Onboard New Users

Onboarding New Users Overview

This onboarding guide is intended for tiCrypt Admins.

If you are a standard user and would like to set up an account please read the create a new tiCrypt account section.

note

All admins who would like to register a new admin account in tiCrypt will follow similar guidelines as shown in the onboard new admins.

If you are an escrow user or a site key user and would like to make a tiCrypt account, navigate to escrow section.

Admins are promoted users with the admin role. Anyone in the system can be promoted to an admin role and will enroll in the same way a standard user does. However, new users require the activation of an existing user and in most cases existing admins.

note

The first account to be activated in a new tiCrypt infrastructure is regularly the super-admin of the system.

1. Set up the User Environment

Before activating a new user account, admins should have the following in place:

• Created Teams.

• Created Groups.

• Optionally, you may build a preset of:

  • User profiles.
  • Created Projects (if classified).
  • Security levels, requirements and certifications.
  • Virtual machines configurations and Drive structure.

caution

To activate a user account you must have their verbal or written confirmation that they already set up an account themselves and are waiting for your account activation approval.

2. Add the New, Not Activated User to a Team

To perform an activation of any user, you must first add the user to an existing team in the system. Outside of a team, the user cannot operate or login into tiCrypt.

info

The only time you will remove a user from a team is when they change teams or you would like to delete the user from the system.

To add a New, Not Activated user to a team, click the Add to team button in the top right.

• Follow the guidelines of the Add new users to a team section.

Incorrect User Activation without adding to a Team

caution

Sub-admins are not able to add new users to their team because they only manage and view people who are already part of their team. This action must be performed by an admin.

note

A team is used for managing quotas in terms of space and data.

3.Activate the New User(s)

Approvals can only be performed by a user with a higher hierarchic role. Example: an admin or sub-admin can perform a user activation.

• It is up to you to decide which role the new user is granted i.e user, sub-admin, admin, etc.
• Once you approve the new user, you must let them know that they are approved.

To activate a New, Not Activated user navigate to tab in the Users section.

• Select the user you would like to activate (by thicking their box).
• Click the Change Role button in the top right.
• In the prompt, select the Active and escrow on next login option.
• Click .

Change User State to Escrow

danger

Failing to select Active and escrow on next login option for a user will prevent their private key from ever being recovered in case they lose it in the future.

tip

• We recommend using the Active and escrow on next login option for all newly activated users.
• By selecting multiple users, you can activate them using bulk actions.

note

After the Active and escrow on next login has been selected once the User State returns to Active automatically.

info

To learn more about changing the state of a user, read the complete Change user state section.

You have successfully activated the user!

*Make sure you let them know.

3. Change the User(s) Role

To change the user(s) role, click the Apply profile button in the top right.

• Follow the guidelines of the User Roles section.

Change User Role

4. Add the User to an existing Project (Optional)

To add the user(s) to an existing project, click the Add to project(s) button in the top right.

caution

By now you must have an existing project ready.

• Follow the guidelines of the following sections based on your preferred workflows.
  • Add user to project via Users.
  • Add user to projects via Management.
  • Add user to projects via Vault.

Add multiple users to a project.

Add member(s) to Projects via Projects

Create a sub-project from the Vault

note

• Projects are used to restrict who can and who cannot access specific resources.
• Projects tagged with multiple security levels require users to have all security certificates for each level to be part of the project. If you do not know what security levels are in each project, go to the projects section to view what level tags them.
• Users cannot access files or virtual machines if the resources are tagged by a project and the user is not part of that project.

5. Share your Drive with the User (Optional)

To share your drive with the user(s), navigate to the tab in the Drives section.

caution

By now you should have a Virtual Machine configuration and a Drive attached to it.

• Follow the guidelines of the Share a Drive with the user section.

Share a Drive

danger

You must share the drive in Read-only mode otherwise it will not be accessible to other users.

tip

• You may let the user(s) create their own VMs and drives.
• You may let a sub-admin/ project leader create a team drive and share it with the user(s).

At this point, the user is fully onboarded in the system and only needs maintenance if new security requirements are added or if their security certifications have expired.