This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Creating Group Keys for version 7.0 and above

Hi Guys,

I believe on Safeguard version 6. We able to create a group key and assigned to specific users without creating group.

Does anyone can confirmed or guide me to create the group keys without steps mention above?. Thanks



This thread was automatically locked due to age.
  • I wish I understood the question, so I am going to give some general explanation. 

    First: Groups

    There are 2 ways to get groups into SafeGuard Enterprise.

    One method is to import them from the Active Directory, the other is to create them in SafeGuard Management Center.

    It sometimes makes sense to create groups in the SafeGuard Management Center, to prevent a domain administrator adding people to groups with keys to sensitive material.

    Second: Group Keys

    SafeGuard Management Center can create keys automatically when importing groups. However, it makes sense, to NOT CREATE KEYS automatically when importing groups from AD, or else you will end up with a lot of keys that will never be used, but fill up the database and, maybe worse, make for a long, long list of keys in the end user key ring.

    I recommend to always right-click a group, and assign a key, independent of where the group came from.

    Third: Group Membership

    The advantage of using AD-imported groups in SafeGuard Enterprise is that management of group membership can be still done by the domain admin, the disadvantage is that users can be added that shouldn´t be.

    The advantage of creating groups in SafeGuard Management Center is that Security Officers control group membership, which is at the same time the disadvantage.

    So, for eg. Marketing I use a group imported from the AD, for HR I use a group managed in SafeGuard Enterprise.

    This only works of course when you are able to apply separation of duties, so the domain admins can´t manage keys, and the security officers can assign access rights.

    “First things first, but not necessarily in that order” – Doctor Who