Account using a Trial License. For details, refer to the article, SSProtect Licensing.
Adding :Recover for Backup/ Restore
Starting with v6.6.4, you have the option to provision your Trial License with :Recover. This optional component provides seamless secure cloud data backup and restore for managed content. For general information, refer to the article, Using :Recover. To manage :Recover with your Individual Account, refer to the article, Managing Your Account.
:Recover Quota
When provisioning your Account to use :Recover, you will be assigned 1GB of Quota space for storage. If you are creating an Organization, you and the other 4 Seats will each have 1GB for a total of 5GB, which can be redistributed at any time.
:Recover no longer enables Retention Policy by default. This is a feature designed to remove old versions of content to make room for new incoming data. Using Retention Policy, you can specify the number of versions you wish to keep, discarding others to most effectively utilize storage space. Because storage is relatively inexpensive, this option is less necessary than before when it was enabled by default. If however you wish to take advantage of this capability, contact our Support team and we can work with you to make the adjustment.
For more information, refer to the related Organization sections at the end of this article, and also to the article, Archives, Quotas, and Retention Policy for more information.
NOTE: If you are using the Email-only installation package, :Recover will not be available. Refer to the section :Shell Considerations, below, for more.
Registering and Using your Email Code
After you click Create..., you will receive a code in your email account's Inbox. Copy and paste this into the Code edit box, which will be enabled. Choose Verify to complete the process:
NOTE: You must enter your Code within 5 minutes of submitting your request, and from the same host computer else Code Verification will fail.
The software will now provision your configuration data, which can take a couple seconds, then it will prompt you to create and verify a new Password (which you can change later):
Choose a new (unique) value and enter it twice, then choose Change. This will complete Provisioning and return you to the Login display where you can Login and establish your first SSProtect Session.
:Shell Considerations
There are currently two install packages - the Primary Package, available for public download, that includes a filesystem driver for In-Place Encryption, and an Alternate Package that does not include the filesystem driver. The Alternative Package is limited to qualified Users with specific needs.
Both Packages install the :Shell component for you, though the Alternative Package disables its' functionality, with some impact to related Components. Contact Support if related to your needs, and review details in the article, Adding Feature Components.
1st Time Operation
The first time you Login after provisioning, you will be presented with additional startup instructions to guide your configuration. These are described in, 1st Time Use.
Organizations
If you intend to create and Administer an Organization, or if you are are joining an existing Organization (which requires Validation by one of its' Privileged Account holders), check the Org checkbox before you choose Create (you cannot change selected options after choosing Create). This will display an edit control in which you specify the name of an existing or new SSProtect Organization.
Joining an Existing Organization
You can provision your Account to join an existing Organization if you know its' name and if it is configured to receive outside Sign-Up requests as explained in the article, Managing Sign-Ups.
By default, Sign-Ups are disabled when an Organization is created, denying external requests to join during Sign-Up. When enabled, each request to join an existing Organization (using this procedure) requires Validation by a Privileged Account in the target Organization before it is operational. It can also be Dismissed.
Join activity is sent by Email Notification to Privileged Organization Users (when Sign-Ups are enabled). Validation (and Dismissal) are managed in the Administer Users interface. For more information, refer to the article, Managing Organization Users.
Seat License Impact from Sign-Up to an Organization
Note that an Organization Seat License is not assigned to the Account until after it is Validated. This differs from Provisioned Accounts that pre-reserve a License Seat since they are destined to be Validated.
Denied Sign-Up to an Organization
If your request to join an existing Organization is denied, you will receive email notification to that effect, and your Account will be Deleted. You will have to re-provision a new one in order to continue, which will require the assistance of Support (since Accounts are never wholly removed).
If you already have an existing Individual Account and wish to create an Organization, refer to details in the article, Migrating to an Organization Account.
Using Email Aliases for Organization Accounts
When you intend to join multiple Organizations over time, make sure you're using different email accounts that have 1-1 correlations with the SSProtect Organization Accounts you intend to create. When you do not have corporate email addresses specific to the target Organization, consider using Aliases purposed for each. This will allow you to work with multiple Organizations at a time (using Profiles to simplify matters) while maintaining proper Access Control permissions, data separation, and also safeguards against cross-exposure.
Organization Names
An Organization Name must adhere to the following:
- It must be 127 characters or less in length
- It can include both Uppercase and Lowercase letters
- It can only include the following subset of Symbols:
()\-_@.
Organization Names are case-sensitive, though you cannot create two Organizations that are the same from the standpoint of a case-insensitive comparison. For example, if you create an Organization named, "SampleOrg" and later try to join it with, "sampleorg", the operation will fail. In similar fashion, if you try to create a 2nd Organization, "sampleorg", the operation will also fail due to a name collision with "SampleOrg".
Choosing your Organization Name
You can submit any Organization name you wish so long as it reflects a logical aspect of your official business entity. Validation and approval times vary. While waiting, as an Individual Account holder, you will not be able to provision new Accounts and onboard new Users.
If you use the associative naming convention, below, your Organization will be approved automatically, foregoing the burden of working as an interim Individual Account:
- Use a prefix that matches your Account's domain/ hostname, without the TLD (.com, .net, .io)
- Use a dash or underscore to separate the prefix from a variable suffix representing a team name or function
- Coordinate with other teams in your business to choose a consistent naming scheme
When entering an Organization Name, you will receive a warning if the chosen name doesn't follow this naming convention. If you are creating an Account for the first time, and you are NOT using an AWS Marketplace License, you can override the naming convention to request a different type of name. As noted, you will only be able to proceed as an Individual Account until Support reviews and confirms your request.
Note that Account Creation using an AWS Marketplace License requires that you create an Organization and also adhere to the noted naming convention. The UI will enforce these rules (when you check AWS).
It's important to consider a broad naming scheme in concert with others in you business. This allow teams to provision and use independent SSProtect Organizations to achieve a greater degree of separation. This protects against internal threats by limiting the authorized scope of sensitive data while maintaining a high degree of collaborative control. Refer to Organization Peer Sharing and Third Party Trusts described the :Collaborate series of articles.
Organization Consideration: Seats
When you create and manage a new Organization, you are the sole Administrator (though you can provision Delegates with elevated permissions). By default, new Organizations created with Sign-Up have 5 Seats, which allows you to deploy 4 more Accounts/ Users with whom you will be working.
Organization Consideration: Shared Data
Organization peers have direct and automatic secured access to your managed content, though you must deliver it to them using any one of the traditional data sharing mechanisms available for sharing conventional application data (email, network file shares, sync and sharing applications, etc). As such, do not provision Users in your Organization unless they are members of your team or company, and should have access to data you intend to manage with SSProtect.
Organization Consideration: Quota
Organization Quota is evenly distributed across Organization Seats, by default. As such, your Account will at first have 1GB of :Recover storage space. You can change this with the Administer Users UI available to Administrators and Delegates, and you can always request more to distribute to your Users. For more information, refer to the article, Managing Organization Users.
Email Notifications and Junk Mail Filters
You will receive email notifications related to Provisioning. Allow email from ssp-admin@definisec.com, or check your Junk Mail/ Spam storage if you do not receive your Code and/ or confirmation that your Account/ Organization has been created.
Additional Resources
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v10.0.1 of the :Foundation Client