Recovery data
Data recovery allows admin to access personal items for selected users.
There are 4 prerequisites:
- Data recovery must be enabled in the administration page
- At least one user must have data recovery rights.
- At least one user must have the rights to manage data recovery quorum.
- The quorum must be defined.
The workflow will be as follows:
- An admin requests the access to a specific user account
- The quorum members are notified and accept the request
- The admin is notified and reload his user app: he has access to the user personal items
Enable Data recovery
- Go to the Enterprise Vault admin app
- Go to Settings
- Enable the line Authorize data recovery
- Click Save button
The length of time for which the request is valid when accepted can also be set here.
The default setting is 12 hours.
Add data recovery rights to a user
- Go to your WALLIX ONE IDaaS admin page
- Go to Users and select an existing user
- Click Edit then Add an attribute
- Provide the following attribute:
name: recovery_data
kind: bool
value: true
When this user will log in the Enterprise Vault user app, and if he is the first one with recovery rights (data or account), he will have the following message:
In fact, specific encryption keys are required to carry out recovery operations.
These are created when the first admin is authenticated.
Consequently, for subsequent admins, an admin who has the keys must share them.
- Go to your Enterprise Vault user app with an admin who has the recovery key
- Go to Settings, then Recovery keys
- Click Activate access for the new admins
Add quorum rights to a user
- Go to your WALLIX ONE IDaaS admin page
- Go to Users and select an existing user
- Click Edit then Add an attribute
- Provide the following attribute:
name: recovery_data_workflow
kind: bool
value: true
Define the quorum
Workflow
The admin requests the access to a specific user account
The quorum members are notified and accept the request
The admin has access to the user personal items