Accessing Safe Share Administration

The features of Safe Share Administration are only available to Safe Share administrators, where a Safe Share administrator is any Covata user who has the Safe Share administrator role.

Signing in to Safe Share Administration

When signing in to Safe Share Administration, a Covata user account must have the Safe Share administrator role to access all Safe Share Administration features of the Covata Platform ^* .

Note: If accessing Safe Share Administration for the first time, see Accessing Safe Share Administration for the first time (below) before continuing.

To sign in to Safe Share Administration:

1. Open a compatible web browser and enter the base URL of your Covata Platform instance (appended by /#/admin) in your browser's URL field - e.g:
   https://covata-platform.xy-company.com/#/admin
   Tip: You may wish to bookmark this URL.
2. On the Covata Sign-in page, enter the Email address and Password associated with your Covata user account which has the Safe Share administrator role.
   Forgotten your password? If you have, then leave the Password field blank but click the Forgot your password link instead. Follow the instructions on the page and then in your email notification to reset your password.
3. Click the SIGN IN button (or type 'Enter'/'Return') and if successful, the Safe Share Administration interface is displayed.
   Notes:
   • If, instead, you see 'Two-factor authentication is enabled on your account...' on the page with a field requesting you to enter your Authentication code (for the first time), then:
     1. Check for a Covata Notification email message containing the subject line 'Two-factor authentication has been enabled for your account'.
     2. Open this email message and follow its instructions to configure your mobile device with your Covata user account for 2FA. For more information, see Enabling or disabling 2FA for a Safe Share administrator.
     3. Sign in again.
   • The email address of the currently signed in user appears at the top right-hand corner of the Safe Share Administration interface.
   • If the main Covata Safe Share for Web page appears instead of the Safe Share Administration interface, click your email address at the top-right and choose Administration from the drop-down menu.

^* Additional notes:

• Any Covata user (including any Safe Share administrator) whose account has the Organization administrator role for a given organization can manage and administer that organization. For more information about the Organization administrator role, see Administering users within an organization in the Safe Share Organization Administration section of this guide.
• A Safe Share administrator (typically a Covata user account with only the Safe Share administrator role) can grant themselves the Organization administrator role for an organization by making themselves the administrator of this organization when they add/create the organization. This user (who now has both the Safe Share administrator role and the Organization administrator role for this organization) can then grant other Covata users the Organization administrator role for their organisation. Otherwise (and perhaps more typically), a Safe Share administrator cannot administer an organization added to their Covata Platform instance, unless the Organization administrator initially set for this organization (or someone else that this person subsequently made an Organization administrator of their organization) grants the Safe Share administrator the Organization administrator role for their organization (i.e. when adding the Safe Share administrator to the organization).

The Safe Share Administration interface

The Safe Share Administration interface consists of a set of configuration pages, each of which is accessible from the options on the left (below). Note that:

• Covata users who have the Safe Share administrator role can access all of these options on the left of the Safe Share Administration interface.
• Covata users who have both the Safe Share administrator role and the Organization administrator role for one or more organizations can access the Organization Administration interface for these organizations (only), in addition to all Safe Share Administration options on the left of the interface. For more information about managing organizations, see the Safe Share Organization Administration section of this guide.

The Dashboard page is initially displayed upon a Safe Share administrator successfully signing in to Safe Share Administration (above).

Note: If accessing Safe Share Administration from a tablet or phone, tap the 'menu' icon in the top left hand corner of the screen to access these options.

The table below describes each of these Safe Share Administration pages, which can be accessed by clicking its option on the left of the interface.

Safe Share Administration page	Description
Dashboard	Provides a single-page graphical overview of various aspects of your Covata Platform's current statuses (presented in panels), recent sign-in attempts (presented in graph form) as well as system usage metrics for each organization including Covata user account roles and storage usage/availability.
Organizations	Allows Safe Share administrator-level access to all organizations configured on your Covata Platform instance. From this page, any Safe Share administrator can: Create a new organization. Rename an organization, as shown to all Covata users who are members of this organization. Modify the quota used to limit the amount of storage (managed by the Covata Platform's Content Service) available to an organization. Under certain limited conditions, remove an organization.
Administrators	Allows access to all Covata users who are Safe Share administrators, from which any Safe Share administrator can: add Safe Share administrator user accounts, which either creates new Covata user accounts with the Safe Share administrator role or grants existing Covata user accounts this role, or remove Safe Share administrator accounts, which removes the Safe Share administrator role from Covata user accounts.
Client Apps	Allows the registration and configuration of applications (e.g. built by integrators using the Covata Platform's API) which uses Covata technologies to create and/or access files (also known as file objects or Secure Objects). The configurations of these 'client' applications on the Covata Platform define: Which OAuth 2.0 grant types the application can use to authenticate to the Covata Platform. The application's client ID and client secret (i.e. the credentials of the application itself, which also identifies the application to the Covata Platform). The validity of the application's access and refresh tokens, which determines the duration of a user's session with the Covata Platform when they use this application. The application's 'redirect URI(s)', to which the Covata Platform sends its request (and is handled by the application) to complete the OAuth 2.0 authorization process. Whether the application's access to the Covata Platform is either disabled or re-enabled.
LDAP	Allows the configuration of connections to one or more LDAP user directories, which can be used to populate the Covata Platform with Covata user accounts.
SAML	Allows the configuration of a SAML-based Identity Provider (IdP) service to which Covata users can authenticate to gain access to the Covata Platform and Safe Share for Web through single sign-on.
Configuration	Allows the modification of properties that affect certain functional areas across the Covata Platform (including all organizations configured on it).
Internationalization	Allows custom/external language bundles to be uploaded to provide the Covata Platform with greater internationalization support for more languages. Also allows Safe Share administrators to change the user interface language for the sign-in page, as well as the default language of Safe Share Administration, Safe Share Organization Administration and (initially) Safe Share for Web for any newly added Covata users.

The Safe Share Administration dashboard

The Dashboard page is initially displayed upon a Safe Share administrator successfully signing in to Safe Share Administration.

The following table describes each component of the Dashboard page from left to right/top to bottom.

Dashboard page component	Description
Maximum Required Disk Space	This panel shows the total amount of storage space that the Covata Platform (managed through the Content Service) requires to store content for all Covata users with the Originator role (i.e. who have a plan) across all of the Covata Platform's configured organizations. Clicking this panel opens the Organizations page. Notes: This total is calculated by summing the quota values of all organizations. The Originator role and plans are discussed in more detail in Administering users within an organization (of this guide's Safe Share Organization Administration section).
Client Applications	This panel shows the total number of client applications currently registered on the Covata Platform. Clicking this panel opens the Client Applications page.
LDAP Connections	This panel shows the total number of LDAP connections currently configured on the Covata Platform. Clicking this panel opens the LDAP Connections page.
User Sign-in Attempts	This graph shows Covata user sign-in attempts over the past week, with each point along a curve representing activity pertinent to that curve on a given day. Each curve on the graph represents the number of successful sign-in attempts from one of the three types of Covata user account (discussed in more detail in Administering users within an organization, of this guide's Safe Share Organization Administration section). The fourth curve represents the total number of failed sign-in attempts.
Organizations	This section of the dashboard shows each organization configured on the Covata Platform. For each of these organizations, the following information is indicated: The organization's name at the top. The total numbers of Covata users (within the organization) with the Originator and Collaborator roles, where each user who has the Originator role has a plan that grants them a quota of storage space. A pie chart representing the used and free percentages of the storage space quota assigned to the organization. The actual amounts (in bytes/MB/GB) of this used (in orange text) and free storage space, as well as the storage space quota itself (in bold black text). Note: The Originator and Collaborator roles as well as plans are discussed in more detail in Administering users within an organization (of this guide's Safe Share Organization Administration section).

Signing out of Safe Share Administration

To sign out of Safe Share Administration:

• Click your email address at the top right-hand corner of the Safe Share Administration interface and choose Sign Out from the drop-down menu.
  The Covata Sign-in page is redisplayed.

Important: Please ensure that you explicitly sign out of Safe Share Administration using this procedure. If you simply close the browser tab or window that contained your Safe Share Administration session, then you will not be signed out, leading to the risk that your session may be compromised by someone else subsequently using your computer.

Accessing Safe Share Administration for the first time

New Covata Platform instances have a default administrator user account (with email address admin@default.com).

This user account exists for the purpose of:

• Allowing a Safe Share administrator to initially sign in to Safe Share Administration to create a new Safe Share administrator account for themselves, including others if required.
• Add the initial Organization administrator account to the Default organization (used for configuring an LDAP connection to work with the Covata Platform and Safe Share). See Administering organizations for more information.

Important: For security reasons:

• After the admin@default.com account is used to create your new Safe Share administrator account/s, then use one of these new accounts to remove the admin@default.com account from Safe Share Administration.
• If the admin@default.com account was used to add an Organization administrator account to the initially-named Default organization (described in Editing an existing organization and Adding an organization user account), then use this Organization administrator account to remove the admin@default.com account from Organization Administration.

To access a new Covata Platform instance and initially set up Safe Share Administration users:

1. Open a compatible web browser and specify the base URL of your Covata Platform instance (appended by /#/admin) into your browser's URL field - e.g:
   https://covata-platform.xy-company.com/#/admin
2. On the Covata Sign-in page, specify the:
   • Email address admin@default.com and
   • Password which is simply password
   Note: If the Make Safe Share personal! dialog box appears, click its Cancel button, since this account will be a short-lived one.
3. Create a new Safe Share administrator user account for the Covata Platform and Safe Share Administration purposes. See Adding a Safe Share administrator account for more information about this step.
4. ( Optional ) Create any additional Safe Share administrator user accounts (if required).
5. If you are configuring an LDAP connection to work with the Covata Platform and Safe Share, following the procedure for Editing an existing organization (to specify an Organization administrator for the Default organization) before continuing on.
6. Sign out and sign in again with your new Safe Share administrator user.
   Note: Your initial password (automatically generated by the Covata Platform) will be emailed to you in a Covata account created notification.
7. Remove the admin@default.com user account (from Safe Share Administration).