Users

How to Search & Filter Users in Management?

1. Go to the Management icon in the top left taskbar.
2. Navigate to the Users section.
3. Click the Users in the top left panel.
4. In the top panel, search for users by login ID, first and last name, profile, role, status, deactivation cause, teams, deactivation reason, contact email, ID, or escrow ability.

note

New, Not Activated users are displayed with a green background, while Deactivated users are displayed with a red background.
When deactivating a user, you must provide a reason for this action.

Can I Use Shortcuts in User Management Section?

Yes.

You can right-click on a user to view their menu options, hold down the Shift key to select multiple users simultaneously, or use Tab to switch between elements.

What is the Difference between Login ID and Contact Email in Users Table?

• Contact email is simply an informational field.
• Login ID is a system ID that allows a user to log in.

note

Whenever you bulk email users, you can use the "preferred email" option, which creates a list of all values from the Contact Email column. If unchecked, it uses the User IDs.

What is the Difference between Login ID and ID in Users Table?

• Login ID is the ID of each user that allows them to login into the system.
• ID is a uniquely computed string of characters and numbers that corresponds to each object in the system. Every user, sub-admin managed object, team, project, VM, and drive has a unique ID. This form of identification allows you to save time when searching for an object in the backend during the debug process.

What is the Difference between Deactivation Reason and Deactivation Cause in Users Table?

• Deactivation Reason: a notice written by an admin for a user whose account has been deactivated.
• Deactivation Cause: a notification computed by the backend for security purposes. For example, if the system thinks that you attempted a cyber-attack, you will be automatically deactivated with an explanation of what mechanism you triggered.

What is the Difference between Admin, FailedPassword, Timeout, XSS and Registration in Users Deactivation Cause?

• admin: an admin deactivated your account manually.
• xss: you attempted an attack and the system disabled your account.
• failed-pass: you failed to enter the correct private-key password repeatedly.
• timeout: you were idle for too long.
• registration: you registered a new account and you are waiting for an admin to activate it for you.

info

The only account in the system that is active upon registration is the first account which also becomes the Super-admin.

tip

As best practice, you should have two different individuals. One serving as Site-key admin and another one as Super-admin due to Separation of Powers principle.

What is the Difference in between Deactivated; Escrow upon login; Active; New, not activated; New, escrow upon login; New, activated in Users Status?

• Active: the user acccount is active and working normally.
• Deactivated:the user account is deactivated for a reason provided by an admin or by the system provided in deactivation cause column.
• New, not activated: the user account is new and is pending activation by an admin.
• New, activated: the user account is new and has been activated by an admin, waiting for the user to log in for the first time.
• New, escrow upon login: an admin set the user account to "Escrow upon login" waiting for the user to start the escrowing process.
• Escrow upon login: the user account is pending next escrow steps from the user's side.

Both admins and users must contribute to the escrow process to be able to recover a lost private key. Admins can only escrow the key when users allow the escrow of the key. Admins cannot escrow a key from the backend; they can only set "Escrow on next login" option, so the next time the user logs in, they are forced to escrow.

note

The escrow process is shared in a safe way through a mechanism that the backend can never access or use.

info

To learn more about escrow, go to Key Escrow.

What is the Difference in between User, Sub-admin, Admin and Super-admin in User Role?

Visit the article Role Dynamics.

What is the Difference between Can vs. Cannot Escrow in Users Can Escrow?

When you mark a user account to Cannot Escrow, the system will never allow you to set the user account to Escrow on next login.

This feature serves certain government grant policies that under no circustances allow escrows to be recovered. It is a compliance safety pin for mistakenly set escrow on next login.

It is an enforced policy, since users may not remember it. For example, DoD projects do not allow you to recover data by law—hence you cannot escrow keys in this scenario.

What is the Purpose of Bulk Emailing Users?

Bulk emailing is an alternative method to collect emails and communicate with users via an email client.

What is the Purpose of Making Announcements to Users?

Announcements are not end-to-end encrypted; since their purpose is public messaging to all tiCrypt users.

What is the Purpose of Refreshing Users Information?

Refreshing user info updates all user information to ensure consistency and accuracy in the audit log (dry update log).

What is the Purpose of Certifying Users?

Certifying users provides the certifications necessary to meet project requirements.
These certifications are required for a user to participate in a classified project.

How to Create a Sub-Admin Account?

Sub-Admins are tiCrypt users who are promoted to the sub-admin role.

Follow the instructions in Change Role (Promote or Demote) of a User in Management.

note

• Promoting a user's role updates their permissions within the system.
• Updated permissions are reflected in the User Profiles section.
• You must have the same role or a higher role than the user you want to promote or demote.

Who are the Deleted Users?

A deleted user is a user who can no longer log in to the system and no longer appears in groups, projects, or teams, but their files and work within the system remain.

• Deleting a user moves them to the Deleted Users section.
• An admin or super-admin role is required to permanently delete a user from the Deleted Users section.
• Users who are permanently deleted cannot be reactivated.

What are the Exceptions that Do Not Allow User Deletion?

• If the user is a current member of a team, they must be removed from their teams first.
• If the user is part of an active drive, they must be removed from their drives first.
• If the user is a current member of a project or subproject, they must be removed from their project or subproject first.

What is the Permanent User Deletion Mechanism?

Every deployment file per institution has a predefined set of instructions that govern file and user cleanup.
The system component responsible for cleanup is called a garbage collector.

After a predefined period, the garbage collector permanently removes any unused data.
Users can be restored as long as the garbage collector has not yet removed them.

How do I Restore Deleted Users Back into their Teams, Drives, or Projects?

Follow the instructions to Restore Deleted Users.

note

Actions related to restoring users are documented in the audit logs.

After restoring a user, add them back to their teams, drives and projects to resume normal functionality.

Follow the instructions in Add Users to Teams, Share a Drive with Other Users, and Add User(s) to a Project from Management.

What is the Purpose of the Last Escrow Column?

Last escrow indicates the latest date the user key was escrowed. This helps system admins to determine if a user frequently attempts to escrow their key without looking into the backend.