Escrow Certificates

View Escrow Certificates

1. Go to the Management icon in the top left taskbar.
2. Navigate to the Escrow section.
3. Click the Escrow Certificates in the left panel.
4. Select the escrow certificate to view.
5. Click the View button in the top right panel.
6. In the pop-up, view the escrow certificate's ID, email, name, display name, department, positions, and permissions.
7. Once done, click Close.

Execute a Signed Escrow Certificate

1. Go to the Management icon in the top left taskbar.
2. Navigate to the Escrow section.
3. Click the Escrow Certificates in the left panel.
4. Click the Execute signed certificates button in the top right panel.
5. In the pop-up, click Browse Files.
6. Select the escrow certificate file from your local machine and click Open.
7. To execute, click Apply.

Refresh Escrow Certificates

1. Go to the Management icon in the top left taskbar.
2. Navigate to the Escrow section.
3. Click the Escrow Certificates in the left panel.
4. Click the Refresh button in the top right panel.

Create an Escrow Deletion Request

1. Go to the Management icon in the top left taskbar.
2. Navigate to the Escrow section.
3. Click the Escrow Users in the left panel.
4. Select the escrow user for whom you want to create a deletion request.
5. Click the Create deletion request button in the top right panel.
6. Select the destination folder for the deletion request on your local machine.
7. Click Save.

note

The deletion request includes the Request Type, User ID, Name, and Email.

Set Up an Escrow Key for a User

To Super-Admin

1. Go to the Management icon in the top left taskbar.
2. Navigate to the Users section.
3. Click the Users in the top left panel.
4. Select the user for whom you want to set up an escrow key.
5. Click the Open Full Menu button in the top right panel.
6. Select Change State.
7. In the pop-up, select Active and escrow on next login.
8. Click Require Escrow.

To Site-key Admin

9. Open Connect Application.
10. Select your deployment card.
11. In the login window, select Site-key category.
12. Click Load key in the login page.
13. Open your site-key file from your local machine.
14. Enter your account password.
15. Click Login.
16. In the site-key dashboard, select the Require Escrow certificate in the top left corner.
17. Tick Sign to sign the group certificate.
18. Enter your password in the top right panel.
19. Click Sign all.
20. Select the signed require escrow certificate in the top right panel.
21. In the pop-up, click Export to download it locally.
22. Send the signed require escrow certificate file to a Super-Admin.

To Super-Admin

23. Download the signed require escrow certificate from the Site-key Admin locally.
24. Go to the Management icon in the top left taskbar.
25. Navigate to the Escrow section.
26. Click the Escrow Certificates in the left panel.
27. Click the Execute signed certificates button in the top right panel.
28. In the pop-up, click Browse Files.
29. Select the signed require escrow certificate file from your local machine and click Open.
30. To execute, click Apply.

To User who needs their key escrowed to login

31. Receive a temporary password from the Super-Admin.
32. Open Connect Application.
33. Select your deployment card.
34. In the login window, select tiCrypt category.
35. Click Load key in the login page.
36. Open the private key file that you saved locally.
37. Enter the temporary password from your Super-Admin.
38. Click Login.
39. In the new window, enter your new password.
40. Click Login.
41. You are now logged in.

info

When creating a new user account, admins direct users to select an escrow group, enabling the site-key admin to sign the required escrow certificates for private key recovery if users lose their password.

tip

A proactive user with Super-Admin role would bulk set all new users to Active and escrow on next login during account activation, ensuring the backend generates escrow keys for all users in case they forget their passwords and require escrow later.