Accessing SafeShare Administration

The features of SafeShare Administration are only available to SafeShare administrators, where a SafeShare administrator is any Covata user who has the SafeShare administrator role.

Signing in to SafeShare Administration

When signing in to SafeShare Administration, a Covata user account must have the SafeShare administrator role to access all SafeShare Administration features of the Covata Platform ^* .

Note: If accessing SafeShare Administration for the first time, see Accessing SafeShare Administration for the first time (below) before continuing.

To sign in to SafeShare Administration:

1. Open a compatible web browser and enter the base URL of your Covata Platform instance (appended by /#/admin) in your browser's URL field - e.g:
   https://covata-platform.xy-company.com/#/admin
   Tip: You may wish to bookmark this URL.
2. On the Covata Sign-in page, enter the Email address and Password associated with your Covata user account which has the SafeShare administrator role.
   Forgotten your password? If you have, then leave the Password field blank but click the Forgot your password link instead. Follow the instructions on the page and then in your email notification to reset your password.
3. Click the SIGN IN button (or type 'Enter'/'Return') and if successful, the SafeShare Administration interface is displayed.
   Notes:
   • If, instead, you see 'Two-factor authentication is enabled on your account...' on the page with a field requesting you to enter your Authentication code (for the first time), then:
     1. Check for a Covata Notification email message containing the subject line 'Two-factor authentication has been enabled for your account'.
     2. Open this email message and follow its instructions to configure your mobile device with your Covata user account for 2FA. For more information, see Enabling or disabling 2FA for a SafeShare administrator.
     3. Sign in again.
   • The email address of the currently signed in user appears at the top right-hand corner of the SafeShare Administration interface.
   • If the main Covata SafeShare for Web page appears instead of the SafeShare Administration interface, click your email address at the top-right and choose Administration from the drop-down menu.

^* Additional notes:

• Any Covata user (including any SafeShare administrator) whose account has the Organisation administrator role for a given organisation can manage and administer that organisation. For more information about the Organisation administrator role, see Administering users within an organisation in the SafeShare Organisation Administration section of this guide.
• A SafeShare administrator (typically a Covata user account with only the SafeShare administrator role) can grant themselves the Organisation administrator role for an organisation by making themselves the administrator of this organisation when they add/create the organisation. This user (who now has both the SafeShare administrator role and the Organisation administrator role for this organisation) can then grant other Covata users the Organisation administrator role for their organisation. Otherwise (and perhaps more typically), a SafeShare administrator cannot administer an organisation added to their Covata Platform instance, unless the Organisation administrator initially set for this organisation (or someone else that this person subsequently made an Organisation administrator of their organisation) grants the SafeShare administrator the Organisation administrator role for their organisation (i.e. when adding the SafeShare administrator to the organisation).

The SafeShare Administration interface

The SafeShare Administration interface consists of a set of configuration pages, each of which is accessible from the options on the left (below). Note that:

• Covata users who have the SafeShare administrator role can access all of these options on the left of the SafeShare Administration interface.
• Covata users who have both the SafeShare administrator role and the Organisation administrator role for one or more organisations can access the Organisation Administration interface for these organisations (only), in addition to all SafeShare Administration options on the left of the interface. For more information about managing organisations, see the SafeShare Organisation Administration section of this guide.

The Dashboard page is initially displayed upon a SafeShare administrator successfully signing in to SafeShare Administration (above).

Note: If accessing SafeShare Administration from a tablet or phone, tap the 'menu' icon in the top left hand corner of the screen to access these options.

The table below describes each of these SafeShare Administration pages, which can be accessed by clicking its option on the left of the interface.

SafeShare Administration page	Description
Dashboard	Provides a single-page graphical overview of various aspects of your Covata Platform's current statuses (presented in panels), recent sign-in attempts (presented in graph form) as well as system usage metrics for each organisation including Covata user account roles and storage usage/availability.
Organisations	Allows SafeShare administrator-level access to all organisations configured on your Covata Platform instance. From this page, any SafeShare administrator can: Create a new organisation. Rename an organisation, as shown to all Covata users who are members of this organisation. Modify the quota used to limit the amount of storage (managed by the Covata Platform's Content Service) available to an organisation. Under certain limited conditions, remove an organisation.
Administrators	Allows access to all Covata users who are SafeShare administrators, from which any SafeShare administrator can: add SafeShare administrator user accounts, which either creates new Covata user accounts with the SafeShare administrator role or grants existing Covata user accounts this role, or remove SafeShare administrator accounts, which removes the SafeShare administrator role from Covata user accounts.
Client Apps	Allows the registration and configuration of applications (e.g. built by integrators using the Covata Platform's API) which uses Covata technologies to create and/or access files (also known as file objects or Secure Objects). The configurations of these 'client' applications on the Covata Platform define: Which OAuth 2.0 grant types the application can use to authenticate to the Covata Platform. The application's client ID and client secret (i.e. the credentials of the application itself, which also identifies the application to the Covata Platform). The validity of the application's access and refresh tokens, which determines the duration of a user's session with the Covata Platform when they use this application. The application's 'redirect URI(s)', to which the Covata Platform sends its request (and is handled by the application) to complete the OAuth 2.0 authorisation process. Whether the application's access to the Covata Platform is either disabled or re-enabled.
LDAP	Allows the configuration of connections to one or more LDAP user directories, which can be used to populate the Covata Platform with Covata user accounts.
SAML	Allows the configuration of a SAML-based Identity Provider (IdP) service to which Covata users can authenticate to gain access to the Covata Platform and SafeShare for Web through single sign-on.
Configuration	Allows the modification of properties that affect certain functional areas across the Covata Platform (including all organisations configured on it).
Internationalisation	Allows custom/external language bundles to be uploaded to provide the Covata Platform with greater internationalisation support for more languages. Also allows SafeShare administrators to change the user interface language for the sign-in page, as well as the default language of SafeShare Administration, SafeShare Organisation Administration and (initially) SafeShare for Web for any newly added Covata users.

The SafeShare Administration dashboard

The Dashboard page is initially displayed upon a SafeShare administrator successfully signing in to SafeShare Administration.

The following table describes each component of the Dashboard page from left to right/top to bottom.

Dashboard page component	Description
Maximum Required Disk Space	This panel shows the total amount of storage space that the Covata Platform (managed through the Content Service) requires to store content for all Covata users with the Originator role (i.e. who have a plan) across all of the Covata Platform's configured organisations. Clicking this panel opens the Organisations page. Notes: This total is calculated by summing the quota values of all organisations. The Originator role and plans are discussed in more detail in Administering users within an organisation (of this guide's SafeShare Organisation Administration section).
Client Applications	This panel shows the total number of client applications currently registered on the Covata Platform. Clicking this panel opens the Client Applications page.
LDAP Connections	This panel shows the total number of LDAP connections currently configured on the Covata Platform. Clicking this panel opens the LDAP Connections page.
User Sign-in Attempts	This graph shows Covata user sign-in attempts over the past week, with each point along a curve representing activity pertinent to that curve on a given day. Each curve on the graph represents the number of successful sign-in attempts from one of the three types of Covata user account (discussed in more detail in Administering users within an organisation, of this guide's SafeShare Organisation Administration section). The fourth curve represents the total number of failed sign-in attempts.
Organisations	This section of the dashboard shows each organisation configured on the Covata Platform. For each of these organisations, the following information is indicated: The organisation's name at the top. The total numbers of Covata users (within the organisation) with the Originator and Collaborator roles, where each user who has the Originator role has a plan that grants them a quota of storage space. A pie chart representing the used and free percentages of the storage space quota assigned to the organisation. The actual amounts (in bytes/MB/GB) of this used (in orange text) and free storage space, as well as the storage space quota itself (in bold black text). Note: The Originator and Collaborator roles as well as plans are discussed in more detail in Administering users within an organisation (of this guide's SafeShare Organisation Administration section).

Signing out of SafeShare Administration

To sign out of SafeShare Administration:

• Click your email address at the top right-hand corner of the SafeShare Administration interface and choose Sign Out from the drop-down menu.
  The Covata Sign-in page is redisplayed.

Important: Please ensure that you explicitly sign out of SafeShare Administration using this procedure. If you simply close the browser tab or window that contained your SafeShare Administration session, then you will not be signed out, leading to the risk that your session may be compromised by someone else subsequently using your computer.

Accessing SafeShare Administration for the first time

New Covata Platform instances have a default administrator user account (with email address admin@default.com).

This user account exists for the purpose of:

• Allowing a SafeShare administrator to initially sign in to SafeShare Administration to create a new SafeShare administrator account for themselves, including others if required.
• Add the initial Organisation administrator account to the Default organisation (used for configuring an LDAP connection to work with the Covata Platform and SafeShare). See Administering organisations for more information.

Important: For security reasons:

• After the admin@default.com account is used to create your new SafeShare administrator account/s, then use one of these new accounts to remove the admin@default.com account from SafeShare Administration.
• If the admin@default.com account was used to add an Organisation administrator account to the initially-named Default organisation (described in Editing an existing organisation and Adding an organisation user account), then use this Organisation administrator account to remove the admin@default.com account from Organisation Administration.

To access a new Covata Platform instance and initially set up SafeShare Administration users:

1. Open a compatible web browser and specify the base URL of your Covata Platform instance (appended by /#/admin) into your browser's URL field - e.g:
   https://covata-platform.xy-company.com/#/admin
2. On the Covata Sign-in page, specify the:
   • Email address admin@default.com and
   • Password which is simply password
   Note: If the Make SafeShare personal! dialog box appears, click its Cancel button, since this account will be a short-lived one.
3. Create a new SafeShare administrator user account for the Covata Platform and SafeShare Administration purposes. See Adding a SafeShare administrator account for more information about this step.
4. ( Optional ) Create any additional SafeShare administrator user accounts (if required).
5. Specify an Organisation administrator for the Default organisation by following the procedure for Editing an existing organisation before continuing on.
6. Sign out and sign in again with your new/recently added SafeShare administrator user account.
   Note: Your initial password (automatically generated by the Covata Platform) will be emailed to you in a Covata account created notification.
7. Remove the admin@default.com user account (from SafeShare Administration).