This article will educate portal admins about best practices for the creation and administration of Workspaces. Any organization using or planning to use Workspaces for end-to-end encrypted file storage and collaboration should answer the following questions:

1. Do you want to limit who can create Workspaces?

With the Workspace Ownership Security Group, you can specify which users at your organization can create and own Workspaces. 

Many customers–particularly those using Workspaces for persistent rather than ephemeral storage–will opt to only allow No-Login Service Accounts to create and own Workspaces. This helps prevent data loss in the event of employee offboarding or role change. Admins can create new Workspaces on behalf of No-Login Service Accounts (or other users) by following these instructions.

To create a Workspace Owners Security Group, have a portal admin email support@sendsafely.com requesting its creation. Once this Security Group has been created, you can manage its members via the Security Groups section of your SendSafely portal, or programmatically, using our REST API.

Note that in addition to limiting who can create Workspaces, you might also choose to limit the number of Workspaces that a given user can own. To request this, have a portal admin email support@sendsafely.com. 

2. Do you want admins to have access to all Workspace contents?

Your admins with a Master Key can access the contents of all Workspaces in your SendSafely portal. A Master Key is particularly important if you wish to retain access to Workspaces owned by deprovisioned users. 

Without a Master Key, you risk losing access to the contents of Workspaces if their owner is deprovisioned. Master Keys synchronize to historic Workspaces whenever Internal Collaborators on those Workspaces log into your SendSafely portal, but–as there is no guarantee this will happen–the strongest measure against data loss is to create your Master Key before you start using Workspaces.

If you’re already using Workspaces and don’t yet have a Master Key set up, the best time to create a Master Key was yesterday, but the second-best time to create a Master Key is today.

3. Will you need to transfer Workspace ownership between users?

Bulk transferring Workspace ownership from one registered user to another is useful functionality, particularly for portals that have been using Workspaces for some time, or that may not have set them up in accordance with the best practices outlined in this article. This functionality is also useful for transferring Workspace ownership away from deprovisioned users.

If you’ve decided to limit Workspace ownership to a particular subset of users (typically, No-Login Service Accounts), you can transfer them–in bulk–from their previous owners to new ones.

4. Do you want files in Workspaces to expire?

Although many customers use Workspaces for persistent end-to-end encrypted storage, others use automatic expiration as a key privacy control, to ensure that sensitive information is only accessible from their SendSafely portals for as long as they need access to that information, and no longer.

At the time of this writing, Workspace expiration is enforceable at the level of each individual Workspace. Soon, however, SendSafely portal admins will be able to enforce Workspace expiration portalwide, controlling the organization default, minimum, and maximum expiration in days for all Workspaces in their portal.

5. Have you set up a Custom URL?

Secure links to your Workspaces come from your SendSafely portal. For portals without a custom URL, these follow this format: 

https://{yourorganization}.sendsafely.com/receive/?packageCode={packagecode}#keycode={keycode}

For portals with a custom URL, these follow this format: 

https://{yoursendsafelyportalsubdomain}.{yourorganization}.com/receive/?packageCode={packagecode}#keycode={keycode}

For purposes of branding and deliverability, we strongly encourage our customers to use custom URLs. If you’re already using Workspaces, and then decide to adopt a custom URL, the secure links that External Collaborators use to access your Workspaces will cease to work, and you’ll need to share new secure links with those Collaborators.

If you plan to use Workspaces, you should set up a Custom URL as soon as possible, as changing it down the line will make a lot of work for you. If you’re already using Workspaces and wish to move to a Custom URL, follow this guidance to ensure that your External Collaborators don’t lose access after your cutover.