Skip to main content

Onboard New Users

Onboarding New Users Overview

This onboarding guide is intended for tiCrypt Admins.

If you are a standard user and would like to set up an account please read the create a new tiCrypt account section.


All admins who would like to register a new admin account in tiCrypt will follow similar guidelines as shown in the onboard new admins.

If you are an escrow user or a site key user and would like to make a tiCrypt account, navigate to escrow section.

Admins are promoted users with the admin role. Anyone in the system can be promoted to an admin role and will enroll in the same way a standard user does. However, new users require the activation of an existing user and in most cases existing admins.


The first account to be activated in a new tiCrypt infrastructure is regularly the super-admin of the system.

1. Set up the User Environment

Before activating a new user account, admins should have the following in place:


To activate a user account you must have their verbal or written confirmation that they already set up an account themselves and are waiting for your account activation approval.

2. Add the New, Not Activated User to a Team

To perform an activation of any user, you must first add the user to an existing team in the system. Outside of a team, the user cannot operate or login into tiCrypt.


The only time you will remove a user from a team is when they change teams or you would like to delete the user from the system.

To add a New, Not Activated user to a team, click the Add to team button in the top right.

Incorrect User Activation without adding to a Team

Sub-admins are not able to add new users to their team because they only manage and view people who are already part of their team. This action must be performed by an admin.


A team is used for managing quotas in terms of space and data.

3.Activate the New User(s)

Approvals can only be performed by a user with a higher hierarchic role. Example: an admin or sub-admin can perform a user activation.

  • It is up to you to decide which role the new user is granted i.e user, sub-admin, admin, etc.
  • Once you approve the new user, you must let them know that they are approved.

To activate a New, Not Activated user navigate to tab in the Users section.

  • Select the user you would like to activate (by thicking their box).
  • Click the Change Role button in the top right.
  • In the prompt, select the Active and escrow on next login option.
  • Click .
Change User State to Escrow

Failing to select Active and escrow on next login option for a user will prevent their private key from ever being recovered in case they lose it in the future.

  • We recommend using the Active and escrow on next login option for all newly activated users.
  • By selecting multiple users, you can activate them using bulk actions.

After the Active and escrow on next login has been selected once the User State returns to Active automatically.


To learn more about changing the state of a user, read the complete Change user state section.

You have successfully activated the user!

*Make sure you let them know.

3. Change the User(s) Role

To change the user(s) role, click the Apply profile button in the top right.

Change User Role

4. Add the User to an existing Project (Optional)

To add the user(s) to an existing project, click the Add to project(s) button in the top right.


By now you must have an existing project ready.

Add multiple users to a project.
Add member(s) to Projects via Projects
Create a sub-project from the Vault
  • Projects are used to restrict who can and who cannot access specific resources.
  • Projects tagged with multiple security levels require users to have all security certificates for each level to be part of the project. If you do not know what security levels are in each project, go to the projects section to view what level tags them.
  • Users cannot access files or virtual machines if the resources are tagged by a project and the user is not part of that project.

5. Share your Drive with the User (Optional)

To share your drive with the user(s), navigate to the tab in the Drives section.


By now you should have a Virtual Machine configuration and a Drive attached to it.

Share a Drive

You must share the drive in Read-only mode otherwise it will not be accessible to other users.

  • You may let the user(s) create their own VMs and drives.
  • You may let a sub-admin/ project leader create a team drive and share it with the user(s).

At this point, the user is fully onboarded in the system and only needs maintenance if new security requirements are added or if their security certifications have expired.