Search

4 - User Management (End-User Portal)

Doug Chanin
Doug Chanin
  • Updated

With Dropsuite, users who are added to be backed up can sign in and interact with their backup. You have the ability via the User Management page to allow certain users to have elevated access to interact with the organization and other user accounts or to grant permissions to external users who do not have an active backup within the organization. 

 

How to Manage User Access

  1. Log in to your business backup/archive account.  
  2. in the upper right corner, select User Management
  3. Go to the Grant Permission tab. In this tab, you will see all users that are currently included in the backup.
  4. From the Grant Permission tab, you can assign the role to each user from the dropdown and toggle on/off log in. For information on the individual roles, please see User Access Levels below or the attached document at the bottom of the page.
    Note: A given role can only assign a user a role that is BELOW its own. 
    • If selecting Group Supervisor, also select the department they are admins of in the box that will appear just below the role.  
  5. Choose Save Changes.

 

User Access Levels

We allow ten access levels for the Business Archiving + Backup product and five access levels for Business Backup.

  1. Full Admin
    • They have all accesses and capabilities. They can view, download, restore, migrate, and search emails from all email accounts. They can also set user permissions and compliance policies, view logs, set legal holds, and set up review processes.
  2. IT Admin
    • They can view info, and delete, and deactivate email for all accounts. They can also set up all user settings but can’t access the compliance tab. They can also restore emails from other accounts. 
  3. Restricted IT Admin

    • This role grants access to nearly all features available to an IT Admin, with specific restrictions to ensure data privacy. Users with this role can:

      • View the list of backed-up accounts.

      • Access account details, including status and the last backup date.

      • Deactivate or reactivate accounts.

      • Add new backups.

      • Configure all user settings.
        However, they cannot access any metadata, and their permissions exclude the ability to use the Advanced Search and Insight tabs.

  4. Group Supervisor
    • They have full access to users within the departments in which they are a supervisor. They can restore, migrate, download, search, and view all email accounts within their allotted department. They can set user permissions but can’t access all compliance policies.
  5. User
    • They can only view, download, restore, migrate, and search their emails and no one else’s email account. They cannot access the compliance tab.
  6. User View and Restore
    • They can only view, restore, and search their emails and no one else’s email account. They cannot access the compliance tab or download or migrate emails.
  7. Compliance and Review Officer (Dropsuite Archiving + Backup Product only)
    • They can access eDiscovery Search, Alerts, View Audit Logs, Retention Policy, Legal Hold, and Review Process tabs. Additionally, they have access to view email for all accounts.
  8. Reviewer (Archiving + Backup product only)
    • They can access the Review Process tab to review emails. However, they cannot set up a new review process.
  9. Limited Reviewer (Archiving + Backup product only)
    • They have access to the Review Process menu but can only review emails within the selected list in the Review Process.
  10. Data Protection Officer (Archiving + Backup product only)
    • This user can access the Review Process Tab and delete messages marked for deletion. They also can create tags to classify messages. They can add notes to messages marked for deletion for the audit log. Additionally, they have access to view email for all accounts.

 

Enabling Access for External (Delegated) Users

If you have users you want to access your organization but are not backed up, you can add them as external users. A delegated user can be someone from outside the organization or someone who is part of the organization but is not included in the backup. Only admins who have access to the User Management Page can give access to external users

  1. From the User Management page, go to the Grant Permission tab
  2. Select Add User
  3. Enter the email address of the user you want to invite, and then select a role for the user
  4. Check the box stating I agree with this Term and then choose invite

The user you added will receive an email with a link to log in and reset their password. Note the following:

  1. This link expires after 24 hours.
  2. You can check whether the invitation has been accepted from the Invitation List tab on the User Management page. From here, you can resend or cancel the invitation.
  3. Once the user has accepted the invitation and has logged in, they will be added to the user list on the Grant Permissions tab.

When adding external users, be aware of the following:

  • The user you add will be able to see your backed-up data (depending on what level of access they were given).
  • You cannot transfer ownership of the organization to a delegated user
  • All activity, including from external users, is captured in the audit log
  • Once added, you can revoke access to an external user and disable login, but you cannot delete the user from the list.  To remove an external user, reach out to support@dropsuite.com for assistance.

 

Disabling Login for a User

  1. Go to the User Management page and select the Grant Permission tab
  2. From the list of users, locate the user you want to disable
  3. Under the Login Status column, switch the option to off (red)
  4. A disabled user can be re-enabled by switching this option to on (green)

 

Enabling Azure or Google SSO

You can now enable Microsoft 365 Azure Active Directory Single Sign-On (SSO) or Google SSO, which allows users to log in to their backup dashboard using their M365 or Google credentials. This way, they don’t have to keep a separate password for the backup End-User portal.  When Azure or Google SSO is enabled in the Grant Permissions tab of the End-User Portal, it will enable for all users that have access granted to log in.

  1. Go to the User Management page and select the Grant Permission tab.
  2. On the right side of the page, enable Enforce Azure AD SSO Log In or Enforce Google SSO Log In access for all users.
  3. Once enabled, all users will have to use their M365 or Google credentials to log in to their backup dashboard once their access is enabled in the above step. They would select the option to sign in with either M365 or GWS instead of putting in their Dropsuite username and password.
  4. You also can disable the user login from the same page.

Please Note: Azure or Google SSO will not be enabled for external owners by default and will not be affected by the SSO toggle found within the portal. SSO can be enabled for the owner per request to support@dropsuite.com.

 

Assigning Users to Departments

Assigning users to departments can be useful when you have a lot of users and want to manage them based on specific groups you set up. For example, you could set up a finance department and then add all your finance users to that so that you can manage them all at once.  To do this, follow the steps below:

  1. From the User Management page, select the Assign Department tab.
  2. Select Department Management.
  3. If a needed department is not already on the list, you can add it to the bottom of the list.
    1. Choose Add More.
    2. Choose Save Changes.
  4. Under Assign Department, you can assign one or multiple departments to a user.

To sync the existing departments from your tenant, follow these steps:

  1. From the Assign Department page, you will see an option for each tenant domain to enable Azure AD Department sync . This option will be turned off by default
  2. Use the toggle to turn on this option. You will see a pop-up warning letting you know that the departments will be automatically synced and assigned to the user accounts. Select either Yes, Continue or Cancel.
  3. Once enabled, it will show a syncing status while it scans the tenant and retrieves the information
  4. After syncing is complete, the departments that were added by this sync will have a special icon (blue circle with an i) next to them, indicating that they were automatically synced
  5. As long as the option is enabled, Dropsuite will check weekly for new departments or changes to users' department assignments. If you need to force a sync, you can use the Sync Now option to have it run immediately.

 

 

 

Was this article helpful?

1 out of 1 found this helpful

Have more questions? Submit a request