SendSafely

Articles in this section

See more

Creating Service Accounts

Administrators can create and manage special SendSafely Service Accounts from the Enterprise Console to use with our API, or as Dropzone Owners. These Service Accounts are not permitted to log into SendSafely, do not require an associated email inbox and have limited access to service-type features only. This type of account reduces administrative burden and enhances security by:

  • Eliminating the need to generate, store and share passwords
  • Limiting control to Administrators only
  • Ensuring Service Accounts are only used for their intended purpose
  • Abstracting key functions from individuals, guarding against employee movement and turn over
  • Not requiring the creation and management of unnecessary email inboxes

Service Accounts are configured and managed by Administrators from the Enterprise Console using account impersonation functionality.

As Service Accounts never log in to SendSafely via a browser, Admins are unable to generate a client side Trusted Browser Key. If a back up private decryption key is recommended for the processes owned by the Service Account we suggest generating one using any of the following options:

Creating a Service Account

Administrators can create a new Service Account from the Add Users section of the Enterprise Console by taking the following steps:

  • Enter the username/email address
    • While the username must be in the format of an email address, no actual email inbox is required for creation or maintenance of the account. 
  • Choose Service Account (No Login) from the Login Type dropdown
  • Click the Add User button. 

Add_Service_Account.png

The Service Account is immediately added to SendSafely and is ready for use. Service Accounts are listed in the Registered Users section of the Enterprise Console and are designated by a padlock icon, indicating they are not permitted to log in.

Registered_User_Listing.png

 

Managing a Service Account

Admins can configure and manage Service Accounts by impersonating the account from the Enterprise Console. Capabilities include adjusting profile settings, turning on a Dropzone or generating an API key or secret. To configure settings, click the View button on the user row, then select the Profile option from the dropdown. 

View_Profile.png

 

Account Profile

While impersonating, Admins can edit all fields on the Account Profile tab. By default, the Service Account personal upload URL and notification preferences are turned off.

Account_Profile.png

API Keys

Admins can also generate and revoke API keys and secrets that can be used to authenticate via the SendSafely API. Please note that in order to generate a key that can be used for SCIM authentication, the Service Account must be granted Admin privileges in the Enterprise Console.

API_Keys.png

Dropzones

Lastly, Admins can turn on and configure settings for a Dropzone, owned by the Service Account. For more information on configuring Dropzones, please see here.

 

Dropzone_Profile.png

Service Accounts are included in a SendSafely Enterprise subscription. Contact sales@sendsafely.com for more information on SendSafely plans.

Related articles