Onboard New Users
Onboarding New Users Overview
This onboarding guide is intended for tiCrypt Admins.
If you are a standard user and would like to set up an account please read the create a new tiCrypt account section.
All admins who would like to register a new admin account in tiCrypt will follow similar guidelines as shown in the onboard new admins.
If you are an escrow user or a site key user and would like to make a tiCrypt account, navigate to escrow section.
Admins are promoted users with the admin role. Anyone in the system can be promoted to an admin role and will enroll in the same way a standard user does. However, new users require the activation of an existing user and in most cases existing admins.
The first account to be activated in a new tiCrypt infrastructure is regularly the super-admin of the system.
1. Set up the User Environment
Before activating a new user account, admins should have the following in place:
Optionally, you may build a preset of:
- User profiles.
- Created Projects (if classified).
- Security levels, requirements and certifications.
- Virtual machines configurations and Drive structure.
To activate a user account you must have their verbal or written confirmation that they already set up an account themselves and are waiting for your account activation approval.
2. Add the New, Not Activated User to a Team
To perform an activation of any user, you must first add the user to an existing team in the system. Outside of a team, the user cannot operate or login into tiCrypt.
The only time you will remove a user from a team is when they change teams or you would like to delete the user from the system.
To add a
New, Not Activated user to a team, click the
Add to team button in the top right.
- Follow the guidelines of the Add new users to a team section.
Sub-admins are not able to add new users to their team because they only manage and view people who are already part of their team. This action must be performed by an admin.
A team is used for managing quotas in terms of space and data.
3.Activate the New User(s)
Approvals can only be performed by a user with a higher hierarchic role. Example: an admin or sub-admin can perform a user activation.
- It is up to you to decide which role the new user is granted i.e user, sub-admin, admin, etc.
- Once you approve the new user, you must let them know that they are approved.
To activate a
New, Not Activated user navigate to tab in the
- Select the user you would like to activate (by thicking their box).
- Click the
Change Rolebutton in the top right.
- In the prompt, select the
Active and escrow on next loginoption.
- Click .
Failing to select
Active and escrow on next login option for a user will prevent their private key from ever being recovered in case they lose it in the future.
- We recommend using the
Active and escrow on next loginoption for all newly activated users.
- By selecting multiple users, you can activate them using bulk actions.
Active and escrow on next login has been selected once the
User State returns to
To learn more about changing the state of a user, read the complete Change user state section.
You have successfully activated the user!
*Make sure you let them know.
3. Change the User(s) Role
To change the user(s) role, click the
Apply profile button in the top right.
- Follow the guidelines of the User Roles section.
4. Add the User to an existing Project (Optional)
To add the user(s) to an existing project, click the
Add to project(s) button in the top right.
By now you must have an existing project ready.
- Follow the guidelines of the following sections based on your preferred workflows.
- Projects are used to restrict who can and who cannot access specific resources.
- Projects tagged with multiple security levels require users to have all security certificates for each level to be part of the project.
If you do not know what security levels are in each project, go to the
projectssection to view what level tags them.
- Users cannot access files or virtual machines if the resources are tagged by a project and the user is not part of that project.
5. Share your Drive with the User (Optional)
To share your drive with the user(s), navigate to the tab in the
By now you should have a Virtual Machine configuration and a Drive attached to it.
- Follow the guidelines of the Share a Drive with the user section.
You must share the drive in
Read-only mode otherwise it will not be accessible to other users.
- You may let the user(s) create their own VMs and drives.
- You may let a sub-admin/ project leader create a team drive and share it with the user(s).
At this point, the user is fully onboarded in the system and only needs maintenance if new security requirements are added or if their security certifications have expired.