This article explains (and enumerates) Email Notification used for Administrative Change Notification.
Email communicates important Account status, configuration, and component event changes to affected Accounts and related Organization Administrators/ Delegates.
Some notifications are specific to Individual Accounts and/ or Organizations, while others are specific to core and optional system components. Each falls into one of the following categories:
- Account and Organization Creation
- Password and Password Policy Changes
- Feature Changes
- Feature Events for Component Processing
- State Changes for LOCKDOWN and Honeypots
Email notification is always from email@example.com with a Display Name SSProtect Administrator. Newer, updated notifications include the [SSProtect] moniker in the Subject to facilitate Inbox message and alert management. This will be applied to all in upcoming releases.
Details for each notification, including intended recipients, are included below.
Account and Organization Management
[SSProtect] Create Account
Sent in response to Account Creation as described in the article, Creating an Account. This notification is delivered to the email address associated with the new Account, and includes the Code used to complete the Provisioning process. This applies to the creation of both Individual and Organization Accounts.
[SSProtect] Change Organization
Sent in response to migration from an Individual Account to an Organization. This instructs the recipient - the new Organization Administrator, to perform Refresh Login... to establish a new Login Session and context that leads to another 1st Time Use request to export keys (which should be done since this will then include Organization Keys that didn't exist before).
[SSProtect] Register Account
Sent in response to the creation of a new Organization Account, and delivered to the new User's associated email address, providing directions for Registering a new Account with temporary credentials as described in the article, Using the Registration Email.
[SSProtect] Validate User Request
Sent to all Privileged Organization Accounts after a new User completes the Registration Procedure for a new Account (in response to the previous notification), providing the email address for the User that needs to be Validated from the Administer Users display.
[SSProtect] Validate User Confirmation
Sent to a new Organization Account holder, with all Privileged Organization Accounts on the CC:, notifying the new User that he/ she has been Validated and may now Login to SSProtect.
Account and Organization Notifications
[SSProtect] Notify - Registration NOT Validated
Sent after a Privileged Organization Administrator/ Delegate denies Validation of Account Registration, instead choosing to Dismiss (perhaps due to leak/ loss of the temporary password). Subsequent activity, carried out by Support, can be executed such that the Organization can then retry Registration using the same email address. Refer to, Notify - Registration Permitted, below, and the article, Managing Organization Users, for more information.
[SSProtect] Notify - Registration Permitted
Sent after Support Destroys an Account that was Registered by a Privileged Organization User though Dismissed rather than Validated (perhaps due to leak/ loss of the temporary password). After Support takes this action, the Organization can retry the request using the same target email address. For more information, refer to the article, Managing Organization Users and also the article, Using the Registration Email, . Also see, Notify - Registration NOT Validated, above, for relevant insight.
[SSProtect] Notify - Sign-Up Dismissal
Sent in response to a Privileged User choosing to Dismiss an Organization Join request through Sign-Up. This notification is delivered to both Support and Privileged Accounts in the Organization. Note that the requesting User does NOT receive any notification for this event, and he/ she cannot use the associated SSProtect Account until after Support chooses to Destroy it (in response to this notification and subsequent investigation). See the notification, below, Notify - Sign-Up Request Denied, and refer to the article, Managing Sign-Ups, for details.
[SSProtect] Notify - Sign-Up Request Denied
Sent after Support Destroys an Account that attempted an Organization Join through Sign-Up, which was subsequently Dismissed by a Privileged Organization Account. This is the only notification the requesting User will receive, and the requesting User will not be able to provision and/ or use an SSProtect Account with the same email address until after these activities have been performed (and the notification delivered). For details, refer to the article, Managing Sign-Ups, and also the above, Notify - Sign-Up Dismissal.
[SSProtect] Notify - Organization Admin Transfer
Sent to confirm that an Organization Administrator has been changed by the system, in response to the procedure required to execute the request as described in the article, License and Components Interface.
[SSProtect] Notify - MSP Trust/ Double Conversion Collision
Sent after an administrative change to an Organization (or Individual Account) that enables Double Conversion, as described in the article, Operating Modes. When using Double Conversion and at the same time authorizing Third Party Trust sharing with Accounts controlled by MSP resources or employees, the Zero-Trust distinction offered by SSProtect/ KODiAC is theoretically violated. For details, contact Support as noted at the bottom of this article.
[SSProtect] Notify - AWS License Applied
Sent to an Organization Administrator and all Delegate Accounts, this email confirms the application of AWS Licensing (and Billing) for associated SSProtect Services and Components. These are enumerated in the notification for review and/ or confirmation. In limited cases, the message will include additional services that can be chosen as a result of the License and configured Organization services. Refer to the article, Provisioning with AWS Marketplace, for details.
[SSProtect] Change Password Policy
Sent in response to a Password Policy Change, to the affected Individual Account or all Privileged Organization Users, indicating that Password Policy has changed, with details. For more information, see the article, Password Policies. Additional Administrative guidance is included in the articles, Managing Your Account, and also Managing Organization Users.
[SSProtect] Account Password Reset Notification
Sent to the affected Account whose Password has been Reset by a Privileged Organization User, and includes the temporary Password required to Login and execute a Password Change (which must adhere to Password Policy). Successful execution results in the Validate Password Change request/ notification, below.
[SSProtect] Password Reset Notification
This notification is functionally equivalent to Password Reset Notification in the previous paragraph, though is the result of execution by DefiniSec Support rather than a Privileged Organization User. The email title and message format differs only slightly, but will be retained to help recipients identify the different source actors.
[SSProtect] Validate Password Change
Sent in response to use of a Temporary Password (resulting from a Password Reset), and delivered to all Privileged Organization Users (when applicable), indicating that an Organization Account must be Validated before it can be used. Note that Validation re-uses the Validate User Confirmation notification described above.
Feature Changes and Events
[SSProtect] Notify - Org Change Request
Sent in response to a request to add/ remove feature components, and includes specifics related to the change being requested. This message goes to DefiniSec Support (who has to grant the request on behalf of an Organization or Individual Account) and also to Privileged Organization Users when applicable. For more information, see the article, Adding Features/ Components.
[SSProtect] Notify - Org Signup Policy Change
Sent in response to a Signup Policy modification that either permits or denies Account Signup requests to join the Organization, or modifies the number of requests that can be submitted and/ or processed over time. For more information, refer to the article, Managing Sign-Ups.
[SSProtect] Notify - Quota Limit Imposed
Sent when a managed file is re-protected (usually on close) and the resulting re-protection would push the owner's Quota past the defined limit. When this happens, the file is re-protected using Optimized Offloading as reflected in the notification email delivered to the User and target Organization's Privileged Users. For more information, refer to the article, Archives, Quotas, and Retention Policy and also to the article, Operating Modes.
[SSProtect] Third Party Trust Notification
Send in response to being added or removed as a Third Party Trust - and delivered to the affected User. This message includes the sharing Organization and its' associated Privileged (or Individual) Account. To take advantage of the change, the affected User must Refresh Login in order for the associated key exchange to take place, required before shared materials access will succeed.
[SSProtect] :xRecovery Request Result
This message is sent after an :xRecovery Archive is created and ready to be downloaded. Subsequent action requires the requesting Privileged (or Individual) Account holder to visit the :xRecovery Panel to acquire resources to access and download the Archive. For more information, refer to the article, :xRecovery Procedure.
[SSProtect] :Respond Summary Notification
This is sent when executing a :Respond Analysis, after Summarize has been selected, and when the Waiting... state transitions to Notify. :Respond is further described in, Using :Respond.
[SSProtect] :Respond Request Notification
This notification is sent to targeted Users requesting Refresh Login... so an Analysis can be performed as part of an Organization :Respond proceeding. This is delivered as a result of a Privileged User choosing individuals from an Account list, then proactively choosing to send email notification. More details can be found in, Using :Respond.
[SSProtect] :Respond 3rd Party Report Available
[SSProtect] :Respond 3rd Party Report Approval
[SSProtect] :Respond 3rd Party Report Reviewed
[SSProtect] :Respond 3rd Party Report Removal
:Respond generates 3rd Party Reports showing Disclosure Risk for items accessed by the Users of the Organization for which a Report is generated. These Reports are not disclosed to the 3rd Party until they are Reviewed and Approved by an Organization Privileged User. 3rd Party Review also generates notification back to the Privileged Users of the generating Organization - as does any Removal action carried out by the same. For more information, refer to the article, Using :Respond.
LOCKDOWN State Changes
[SSProtect] LOCKDOWN Activated
Sent in response to a LOCKDOWN action, broadcast to all Organization Users. This indicates to them that SSProtect-managed content cannot be accessed, temporarily. See the article, LOCKDOWN for more information.
[SSProtect] LOCKDOWN Lifted
Sent in response to an UNLOCK action, broadcast to all Organization Users. This indicates to them that SSProtect-managed content is now (again) available for Users to work with. See the article, LOCKDOWN for more information.
Honeypot State Changes
**** SSProtect Offline Honeypot Access ****
Sent in response to a Honeypot file being accessed while the target host's SSProtect instance was offline, not managing an active Login Session. The message is delivered only to the User that defined the Honeypot. This message includes the target file, additional information about the event, the Calling Process (if any), and whether or not the target file has changed since instantiated as a Honeypot. For more information, see the article, 2nd Generation Honeypots.
**** SSProtect Honeypot Access ****
Sent in response to a Honeypot file being accessed while the target host's SSProtect instance was managing an active Login Session. The message is delivered only to the User that defined the Honeypot. This message includes the target file, additional information about the event, the Calling Process (if any), and whether or not the target file has changed since instantiated as a Honeypot. For more information, see the article, 2nd Generation Honeypots.
**** SSProtect Honeypot Removal Notification ****
Sent when a Honeypot-configured file is taken out of service, and delivered only to the User who originally defined the Honeypot file. This includes the name of the User removing the Honeypot (which should be the recipient), whether or not removal succeeded or failed, and whether or not the file has changed since originally instantiated as a Honeypot. For more information, see the article, 2nd Generation Honeypots.
**** SSProtect Honeypot Collision Notification ****
Sent when a Honeypot-configured file is the target of a Protect request, i.e. an attempt to Protect/ Encrypt a file that has been configured as a Honeypot - and sent to the Honeypot File's Owner. This allows the owner to notify the User attempting to protect a managed file, since failure does not immediately indicate to the User that the target is a Honeypot (to avoid Information Disclosure). For more information, see the article, 2nd Generation Honeypots.
A number of notifications are routed to DefiniSec Support to make sure needs are being properly serviced. This currently includes feature requests, failure to download an Update, :xRecovery Archive requests (which require Support participation), and other similar/ related items.
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to firstname.lastname@example.org, and our staff will respond to your needs as soon as possible.
This article was updated w/ v10.5.2 of the :Foundation Client