Last updated
Last updated
Solar Archive has multiple level of user accounts, in this guide we'll setup two different level's of users - Privileged and Data Guardian user types. We'll briefly go into these user types below, if you'd like to dig into more detail please see the section.
Privileged Users are also called e-Discovery Users, are users who are able to search across the archives and do their e-discovery investigations. This user can search across all emails in that Solar Archive system (or that Solar Archive company, when in multi-tenant mode) unless one or more searchable domains are added. Any searches made by Privileged users will raise an audit transcript that is sent to the Data Guardian(s).
A Data Guardian is, in Solar Archive, an email address to which transcripts of administrator access and privileged user searches will be sent. At least one data guardian must be added, before adding any local user accounts.
Note: For versions 9.0.2 and above, different guardians for each of administrative or privilege usage audit transcripts can be specified.
Let's proceed to setup a privileged user for our archive.
Navigate to Basic Configuration > Local User Accounts.
Click the Create New Account button.
Enter / Select the required values in the fields. Refer to the table below for field names and descriptions.
Review all the values that you have entered / selected and click Save Changes.
The user account will be created and the password for the account will be displayed on the screen.
Now that we've setup a privileged user that can search the entire archive, let's setup a Data Guardian to police those actions.
Navigate to Basic Configuration > Data Guardians.
Look for the Data Guardians Section
Enter / Select the required values in the fields. Refer to the below field descriptions.
Click Add
Review all the values and click Save.
The data guardian will be created and they will now have access to data guardian features.
Username
Refers to the unique username of the account. It is recommended that the name is different to a user’s network login id name and you append _admin / _priv / _basic to the username to ensure that it is different to a user’s standard login name, and it also indicates the type of user.
First Name
Refers to the first name of the user.
Last Name
Refers to the last name of the user.
Admin Level
Refers to the type of user being created.
Account Status
Specifies whether the account is active or not.
Last log-in date
Refers to the date on which the user last logged into the account.
Account creation date
Refers to the date on which the account was created.
Primary Email Address
Refers to the email address to which all emails, to the user, from Solar Archive will be sent. This will include reset Password and Forward-to-inbox emails. Once a new account is saved, a random password is assigned and emailed to the new user’s primary email address. If Solar Archive is unable to send this email, then the password will be displayed on this screen.
Authentication type
Refers to any of the 3 authentication types which the user will be required to fulfill to log into the account
Searchable Domains
Refers to the domains, to send and receive emails, to which you want to restrict the Privileged user(s).
Leave this field blank for un-restricted searches.
Exclude Addresses
Refers to the email addresses which you want to prevent from being included in search results. Leave this field blank for un-restricted searches.
Requires another Priv User/Data Guardian to authorise searches
Specifies whether the user account needs authorization for searches, from another privileged user or data guardian
Other Auditors
Refers to the email addresses, in addition to the data guardians, on which you want to receive summary search transcripts.
Transcript reference retain period
Number of days the details of each email viewed by a Privilege User, and summarised under a transcript reference, will be held in Solar Archive. The default is 0 (the transcript reference details will never be deleted). If a value other than 0 is used, then the Data Guardian will not be able to review a Privilege User search that was performed more than that number of days ago.
Data Guardians
Email address(es) that will be the data guardians. who will oversee the activities of Administrators and Privilege users. Recommended data guardians are:
HR Manager
Compliance Manager/Officer
IT Manager
CEO / senior staff
Union Leader
Priv Transcripts
Specifies whether or not the data guardian will receive privileged user transcripts.
Admin Transcripts
Specifies whether or not the data guardian will receive administrator transcripts.
Enable user identity switching
Specifies whether or not a data guardian is allowed to switch identity.
Require Password Re-entry
Specifies whether or not re-entering a password is required to switch identity. If a password re-entry is needed, then the password of the original login (usually your LDAP Network password) may be entered OR the password of the account you are switching to.
Auto Logout
Time, in minutes, after which the user ser will be logged out of their session. This can be set individually for each user type.
Creating our user accounts to access the archive.