SIGBOX Organization Administrator's Guide
Toggle TOC panel
Administering users within an organization

All features of SIGBOX technologies are accessed through a SIGBOX user account. The core of these features include the ability to:

  • Create encrypted files (also known as file objects or Secure Objects (1) ) within an organization,
  • Access and decrypt an encrypted file's data and
  • Utilize SIGBOX applications, as well as
  • Administer SIGBOX Services (through SIGBOX Organization Administration, as well as SIGBOX Administration).

A SIGBOX user:

  • Has permission to access these features based on their roles.
  • Is represented by an account which can be added to, edited (2) within, or removed from an organization (and re-added again) by an Organization administrator through the Users page of SIGBOX Organization Administration.
    Notes:
    • Users may also be added and updated through an LDAP connection (on its server/user directory). However, the roles of an LDAP user account within an organization are managed through SIGBOX Organization Administration.
    • Both LDAP connections and the SIGBOX administrator role on SIGBOX user accounts can only be configured/managed through SIGBOX Administration. For more information, see to the SIGBOX Administrator's Guide.
    • (2) A SIGBOX user account's editable fields fit into two categories:
      • non-role-related fields - edited by the user themselves through, for example, SIGBOX for Web or other Safe Share products with user account editing features and
      • role-related fields (within an organization) - editable by any user with the Organization administrator role for that organization.

(1) A file object / Secure Object is defined by the following:

  • SIGBOX-encrypted data that has been registered on SIGBOX Services.
    Note: SIGBOX-encrypted data is data from a file or stream, which has then been encrypted either:
  • The properties associated with this encrypted data. Some of these properties can be determined by the creator/owner of the file.
Users page

An organization user's fields

Each SIGBOX user's account which is a member of your organization is defined by a set of fields described in the table below, of which only a subset (Email, Role, Is Organization Admin? and Plan) requires configuration when an Organization administrator (of your organization):

  • Adds a new user to your organization (thereby making this user and their account a member of the organization) or
  • Edits any existing user account within your organization (with the exception of their Email field).

These subset of fields constitute the 'role-related' fields of a user's account. With the exception of users with the Ad hoc role, any SIGBOX user can configure the other (i.e. non-role-related) fields (also described in the table below) for their own account when they edit their account through SIGBOX Organization Administration, SIGBOX for Web, as well as other Safe Share products with user account editing features.

Unless stated in the table below, these fields and their values are visible on the Users page of SIGBOX Organization Administration.

Field Description Required?
Email The email address that forms part of a user's credentials, which the user requires to authenticate to SIGBOX Services. This email address:
  • Defines the user's identity and hence, must be unique amongst all user accounts on SIGBOX Services.
  • Is the email address that SIGBOX Services sends notifications to.
  • Cannot be edited once the account has been created.
Yes
First Name (3) A user's first name (e.g. a given name or nickname). This field is only editable through the user's own My Account feature. No
Last Name (3) A user's last name (e.g. a surname or family name). This field is only editable through the user's own My Account feature. No
Other Name (3) A user's middle name (e.g. one or more other given names). This field is only visible and editable through the user's own My Account feature. No
Mobile Number (3)

The mobile number of a user. This field is only visible and editable through the user's own My Account feature.

Note: This number must include the country calling code and plus (+) sign prefix.
(e.g. +1 234 567 8910 for a US-based number.)

No
Default Language (3)

The language preference/settings for a user. Any changes to this field apply immediately to the interfaces for SIGBOX Organization Administration, SIGBOX for Web and as well as SIGBOX Administration (if the user has access to these features). This field is only visible and editable through the user's own My Account feature.

Note: This setting overrides the System Default language (defined through the Internationalization page, which is configured through SIGBOX Administration).

No
Account Type The user's type of account, which reflects a user account's origin. SIGBOX Services defines the following account types:
  • Local:
    • The user's account was created when an Organization administrator added the user directly through SIGBOX Organization Administration.
    • An existing user whose account type was External (below) changes to Local when the user's account (which had the Ad hoc role) was upgraded to the Collaborator role and then an Organization administrator changed this user account's role to Originator.
  • External - The user account was created implicitly by SIGBOX Services when a SIGBOX user with the Originator role shared content with a person who did not have a registered SIGBOX user account at the time. These types of user accounts (with either the Ad hoc role or the Collaborator role if the user upgraded their account from Ad hoc) are considered to have been 'external' in origin (e.g. outside any company or domain).
  • LDAP - The user account was created from an LDAP server/user directory through an LDAP connection. These types of user accounts are created and updated on SIGBOX Services during synchronization events with their respective LDAP servers. For more information about configuring LDAP connections, see Configuring LDAP in the SIGBOX Administrator's Guide.
Note: The value of this field is automatically determined by SIGBOX Services when the user account is created and its value is not editable.
Not applicable
Role The roles granted to a user within an organization, each of which define the core features of SIGBOX technologies (described above) that this user can access. See An organization user's roles for more information.
The Organization administrator role is granted by selecting the Is Organization Admin? check box below.
Notes:
  • This Role field is not mandatory when adding or editing a SIGBOX user with the Organization administrator role only.
  • Other than the Organization administrator role, a user's other roles within an organization can only be upgraded - for instance, the Ad hoc role can only be upgraded to either the Collaborator or Originator role, and the Collaborator role to the Originator role.
  • This field's value can be empty (i.e. 'No Role') because a user account may only have the Organization administrator role specified. However, once this Role field's value has been specified, it cannot be cleared.
Yes
(if Is Organization Admin? below is not selected)
Plan The plan (defining a storage quota) assigned to a user, which limits the amount of storage space the user can access when uploading data to SIGBOX Services' Content Service through a SIGBOX product or a client application that utilizes SIGBOX Services' API.
Notes:
  • This field is only accessible if the Originator role is specified (below).
  • At least one plan must be added to the organization (i.e. the initial default plan) before the Originator role can be applied to any user added to the organization. See Managing users' storage quotas through plans for more information.
  • When a SIGBOX user with the Originator role is added to an organization, or an existing user's role is upgraded to Originator, the default plan is automatically selected (or this plan is set on users' accounts if the accounts were added either in bulk from a CSV file or automatically from an LDAP server/user directory).
  • If an existing user's storage space already exceeds the quota defined by a plan, which is then applied to the user's account, then the user will no longer be able to upload any further data to storage until either:
    • The user removes a sufficient amount of their own content to lower their utilized storage space (below their plan's quota).
    • A plan defining a larger quota than their currently utilized storage space is applied to the user's account.
Yes
(for a SIGBOX user with the Originator role; otherwise, not applicable)
Usage The amount of storage space that the user's account currently consumes (in your organization). Not applicable
Org Admin /
Is Organization Admin?

On the Users page, this field (labeled Org Admin) indicates 'Yes' if a user has the Organization administrator role - otherwise, 'No'.
When adding a user account to an organization or editing the account's role-related fields, selecting the check box of this field (labeled Is Organization Admin? on the Add New/Edit User dialog box) grants the user within an organization the Organization administrator role.

Note: This option is not available when editing the accounts of the currently logged in user, or users who have an External Account Type or the Ad hoc role.

No
Locked This field indicates 'Yes' if a SIGBOX user account has been locked as a result of the user mistyping their password more than the maximum number of times configured by a SIGBOX administrator (of the SIGBOX Services instance). The user themselves will need to unlock this account by following the instructions in their 'account lockout' notification (or by resetting their password via any of the options on the SIGBOX Sign-in page).
If a user account is not locked, this field indicates nothing. The values of this non-editable field are only visible on the Users page.
Not applicable
2FA Enabled (3) and
Re-seed
The 2FA Enabled field indicates 'Yes' if a SIGBOX user account has two-factor authentication (2FA) enabled. (This field is editable through the user's own My Account feature.)
If this field indicates 'Yes', then the Re-seed button becomes available in the Re-seed column/field.
If a user account does not have 2FA enabled, this field indicates No. The values of this non-editable field (for user accounts other than your own) is only visible on the Users page.
Not applicable

(3) While an Organization administrator can modify these fields' values for their SIGBOX user account via the My Account feature through Organization Administration, the user can also modify these values via equivalent features in SIGBOX for Web, other Safe Share products with user account editing features, as well as SIGBOX Administration (if the user has access to these features).

Note: Other fields are associated with a SIGBOX user's account. However, these fields are used internally by SIGBOX Services and are therefore only exposed to a limited extent through user interfaces (or not exposed at all).

An organization user's roles

Each SIGBOX user must be assigned a role, which grants the user access to different sets of features available through SIGBOX technologies. A SIGBOX user's roles within an organization can be modified by editing their user account.

Note: Users can have more than one role. Regardless of organization:

  • A user with the Organization administrator (and/or SIGBOX administrator) role can also be granted either the Originator or Collaborator role.
  • Likewise, a user with either the Originator or Collaborator role can also be granted the Organization administrator role and/or the SIGBOX administrator role (of their SIGBOX Services instance).
Role Description
Originator A SIGBOX user with the Originator role in a given organization can use SIGBOX technologies to do the following (within the scope of their organization):
  • Create their own encrypted files and folders (collectively known as 'items') utilizing:
    • Any SIGBOX application, or
    • Another client application that interacts with SIGBOX Services' API.
  • Securely store encrypted files in storage managed by SIGBOX Services' Content Service. The amount of storage space available to the user depends on their plan. Since storage space is associated with a SIGBOX user (who has the Originator role), then any encrypted files stored within this space become owned by this user.
    Note: Depending on the formats of these encrypted files, read-only views may also be generated for these files (which consumes a comparatively small amount of storage space) for presentation in SIGBOX's content viewer.
  • Share their secured items with other SIGBOX users who have the Originator, Collaborator or Ad hoc role, including other people who have not yet been registered as a SIGBOX user. Also determine which of these SIGBOX users and other people have permissions to View, Download, Upload (for folders only), Modify or Manage these items that have been shared with them.
    Notes:
    • SIGBOX users who have been shared an item are known as collaborators on the item. This term should not be confused with SIGBOX users who have the Collaborator role (below).
    • These processes are conducted through the (Safe) Share dialog box of any SIGBOX application, or when setting collaborators on a file or folder through a client application utilizing SIGBOX Services' API.
  • Specify other access controls on their files, such as:
    • The date and time from which collaborators can begin accessing a file's content as well as the date and time when this access ceases.
    • A label that defines which clearances of SIGBOX users a file can be shared with.
    These processes are conducted through either the (Safe) Share dialog box of any SIGBOX application, or when setting collaborators on a file object through a client application utilizing SIGBOX Services' API.
A SIGBOX user's account can be granted this role by an Organization administrator when this administrator either adds the user's account to their organization or edits this account (which could also be their own) within their organization (4) .
Users with the Originator role can also use SIGBOX applications (or applications that interact with SIGBOX Services' API) to:
  • Manage their list of contacts (e.g. SIGBOX users with whom they frequently share secured items),
  • View/access/update their account details,
  • Manage their email notifications and
  • Revoke the right that client applications were initially granted (by the user themselves) to access SIGBOX Services' resources through their user account.
Notes:
  • A SIGBOX user with the Originator role has access to all features of SIGBOX technologies which are available to a user with the Collaborator role.
  • (4) All SIGBOX users which have been added through a connection to an LDAP server automatically have the Originator role. For more information about configuring LDAP connections, see Configuring LDAP in the SIGBOX Administrator's Guide.
Collaborator A SIGBOX user with the Collaborator role in a given organization can use SIGBOX technologies to do the following (within the scope of their organization):
  • As a collaborator on a file or folder owned by another SIGBOX user (see Originator role description above for more information), access and decrypt the data of an encrypted file (or files within the folder), utilizing:
    • Any SIGBOX application, or
    • Another client application that interacts with SIGBOX Services' API.
  • As a collaborator with Upload, Modify or Manage permissions on a folder owned by another SIGBOX user, create encrypted files as well as subfolders inside this other user's folder, utilizing:
    • Any SIGBOX application, or
    • Another client application that interacts with SIGBOX Services' API.
  • As a collaborator with Manage permissions on an item owned by another SIGBOX user, share this item (and specify other optional access controls on the item), similar to users with the Originator role on their own items (above), utilizing:
    • Any SIGBOX application, or
    • Another client application that interacts with SIGBOX Services' API.
A SIGBOX user's account can be granted this role by an Organization administrator when this administrator either adds the user's account to their organization or edits this account (which could also be their own) within their organization (5) .
Users with the Collaborator role can also use SIGBOX applications (or applications that interact with SIGBOX Services' API) to:
  • Manage their list of contacts (e.g. SIGBOX users with whom they frequently share secured items),
  • View/access/update their account details,
  • Manage their email notifications and
  • Revoke the right that client applications were initially granted (by the user themselves) to access SIGBOX Services' resources through their user account.
Notes:
  • If a SIGBOX user (who originally had the Ad hoc role) sets their password and signs in to upgrade their account (which changes their account's role to Collaborator), then the Account Type still remains External. However, once an Organization administrator grants this user's account the Originator role, then the Account Type switches to Local.
  • (5) A SIGBOX user account with the Collaborator role is added to an organization automatically if another user with the Originator role in this organization shares an item with this added user through either a SIGBOX application or another client application that interacts with SIGBOX Services' API. In such instances, this added user's account would have already been registered on SIGBOX Services and if applicable, upgraded from the Ad hoc role. This process is similar to how users with the Ad hoc role are added to an organization.
Ad hoc A SIGBOX user with the Ad hoc role (also simply known as an 'Ad hoc user') is an account which is automatically created by SIGBOX Services and added to an organization when:
  • A user with the Originator role in that organization shares their file or folder with someone (via their email address), through either a SIGBOX application or another client application that interacts with SIGBOX Services' API
    and
  • This email address does not match that of any existing SIGBOX user account registered on SIGBOX Services (e.g. as a member of another organization).
Users with this role are typically people outside a company or domain, who (once their account is added) can use SIGBOX technologies to perform the same activities on items as users with the Collaborator role within the scope of this organization.
Once an Ad hoc user account is added to an organization, this user's account is subsequently utilized whenever they are shared items by another user (with the Originator role) in this or any other organization.
Ad hoc user accounts do not have a dedicated password. However, once an Ad hoc user is shared an item by another user, an email notification is sent to the Ad hoc user's email address. This notification leads this user to obtain a one-time access link via a subsequent email notification, which in turn, leads the user to set a password before the user is able to access their shared item/s through SIGBOX for Web.
Notes:
  • Once a SIGBOX user with the Ad hoc role has set their password and signed in to SIGBOX for Web, the user's role is upgraded to Collaborator.
  • The Ad hoc role cannot be specified when an Organization administrator adds a user to their organization. However, if an Organization administrator removes a user with the Ad hoc role from their organization (i.e. before the user has had the chance to set their password and sign in) and then another user with the Originator role in this or any other organization shares an item with this Ad hoc user, then this SIGBOX user's account is automatically re-added to the organization with the Ad hoc role.
  • An Ad hoc user account will not be created and added to an organization if either the organization's:
Organization administrator A SIGBOX user with the Organization administrator role (also simply known as an 'Organization administrator') can access all administration features of their organization on SIGBOX Services made available through the SIGBOX Organization Administration interface.
Notes:
  • Other than the ability to administer their organization's access to the SIGBOX Services' resources, a SIGBOX user whose account only has the Organization administrator role does not have access to features of SIGBOX technologies available to users with the Originator or Collaborator/Ad hoc roles. Organization administrators who are likely to use SIGBOX technologies within their organization for purposes other than to administer it should grant themselves the Originator or Collaborator role as required.
  • Only Organization administrators within an organization can add the Organization administrator role for their organization to any other SIGBOX user.
  • A SIGBOX user whose account only has the Organization administrator role for an organization is automatically granted the Collaborator role for this organization if another user with the Originator role in this organization shares an item with this Organization administrator, through either a SIGBOX application or another client application that interacts with SIGBOX Services' API.

If you would like users in your organization to utilize client applications (other than SIGBOX applications) that interact with your organization through SIGBOX Services' API, request that a SIGBOX administrator of your SIGBOX Services instance configure these client applications for you (since only SIGBOX administrators can perform these configurations). For more information about configuring client applications, see Configuring client applications in the SIGBOX Administrator's Guide.

An organization user's activities

Upon selecting a SIGBOX user account on the Users page, a history of activities performed by this user on their own account (or by an Organization administrator, including a SIGBOX administrator if applicable, on the user's account) is shown in reverse chronological order in the History panel on the right of the page.

If the administrator is not a member of the organization, then 'An Administrator' is shown instead of the SIGBOX user's name.

The History panel on the right can be collapsed and expanded by clicking the respective > / < icon at the top of this panel. The types of activities recorded on the user's account include the user's own changes to their account's:

  • details,
  • password,
  • two-factor authentication settings, or
  • other settings.

Also recorded are changes to the user's account settings by an Organization administrator, as well as the creation of an account (or its addition to an organization) by an administrator. Be aware that sign-in and sign-out activities are not recorded by this feature.

Adding an organization user account

This procedure describes how to add a SIGBOX user account to your organization on SIGBOX Services. A SIGBOX user whose account has been added to an organization is a member of that organization.

Note: SIGBOX user accounts can also be added to an organization:

To add a user to your organization on SIGBOX Services:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click the Users option on the left of the SIGBOX Organization Administration interface to open the Users page.
  3. Click the Add New button.
  4. In the Add New User dialog box, complete the required user's fields (described in detail above).
    Tip: See An organization user's roles for more information about the role(s) to specify for this user.
  5. Click Save and the SIGBOX user will appear as a new entry on the Users page.
    Notes:
    • If the user's email address has not yet been registered on SIGBOX Services, a new SIGBOX user account is automatically created for them. The user's:
      • SIGBOX user account will have the Local Account Type, which is indicated on this Users page of SIGBOX Organization Administration and
      • email address is sent an 'account created' notification, with instructions to the user on how to sign in to SIGBOX for Web (applicable to most users added to your organization whose accounts are created in this manner). The initial sign-in process usually requires the SIGBOX user to reset their password immediately after signing in.
    • If this user already has a user account on SIGBOX Services, their email address is sent an 'account updated' notification, informing the user that their SIGBOX user account has been added as a member of your organization. The user can then access SIGBOX for Web (as well as other Safe Share products) for your organization.
    • If the account added has the Organization administrator role only, then the Organization Administration interface is displayed as soon as the user of this account signs in.
    • If the account has any combination of the Originator, Collaborator or SIGBOX administrator role in addition to the Organization administrator role, then the user should refer to Signing in to Organization Administration for more information about accessing the Organization Administration interface.

Adding organization user accounts in bulk (from CSV)

SIGBOX user accounts can be added to your organization in bulk (in a single action) by importing their details from a CSV file.

CSV file preparation and requirements

  • SIGBOX Services' CSV user import feature assumes that each line of the CSV file (except the first mandatory 'header' line) represents field data for a specific user. (The first line will not be imported as a user.)
  • The order of field data for each user in the CSV file (as should be defined by the header line) must be:
    Email, Role
    Notes:
    • White space around each separating comma is not required.
    • You can actually specify any field names/labels for the header line of your CSV file. However, the order of field data for each user (in subsequent lines of your CSV file) must comply with the order above (i.e. email address followed by role).
  • For a user to be successfully imported from a CSV file, the following conditions must be met:
    1. Values for both of these fields are mandatory.
    2. The Email field's value must comply with a valid email format.
    3. The Role field value can only be exactly Originator or Collaborator (i.e. an initial capital letter followed by lower-case letters). It is not possible to import SIGBOX users with the Ad hoc, Organization administrator or SIGBOX administrator roles.
    4. If a user's email address appears more than once in the CSV file and the conditions above for each of these entries are still met, then only user data from the first of these multiple entries is imported (and the remainder are reported as duplicates).
    If the CSV user import feature encounters a validation problem when parsing a line (due to any of the conditions listed above failing), then that user is not imported. Like duplicate entries, each user for which a validation problem occurred is also reported.

To add users to your organization in bulk from a CSV file:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click the Users option on the left of the SIGBOX Organization Administration interface to open the Users page.
  3. Click the
    Import from CSV button
    (Import from CSV) button.
  4. In the Import from CSV dialog box, click the Choose a file button.
  5. Navigate to and select your CSV file containing the users to be imported to SIGBOX Services.
    The CSV import feature proceeds to import your users. Upon completion, the number of successfully imported SIGBOX users are reported, along with each unique invalid data value (if any were encountered).
  6. Click Close to close the Import from CSV dialog box. Users imported with the Originator role are automatically assigned the default plan.
    Notes:
    • If any of these users' email addresses have not yet been registered on SIGBOX Services, a new SIGBOX user account is automatically created for each of them. For each of these users:
      • their SIGBOX user account will have the Local Account Type, which is indicated on this Users page of SIGBOX Organization Administration and
      • their email address is sent an 'account created' notification, with instructions to the user on how to sign in to SIGBOX for Web. The initial sign-in process usually requires the SIGBOX user to reset their password immediately after signing in.
    • For any of these users who already have a user account on SIGBOX Services, their email address is sent an 'account updated' notification, informing the user that their SIGBOX user account has been added as a member of your organization. The user can then access SIGBOX for Web (as well as other Safe Share products) for your organization.

Notes:

  • The number of users that can be imported from a single CSV file is restricted by the response timeout of SIGBOX Services' load balancer. We found that a response timeout of 60 seconds on our load balancers allowed the import of up to 1000 users from a CSV file. If you have your own on-site deployment of SIGBOX Services, you may wish to tweak the response timeout of your load balancers to allow the import of more users from a CSV file.
  • When a new Local user account is created, SIGBOX Services automatically generates a password which is emailed to that user. To maximize security, the password (once created), is hashed 64,000 times using the PBKDF2 algorithm before being stored by SIGBOX Services. Since this process has an overhead of approximately 300 milliseconds and the number of users imported by the CSV user import feature could be extensive, then the auto-generated passwords of CSV-imported SIGBOX users are only hashed 100 times using PBKDF2 (before being stored by SIGBOX Services). Hence, if you are concerned about the security of these stored passwords, you may wish to request that a SIGBOX administrator for your SIGBOX Services instance reduces the Temporary password expiry time in hours configuration option through SIGBOX Administration. For more information, refer to Configuring SIGBOX Administration properties in the SIGBOX Administrator's Guide.

Finding user accounts within your organization

As more SIGBOX users are added to your organization, it can become difficult to locate specific users through the Users page of SIGBOX Organization Administration. The Users page therefore offers features to help you locate specific user accounts within your organization more rapidly.

To find specific user accounts within your organization:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click the Users option on the left of the SIGBOX Organization Administration interface to open the Users page.
  3. Use either of the following features to find a specific user account (or subset of these accounts):
    • Filter user accounts - In the Search By box (right of the Users page), begin typing a series of characters contained in any of the users' Email, First Name, Last Name, Role or (Organization) Admin fields, followed by the 'Enter/Return' key. This filters the list of users within your organization to those whose Email, First Name, Last Name, Role or (Organization) Admin (i.e. 'yes' or 'no') contains the subset of characters entered into the Search By box.
      By default, the Email, First Name, Last Name, Role or (Organization) Admin fields are used for filtering (i.e. All), although filtering can be restricted to just one of these fields using the adjacent drop-down.
    • Navigate to specific user accounts - If available, use the page navigation buttons (lower-right of the Users page).

Tip: You can also sort user accounts on the Users page by clicking the linked name (in the column header) of the field by which you would like to sort your users:

  • Clicking a linked field name multiple times toggles between sorting the users (according to that field) in ascending and descending order.
  • To revert back to the natural ordering of users in the list, simply refresh the page.

Editing an organization user account

This procedure describes how to edit the role-related fields (i.e. Role, Is Organization Admin? and Plan) of any existing SIGBOX user account within your organization.

Note: To edit the non-role-related fields of your own SIGBOX user account, see Editing your Organization administrator account below.

To edit the role-related fields of a user account in your organization:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click the Users option on the left of the SIGBOX Organization Administration interface to open the Users page.
  3. Find the user account whose role-related fields are to be edited and select their check box on the left.
  4. Click the
    Edit User button
    (Edit User) button which appears at the top.
  5. In the Edit User dialog box, update the user's relevant role-related fields (described in detail above).
  6. Click Save and the user's fields will be updated.

Notes: The Email address of all users on SIGBOX Services is unique and since this field may be used for auditing purposes, no SIGBOX user account's email address field can be edited. However:

  • To update the email address of a SIGBOX user with the Local or External Account Type:
    1. Add a new user account (with the user's new email address but the same role-related field values) to your organization.
    2. Remove the user's old account.
      Note: If this user had the Originator role, then while removing the user's old account, choose the option to transfer ownership of this old account's items (i.e. all file objects and folders, including their content) to the new user account created in the previous step.
  • To update the email address of a SIGBOX user with the LDAP Account Type:
    1. Request that your LDAP server/user directory administrator update and provide you with the user's new email address.
    2. Add this user's account (with this new email address but the same role-related field values) to your organization.
    3. Remove the user's old account.
      Note: If this user had the Originator role, then while removing the user's old account, choose the option to transfer ownership of this old account's items (i.e. all file objects and folders, including their content) to the new user account created by the LDAP server/user directory administrator and you then added to your organization, in the previous steps.

Removing a user account from your organization

Removing a SIGBOX user account removes the user from your organization, with the option to either:

  • transfer all file objects and folders (including their content) currently owned by this user to that of another SIGBOX user, or
  • permanently delete all of this user's content.

Notes:

  • SIGBOX Services' auditing reports and log files still retain a record of activities conducted by SIGBOX users whose accounts have been removed from an organization.
  • An Organization administrator can remove any user account from their organization except the user account with which they are currently signed in to SIGBOX Organization Administration.
  • Removing a SIGBOX user account from your organization (through SIGBOX Organization Administration) does not delete this account from SIGBOX Services. If a SIGBOX user (previously removed from your organization) is subsequently added to your organization again or added to another organization, then the same user account is re-utilized. Any fields that the user had previously edited/customized (i.e. through Organization Administration, SIGBOX Administration, SIGBOX for Web, as well as other Safe Share products with user account editing features) are retained.

To remove a SIGBOX user account from your organization:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click the Users option on the left of the SIGBOX Organization Administration interface to open the Users page.
  3. Find the user whose account is to be removed from your organization and select their check box on the left.
  4. Click the
    Remove User button
    (Remove User) button to open the Remove User... dialog box.
    Note: If this SIGBOX user has the Originator role and has one or more items (i.e. files and/or folders), then the Remove User... dialog box indicates the number of items this user owns and requests whether or not you would like to transfer these items to another user's account (which also with the Originator role).
    • If you wish transfer these items to another user's account:
      1. Select the Transfer all content to another Originator check box.
      2. Select the user (i.e. their email address from the list) to transfer the items to:
        • Only users with the Originator role are listed.
        • This list can be filtered typing a series of characters contained in the users' email addresses.
    • If you do not wish to transfer these items and would prefer them to be permanently deleted, then leave the Transfer all content to another Originator check box cleared.
  5. After confirming your decision to either transfer or permanently delete the user's items, click Remove.
    • If you chose to transfer these items to another user's account, then:
      • the user's account is removed from your organization and
      • the items that the removed user owned are transferred to a folder at the root level of the recipient user's storage area. The name of this folder is the removed user's email address along with the date the transfer occurred.
    • If you chose not to transfer these items, then:
      • the user's account is removed from your organization and
      • the encrypted files and folders that belonged to this user are permanently deleted.

Note: If a SIGBOX user account of the LDAP Account Type is removed from your organization (using this procedure above), then the user's account is removed from your organization although the account is not disabled on the LDAP server/user directory itself. When SIGBOX Services subsequently synchronizes with the LDAP server, the account will not reappear within your organization (amongst the list of current SIGBOX user members) unless an Organization administrator manually adds this user to your organization again.

Editing your Organization administrator account

This procedure describes how to edit the non-role-related fields of your (Organization administrator) user account on SIGBOX Services.

Notes:

  • To edit the role-related fields (i.e. Role, Is Organization Admin? and Plan) of any SIGBOX user account within your organization (including your own), see Editing an organization user account above.
  • The non-role-related fields of LDAP user accounts can only be edited through these accounts' respective LDAP server/user directory. These user accounts' fields are updated on SIGBOX Services during synchronization events with the LDAP server/s. For more information about adding LDAP users, see Configuring LDAP in the SIGBOX Administrator's Guide.

To edit the non-role-related fields of your Organization administrator account:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click your email address at the top-right of the page and choose My Account from the drop-down menu.
  3. In the Account Details section of the subsequent page, update any of your user account's fields (described in detail above).
    Note: The Email addresses of all SIGBOX user accounts on SIGBOX Services are unique and since this field may be used for auditing purposes, no SIGBOX user account's email address field can be edited. However, to update the email address of your user account and/or those of other users within your organization, then for each of these users:
    1. Add a new SIGBOX user account (with their new email address but the same role-related field values) to your organization. For each account whose Account Type is LDAP, obtain the new email address from your LDAP server/user directory administrator in order to add their account (with this email address) to your organization.
    2. Remove the user's old SIGBOX user account. For each SIGBOX user account (with the Originator role), transfer the user's content from their old account to their new user account.
  4. Click Save and your user account's fields will be updated.
    Notes: If you cannot edit your user account's fields, then your Account Type is likely to be LDAP. The fields of LDAP user accounts are edited through their respective LDAP servers' user directories and are updated on SIGBOX Services during synchronization events with these user directories.

Changing your Organization administrator account password

Only a SIGBOX user with the Local Account Type who has signed in to either SIGBOX for Web or SIGBOX Organization Administration can change their own password.

Note: The authentication of a SIGBOX user on SIGBOX Services whose Account Type is LDAP is delegated to its respective LDAP server. If you have such a SIGBOX user account and wish to change its password, you will need to contact your LDAP administrator for details on how to do this (e.g. through the user account on your LDAP server/user directory). For more information about LDAP user accounts, see Configuring LDAP in the SIGBOX Administrator's Guide.

To change your Organization administrator account's password:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click your email address at the top-right of the page and choose My Account from the drop-down menu.
  3. In the Security section of the subsequent page, click the Change password button.
  4. On the Set your password... page, specify your current password and then your new password twice (i.e. once more to verify it).
  5. Click the Change button and your SIGBOX user account's password is now changed.

Terminating your Organization administrator account's sessions

Terminating your Organization administrator account's sessions immediately invalidates all of your currently valid refresh tokens. This action immediately signs you out of your current Organization Administration session and then every other SIGBOX and/or Safe Share application with which you have an active session (i.e. once these sessions' access tokens expire). This also includes any other client applications using SIGBOX Services' resources with access tokens obtained through your account.

This feature is useful if your Organization administrator account is at risk of being compromised - for example, you suspect that you forgot to sign out from a shared computer or you were signed in from a laptop that was either lost or stolen before you signed out.

To terminate your Organization administrator account's sessions:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click your email address at the top-right of the page and choose My Account from the drop-down menu.
  3. In the Security section of the subsequent page, click the Terminate button.
    Your current Organization Administration session with SIGBOX Services is terminated immediately, which also results in you being signed out from your current session. You will need to sign in again to gain access to SIGBOX for Web, as well as any Safe Share application and/or your SIGBOX Services' resources.
    Note: Every other SIGBOX and/or Safe Share application with which you have an active session (including any other client applications using SIGBOX Services' resources with access tokens obtained through your account), will be terminated once these sessions' access tokens expire.

Enabling or disabling 2FA on Organization user accounts

If required, an Organization administrator can configure two-factor authentication (2FA) by enabling this feature on:

  • their own SIGBOX user account, or
  • all SIGBOX user accounts which are currently members of their organization (if a SIGBOX administrator has allowed this on SIGBOX Services).

If 2FA has been enabled on a SIGBOX user account, the user is then required to enter both their password (i.e. the 1st authentication factor), as well as an authentication code obtained from an authenticator application (aka authenticator app) running on their mobile device (i.e. the 2nd authentication factor), in order for the user to successfully sign in through this account on the SIGBOX Sign-in page.

The 2FA feature supports the following mobile devices and authenticator apps:

  • Android-based devices running the Google Authenticator app,
  • Apple's iPhone, iPad or iPod Touch devices running the Google Authenticator app, or
  • Microsoft Windows-based devices running Microsoft's authenticator app.

Notes:

  • Before enabling 2FA on any SIGBOX user account, you may wish to verify if the users of these accounts are in possession of any one of these supported mobile devices (above), or notify these users that they will require access to one of these devices to continue signing in through the SIGBOX Sign-in page.
  • Take caution before deciding to enable 2FA for all SIGBOX users in your organization. If any members of your organization (including yourself) are not prepared to configure 2FA on their account, they may be unable to sign in successfully through the SIGBOX Sign-in page, thereby preventing these users' access to:
    • all organizations on SIGBOX Services for which these users are members and/or
    • SIGBOX Organization Administration for all organizations of which these users are Organization administrators.
  • The URLs to download the appropriate authenticator app for a supported device are available to users when they configure 2FA on their accounts (and are themselves configurable by SIGBOX administrators). For more information, see Configuring SIGBOX Administration properties of the SIGBOX Administrator's Guide.

To enable or disable 2FA on your Organization administrator account (or all SIGBOX user accounts in your organization):

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. For your Organization administrator account only:
    • To enable 2FA on it:
      1. Click your email address at the top-right of the page and choose My Account from the drop-down menu.
      2. In the Security section of the subsequent page, click the Enable button (to the right of 'Two-factor authentication ( disabled )').
        Your Organization administrator account's email address is sent a notification informing you that 2FA has been enabled on your account, along with a time-limited link, with step-by-step instructions for configuring 2FA (6) .
    • To disable 2FA on it:
      1. Click your email address at the top-right of the page and choose My Account from the drop-down menu.
      2. In the Security section of the subsequent page, click the Disable button (to the right of 'Two-factor authentication ( enabled )').
        Your Organization administrator account's email address is sent a notification informing you that 2FA has been disabled on your account.
    For all SIGBOX user accounts in your organization:
    • To enable 2FA on these accounts:
      1. Click the Configuration option on the left of the SIGBOX Organization Administration interface to open the Configuration page.
      2. Click the Edit link to the right of the property 'Enforce two-factor authentication for organization members.'
      3. In the Edit Config Property dialog box, select the Property Value check box.
        Tip: For more information about configuring this and other SIGBOX Organization Administration properties, see Configuring SIGBOX Organization Administration properties.
      4. Click Save and all SIGBOX user accounts within your organization (including your own) will have 2FA enabled on their accounts.
        Each SIGBOX user within your organization is sent an email notification informing them that 2FA has been enabled for their account. This email message contains a time-limited link, with step-by-step instructions for configuring 2FA (6) .
    • To disable 2FA on these accounts:
      1. Click the Configuration option on the left of the SIGBOX Organization Administration interface to open the Configuration page.
      2. Click the Edit link to the right of the property 'Enforce two-factor authentication for organization members.'
      3. In the Edit Config Property dialog box, clear the Property Value check box.
      1. Click Save and then only each user themselves can disable 2FA on their own account (once they have signed in).

(6) These step-by-step instructions for configuring 2FA guide the user on how to:

  1. Configure their mobile device with the appropriate authenticator app.
  2. Configure the authenticator app (once installed) with their SIGBOX user account, so that the authenticator app can generate the appropriate authentication codes (for the 2nd authentication factor).

Re-configuring 2FA for an organisation user account

While two-factor authentication (2FA) is enabled on a user's account, the user might lose the ability to generate authentication codes for their 2nd authentication factor (explained in more detail above) due to any of the following reasons:

  • The user deleted their SIGBOX user account configuration from the authenticator application (app) installed on their mobile device.
  • The time-limited link for configuring 2FA expired before the user had a chance to complete the 2FA configuration process. This is the link contained in the email notification informing the user that 2FA has been enabled on their account.
  • The user lost their mobile device. The user will require a replacement device in order to continue signing in through the SIGBOX Sign-in page with 2FA enabled on their account.

If one of these scenarios occurs, the user will no longer be able to sign in through the SIGBOX Sign-in page. The user may likely send you or any other Organization administrator an email message about one of these scenarios having occurred (via 'contact your administrator' feature on the Authentication code request page as they attempt to sign in through the SIGBOX Sign-in page).

Therefore, to resolve this situation, the user requires 2FA to be re-configured (aka re-seeded) for their account.

To re-configure 2FA on a SIGBOX user account in your organization:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click the Users option on the left of the SIGBOX Organization Administration interface to open the Users page.
  3. Find the user/s whose account is to be re-configured for 2FA.
  4. Click the Re-seed button (in the Re-seed column) of the relevant user/s to re-configure 2FA for their account.
    Each user with 2FA re-configured in this manner is sent an email notification informing them that 2FA has been enabled for their account, similar to the email notification they received when 2FA was originally enabled on their account. This email message contains a new time-limited link, leading to step-by-step instructions for the user to:
    1. (Re-)configure their mobile device with the appropriate authenticator app (should the user need to conduct this step again).
    2. (Re-)configure the authenticator app (once installed) with their SIGBOX user account, which allows the authenticator app to generate the appropriate authentication codes for the 2nd authentication factor.

Configuring 'Users' page columns for organization users

By default, all columns on the Users page are visible. With the exception of the Email column (which is always shown), if there are other columns whose visibility is not required when administering users on your organization, then these columns can be selectively hidden from the Users page.

To hide one or more columns from the 'Users' page, or make these columns visible again:

  1. Ensure you are signed in to SIGBOX Organization Administration.
  2. Click the Users option on the left of the SIGBOX Organization Administration interface to open the Users page.
  3. Click the Select Columns drop-down and clear the check boxes next to the column names to be hidden. Conversely, select the check boxes next to the column names to be made visible again.