Each SendSafely portal has two distinct registered user roles: User and Administrator. In addition to these roles, our Business and Enterprise customers can also leverage Security Groups, a flexible framework for granting specific users additional permissions. This article will detail what users and admins in SendSafely can do, and how to use Security Groups to endow specific users with additional permissions.

The User Role

Administrators may restrict some of the functionality available to users, but typically, users can:

• Send outbound packages via Send Items, or via the outbound functionality of any integration to which an admin has granted them access
• Receive packages inbound via:
  • Replies to their outbound packages (unless your portal has enabled Email Masking)
  • Personal URL (if enabled)
  • Dropzones (whether personal Dropzones, if allowed, or Dropzones to which they have been added as a recipient by an admin or by a member of the appropriate Security Group)
• Create Workspaces (if allowed), and perform operations available to any Workspace Collaborator Roles they are granted on other users’ Workspaces

The Administrator Role

Administrators can:

• Deploy SendSafely integrations, such as for Gmail, Outlook, Slack, Zendesk, Salesforce, Intercom, Freshdesk, Jira, Adobe Marketo, Inbound and Outbound SEG, Zapier, etc.
• Query the Audit Log API
• Create, manage, and delete enterprise Actions workflows, such as for OPSWAT Metadefender, SophosLabs Intelix, Crowdstrike Falcon, S3 Automatic Export, Google Cloud Data Loss Prevention API, Magika File Type Checker, etc.

Administrators also have access to the Enterprise Console, where they can perform a variety of different operations by tab:

Users

On the Users tab, an admin can:

• Promote other users to admin
• Add and remove users
• Create and delete No-Login Service Accounts
• Impersonate users to access their Activity and Profile

User Activity Impersonation

While impersonating a user or Service Account, an admin can view metadata pertaining to that account's Received Items, Sent Items, Workspaces, and deleted packages. They can also:

• Modify the expiration dates, PDF and image privacy controls, and recipients of Sent and Received Items owned by the account
• Delete Sent and Received Items owned by the account
• Create, rename, and delete the account's Workspaces
• Rename and delete files and folders in the account's Workspaces

Note: Impersonation doesn’t grant an admin access to the contents of a user’s packages, unless the admin sets up a Master Key and adds themself as a recipient to those packages. This access is not anonymous.

User Profile Impersonation

While impersonating a user or Service Account, an admin can:

• Modify their Account Profile
• Delete and generate API Keys for them
• Configure their Dropzone settings

Profile

On the Profile tab, an admin can view details about their SendSafely plan and portal.

Activity Search

On the Activity Search tab, an admin can search for packages, filtering by date, sender, recipient, file name, and status.

Configuration

On the Configuration tab, an admin can configure portal-wide settings including:

• Whether users can self-register
• Whether users can send packages without specified recipients
• Whether personal URLs are enabled
• Whether users can log into SendSafely via OAuth upon logging into a supported integration provider
• Whether users are required to use 2FA (now mandated)
• The default, minimum, and maximum expiration dates for transfer packages
• Whether to require verification for access to all Hosted Dropzone URLs in the portal
• Your logo and color scheme
• Your SSO

Here, an admin can also load Master Keys into the browser, and clear them from the browser.

Reports

On the Reports tab, an admin can:

• View the activity dashboard
• Generate user, Workspace, and Dropzone reports

Contact Groups

On the Contact Groups tab, an admin can:

• Create, manage, and delete Enterprise Contact Groups

Security Groups

On the Security Groups tab, an admin can view the Security Groups active in their portal, add users to those Security Groups, and remove users from them. While more permissions are planned, SendSafely offers three distinct Security Group permissions at the time of this writing:

1. Manage the status of items submitted to Dropzones they belong to
2. Bypass the Restrict Download & Print setting on Dropzones they belong to
3. Manage the profile (recipients and configurations) of Dropzones they belong to

Your portal can have any number of Security Groups, and those Security Groups can have any combination of the above permissions. To create a Security Group, an admin must contact support@sendsafely.com with its desired name and permission(s).

If you have users whom you don’t want to make admins, but do want to grant some subset of the permissions detailed above, Security Groups may be right for you.