Versions Compared

Version Old Version 38 New Version 39
Changes made by

Chris Veneto

Phil Rodrigues

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

An Approval Group is a group of users within of your PreVeil organization who together can authorize the activities of Admin Management, Data Export, and Account Recovery within the organization. The concepts behind Approval Groups are purpose of the Approval Group is to:

  • Decentralize trust amongst the members of the group, ensuring no one person has the ability to authorize these activities on their own

    • Continually verify the trustworthiness of all administrators and devices

  • Prevent single points of failure. The groups will have a pool of users that can approve activities, but only a subset of that pool are needed to approve.: If one administrator is lost or unavailable, others in the group may fill in

Info

Note: Members of an existing Approval Group groups cannot be changed, so to minimize the need to replace Approval Groups due to a member of a group no longer being available (if they’ve left the company, for example), we recommend populating the groups with users who are likely to be available to approve group activitiesedited but only replaced by another approval group. We advise to form approval groups with reliable members of the organization.

Also, if a user of an Approval Group is no longer available to approve group activities, then we recommend creating a replacement Approval Group to put in place as soon as possible.

Table of Contents
minLevel1
maxLevel7

Creating an Approval Group

  • There must be three fully joined members of your organization to be able to create To establish an Approval Group ; three is the minimum number required to create an Approval Group.

    Approval Groups can also consist

    within your organization, you need a minimum of three fully onboarded members

    • The group can comprise of more than three people.persons

  • For a three-person group, two out of the three members of that the group will need to approve any the activity that group gets invoked for.

    For groups larger than three, you have more flexibility in setting the number of approvers. For example, in a four person group you can set the number of approvers to two or three; for a five person group you can set the number of approvers at two, three, or four; etc.

    the group is assigned on

  • An approval group must have a required number of approvers

    • The range to pick from is two to N minus one where N is the number of members of the group

To create a group:

  • Click the Admin Console icon in the upper right-hand corner of the PreVeil browser application, and then select Approval Group from the menu.

    image-20240604-121553.png

  • Click on the plus sign icon under the Manage tab.

    image-20240604-121740.png

  • Give the group a name, and then type in the email address of the first user you want to add. When the user’s email address shows up in the pre-fill fieldfilled drop-down menu, select it to add the user to the group. Repeat to add at least two more additional users to the group. (Remember that you will need to add at least three users before you can create the group; the Create Approval Group button will remain grayed out until at least three users have been added to the group.)

    image-20240604-122310.png

  • Once at least three users have been added to the group, click on the Create button.

    image-20240604-122447.png

  • If you create a group with more than three users that , then you will have some additional options to select from in the How many approvals are required for recovery drop down menu for the required number of approvers.

    image-20240604-122742.png

  • You will receive a notification that the group has been created.

    image-20240604-122935.png

Activities an Approval Group Can Be Assigned To

...

  • Admin Management

    • The purpose of this activity is to add a layer of security restrict administrators in the Admin consoleorganization. Assigning a group to this activity will make it so that any activity certain activities an administrator wishes to undertake performs in the Admin console will require group approval.If no group is assigned to this activity, a single administrator will have full functionality in the Admin console, and can perform any action without the need for approval.

    • The Approval Group assigned to this activity must consist of entirely admin level users, as a standard level user will not have access to the Admin console functionality.

    • Actions like deleting a user, changing a user’s role, and swapping an approval group will invoke the Admin Management group’s approval

  • Data Export

    • Data Export allows an administrator within your organization to download a decrypted copy of any data for any user within your organization.of the organization’s data

    • An organization must pass the organization health check to complete a full export

    • The types of exportable data are email, drive, activity log, and ACL report

      • Email data is exported in a folder hierarchy consisting of an inbox, drafts, sent, trash, and custom user folders

        • The mail messages are in EML format

      • Drive data is exported in the same folder set as the user’s actual drive and contains the files

      • Activity Log data is exported as a CSV file

      • ACL Report is exported as a CSV file

      • All or a selection of users may be chosen

      • A timeframe is chosen and may span the origin of the organization

    • The Approval Group assigned to this activity can consist may compose of admin level users, standard level users, or a mix of the two.combination

  • Account Recovery

    • The account recovery Approval Group (also known as the Recovery Group) is a group of users within your organization that can assist a user in recovering access to their PreVeil account.approve a user’s account recovery

    • PreVeil doesn’t utilize user names usernames and passwords for account recovery. Instead, what allows a user to access their PreVeil account is an encryption key that gets generated on a user’s device when they create their PreVeil account.

    • Assigning a Recovery Group to a user in your organization will provide each member of the group with a shard of the user’s encryption key. When invoked, the Recovery Group has the ability to rebuild a user’s key on their device, thereby allowing the user to re-access their account.

    • This is the primary method to protect a user’s account access, as PreVeil does not have access to any of our user’s encryption keys, so we cannot restore these keys for you. As such, the responsibility of making sure this recovery method is available to your users will fall upon the administrators of a PreVeil organization creating and assigning a Recovery Group for their users. We strongly recommend that a Recovery Group is assigned to every user in your organization.

    • The Recovery Group can consist of admin level users, standard level users, or a mix combination of the two.

Assigning an Approval Group

...

Info

Note: The user’s computer needs to be online for the Recovery Group to be successfully assigned. If the user’s device is not online, the Recovery Group will not be assigned to the user’s account. The recovery group will show up in the admin console, but the assignment will be incomplete. If the user’s device doesn’t come online within two weeks of the group being assigned, the assignment will fail, and the group will be removed from the user’s entry in the admin console.

...