With Dropsuite, users who are added to be backed up can sign in and interact with their backup. You have the ability via the User Management page to allow certain users to have elevated access to interact with the organization and other user accounts or to grant permissions to external users who do not have an active backup within the organization.
How to Manage User Access
- Please login to your business backup/archive account.
- Click on the account bubble in the upper right corner of the page and select "User Management."
- Go to the "Grant Permission" tab. In this tab, you will see all users that are currently included in the backup.
- From the "Grant Permission" tab, you have the ability to assign the role to each user from the dropdown and toggle on/off log in. For information on the individual roles, please see "User Access Levels" below or check out the attached document at the bottom of the page.
Note: A given role can only assign a user a role that is BELOW its own.
- If selecting Group Supervisor, please also select the department they are admins of in the box that will appear just below the role.
- Click “Save Changes.”
User Access Levels
We allow ten access levels for the Business Archiving+Backup product and five access levels for Business Backup.
-
Full Admin
- They have all accesses and capabilities. They can view, download, restore, migrate, and search emails from all email accounts. They can also set user permissions and compliance policies, view logs, set legal holds, and set up review processes.
-
IT Admin
- They can view info, and delete, and deactivate email for all accounts. They can also set up all user settings but can’t access the compliance tab. They can also restore emails from other accounts.
-
Restricted IT Admin
-
This role grants access to nearly all features available to an IT Admin, with specific restrictions to ensure data privacy. Users with this role can:
View the list of backed-up accounts.
Access account details, including status and the last backup date.
Deactivate or reactivate accounts.
Add new backups.
Configure all user settings.
However, they cannot access any metadata, and their permissions exclude the ability to use the Advanced Search and Insight tabs.
-
-
Group Supervisor
- They have full access to users within the departments in which they are a supervisor. They can restore, migrate, download, search, and view all email accounts within their allotted department. They can set user permissions but can’t access all compliance policies.
-
User
- They can only view, download, restore, migrate, and search their emails and no one else’s email account. They cannot access the compliance tab.
-
User View and Restore
- They can only view, restore, and search their emails and no one else’s email account. They cannot access the compliance tab or download or migrate emails.
-
Compliance and Review Officer (Dropsuite Archiving + Backup Product only)
- They can access eDiscovery Search, Alerts, View Audit Logs, Retention Policy, Legal Hold, and Review Process tabs. Additionally, they have access to view email for all accounts.
-
Reviewer (Archiving + Backup product only)
- They can access the Review Process tab to review emails. However, they cannot set up a new review process.
-
Limited Reviewer (Archiving + Backup product only)
- They have access to the Review Process menu but can only review emails within the selected list in the Review Process.
-
Data Protection Officer (Archiving + Backup product only)
- This user can access the Review Process Tab and delete messages marked for deletion. They also can create tags to classify messages. They can add notes to messages marked for deletion for the audit log. Additionally, they have access to view email for all accounts.
Enabling Access for External (Delegated) Users
If you have users you want to access your organization but are not backed up, you can add them as external users. A delegated user can be someone from outside the organization or someone that is part of the organization that is not included in the backup. Only admins who have access to the User Management Page can give access to external users
- From the User Management page, go to the "Grant Permission" tab
- Click on "Add User"
- Enter the email address of the user you want to invite and select a role for the user
- Check the box stating “I agree with this Term” and then click invite
The user that you added will receive an email with a link to log in and reset their password. Note:
- This link expires after 24 hours.
- You can check whether the invitation has been accepted from the Invitation List tab on the User Management page. From here, you can resend or cancel the invitation.
- Once the user has accepted the invitation and has logged in, they will be added to the user list on the Grant Permissions tab.
Please note the following when adding external users:
- The user you add will be able to see your backed-up data (depending on what level of access they were given).
- You cannot transfer ownership of the organization to a delegated user
- All activity, including from external users, is captured in the audit log
- Once added, you can revoke access to an external user and disable login, but you cannot delete the user from the list. To remove an external user, please reach out to support@dropsuite.com and they will be able to assist.
Disabling the Login for a User
- Go to the User Management page and select the Grant Permission tab
- From the list of users, locate the user you want to disable
- Under the Login Status column, switch the option to off (will show red)
- A disabled user can be re-enabled by switching this option to on (Will show green)
Enabling Azure or Google SSO
You can now enable M365 Azure Active Directory SSO or Google SSO, which will enable the users to log in to their backup dashboard using their M365 or Google credentials. This way, they don’t have to keep a separate password for the backup End-User portal. When Azure or Google SSO is enabled in the "Grant Permissions" tab of the End-User Portal, it will enable for all users that have access granted to log in.
- Go to the User Management page and select the "Grant Permission" tab.
- On the right side of the page, enable the “Enforce Azure AD SSO Log in” or “Enforce Google SSO Log In” access for all users.
- Once enabled, all users will have to use their M365 or Google credentials to log in to their backup dashboard once their access is enabled in the above step. They would select the option to sign in with either M365 or GWS instead of putting in their Dropsuite username and password.
- You also can disable the user login from the same page.
Please Note: Azure or Google SSO does not work for external users
Azure or Google SSO won't be enabled for the organization owner. This can be enabled per request to support@dropsuite.com
Assigning Users to Departments
Assigning users to departments can be useful when you have a lot of users and want to manage them based on specific groups you set up. For example, you could set up a finance department and then add all your finance users to that so that you can manage them all at once.
- From the User Management page, click on the "Assign Department" tab.
- Click on the "Department Management" option
- If a needed department is not already on the list, you can add it to the bottom of the list
- Click "Add More"
- Click "Save Changes"
- Under Assign Department, you can assign one or multiple departments to a user.
If you would like to sync the existing departments from your tenant, that is also possible
- From the Assign Department page, you will see an option for each tenant domain to enable “Azure AD Department sync .” This option will be turned off by default
- Click on the toggle to turn this option on. You will see a pop-up warning letting you know that the departments will be automatically synced and assigned to the user accounts. Select either “Yes, Continue” or “Cancel.”
- Once enabled, it will show a “syncing” status while it scans the tenant and retrieves the information
- After syncing is complete, the departments that were added by this sync will have a special icon (blue circle with an i) next to them, indicating that they were automatically synced
- As long as the option is enabled, Dropsuite will check once a week for new departments or changes to users' department assignments. If you need to force a sync, you can use the “Sync Now” option to have it run immediately.