- Getting Started
- Recommended Integration & Registration Flow
- Admin Console Overview
- User Onboarding and Management
- User Registration and Login
- Enterprise Applications
- Microsoft Integration
- Installing TraitWare PAM Module for SSH and SFTP
- cPanel OIDC Integration
- Browser Extension
Owners
Posted on April 9, 2024
Account and Customer Owners
Owners are users with elevated privileges that may perform sensitive security operations, receive email notifications for sensitive changes to Accounts or Customers they own, and have some extra protections to their account to prevent unauthorized access.
The first user provisioned to an Account will be both an Account Owner and a Customer Owner. For additionally added Customers, the first user created will be a Custom Owner for that Customer. From there, all owner changes must be managed by that user or other users who are subsequently promoted to an Owner.
It is highly recommended to have at least two owners for Accounts and Customers or a backup device to serve as a second owner.
Owner Specific Operations
Provisioning Owners
Only Owners may provision other Owners to Accounts and Customers they own.
Owners receive notification emails for newly provisioned or removed Owners.
Enterprise Recovery
More information on this topic can be found in the Enterprise Recovery documentation.
Owners may provision recovery users along with paper keys to be used for Enterprise Recovery. These keys, along with access to the recovery email allow a user to provision a new Owner and device for that owner without logging in to TraitWare using an existing Owner device and credentials.
Owners receive notification emails for newly provisioned or removed recovery users, and any attempts to initiate recovery. More specific information on these events can also be found in the Activity Logs.
Owner Protections
Owners have extra protections applied to their accounts to ensure they cannot lose access to their Accounts or Customers.
– Owners may not have their console access revoked or modified in ways that prevent access to Customers or Accounts they own.
– Owners may not have their device modified or replaced.
– Owner email addresses may not be changed.
– Owners may not be deleted.
– The last remaining Owner associated with an Account or Customer may not be removed.
If any of these changes must be made, remove the user as an Owner, make any needed changes, and promote them back to an Owner.