Creating Users

From the main menu, select the “System Users” button.

image0

This will list all current users in the appliance. To create a new user, simply press the “Create user” button.

image1

Fill in all relevant information about the user:

  • Full name
  • Email address
  • Username
  • Set an initial GnuPG passphrase for the user
  • Assign a new yubikey to the user and press it once in the Yubikey OTP field
  • Select a user level:
    • Read: A Read User is only allowed to use vaults assigned to them by other users with the Write permission
    • Write: A Write User is allowed to create vaults
    • Admin: An Admin User can create users and deactivate users
  • Select the appropriate capability for the user:
    • Audit: User is allowed to view the audit logs
    • UG List: User is allowed to view what vaults a user belongs to and what users belong to a certain vault
    • Change Password: User is forced to change password at next logon
    • Active: User is active and allowed to log on

Note

In StoredSafe, the Admin user holds the highest level of access privileges. However, it’s important to note that when it comes to vaults, an Admin user does not have any inherent authority. Unless a vault has been explicitly shared with an Admin user, they have no capabilities to access other users’ vaults. The Admin user’s power is limited to creating or deactivating users and does not extend to unauthorized access to individual vaults.

image2

Note

It is recommended to select the Changepass bit, to enforce the user to change password upon first login.

Note

A user without the Active bit will not be able to logon.

When everything is complete, hit the “Save” button and wait for approximately 20 seconds, which is roughly the time it takes for the appliance to generate a new 4096 bit GnuPG keypair for the user.

image3

All done. If anything needs to be adjusted, simply select the “Edit” button at the end of the line to edit the selected users details.