Administrators can create and manage special SendSafely Service Accounts from the Enterprise Console to use with our API, or as Dropzone Owners. These Service Accounts are not permitted to log into SendSafely, do not require an associated email inbox and have limited access to service-type features only. This type of account reduces administrative burden and enhances security by:
- Eliminating the need to generate, store and share passwords
- Limiting control to Administrators only
- Ensuring Service Accounts are only used for their intended purpose
- Abstracting key functions from individuals, guarding against employee movement and turn over
- Not requiring the creation and management of unnecessary email inboxes
Service Accounts are configured and managed by Administrators from the Enterprise Console using account impersonation functionality.
- Setting up a Portal Master Key
- Generating an individual key using our Export Utility
- Generating an individual key using one of our SendSafely Client API SDKs
Creating a Service Account
Administrators can create a new Service Account from the Add Users section of the Enterprise Console by taking the following steps:
- Enter the username/email address
- While the username must be in the format of an email address, no actual email inbox is required for creation or maintenance of the account.
- Choose Service Account (No Login) from the Login Type dropdown
- Click the Add User button.
The Service Account is immediately added to SendSafely and is ready for use. Service Accounts are listed in the Registered Users section of the Enterprise Console and are designated by a padlock icon, indicating they are not permitted to log in.
Managing a Service Account
Admins can configure and manage Service Accounts by impersonating the account from the Enterprise Console. Capabilities include adjusting profile settings, turning on a Dropzone or generating an API key or secret. To configure settings, click the View button on the user row, then select the Profile option from the dropdown.
While impersonating, Admins can edit all fields on the Account Profile tab. By default, the Service Account personal upload URL and notification preferences are turned off.
Admins can also generate and revoke API keys and secrets that can be used to authenticate via the SendSafely API. Please note that in order to generate a key that can be used for SCIM authentication, the Service Account must be granted Admin privileges in the Enterprise Console.
Lastly, Admins can turn on and configure settings for a Dropzone, owned by the Service Account. For more information on configuring Dropzones, please see here.
Service Accounts are included in a SendSafely Enterprise subscription. Contact firstname.lastname@example.org for more information on SendSafely plans.