Declaring the security administrator
Only in built-in key management mode, after you have declared the SDS for C&M global administrator, you must declare the security administrator. The roles of this user are the following:
- Helpdesk: He can assign a new password to a user who has forgotten the password associated with his SDS for C&M account,
- Recovery: He can grant access to all the protected files of one user to another user, for example if the former user has left the company.
- Delegation of these roles: He can assign the Helpdesk and/or Recovery roles to other users. For more information, please refer to the section Assigning Helpdesk and Recovery roles.
The security administrator is essential in order for SDS for C&M to run. If you lose the login credentials to this user's account, the account cannot be recovered or unblocked. We therefore advise that you comply with these recommendations:
- This user must be the first to use the SDS for C&M client on a mobile device or workstation, and therefore the first to be registered on the SDMC server and to enable his account. He must then log on at least once to SDS for C&M. As long as he has not been fully configured, no other user will be able to activate his account.
- Protect this user's account with a strong password and ensure that you never lose this password.
- The recovery account must not contain personal or confidential information because the certificate of this account is public Refrain from disclosing the identity of the person who manages the account by using a generic name and e-mail address when you create the account. E.g., Stormshield Recovery firstname.lastname@example.org.
- Do not use this account to protect or share files. This is not a standard user account and must be exclusively reserved for security management.
- Go to SDS for C&M Encryption Portal and click on Create your account.
- Enter your first and last names and work e-mail address. This address must be dedicated to this user, so choose for example email@example.com.
- Accept the conditions of use, then click on Next.
- In the Password window, enter and confirm a strong password that meets the criteria and adequately secures this account, then click on Next.
- You will receive an email at the email address that you have specified. Check your mailbox to confirm your e-mail address and activate your SDS for C&M account. If you did not receive the e-mail, please check your spam mailbox.
The security administrator is now registered on the SDMC server, and the and roles have been assigned to him. He can also delegate these roles to other users.
- Log in with this account via the SDS for C&M client or SDS for C&M Encryption Portal to generate recovery data. This account must be enabled and must log on at least once so that other users can enable their own accounts.
You can also create this account through an SDS for C&M client installed on a Windows or macOS workstation.
The security administrator account can be used to change passwords, grant access to other users or assign the Helpdesk and Recovery roles to other users. For more information, refer to the sections Retrieving users' passwords, Recovering user accounts and Assigning Helpdesk and Recovery roles.