This article describes how external persons (e.g. business partners or external service providers) can easily be invited and added to a data room as so-called guest users so that they can access files and folders in the data room and collaborate with the other users of the data room.
Topics of this article
- About guest users in DRACOON
- Invite and add guest users to a data room
- Customize permissions of a guest user in the data room (e.g. set read-only access)
- Remove guest users from a data room
- Check the guest users list in DRACOON and delete guest users from DRACOON
- Convert guest users to regular internal users (and vice versa)
About guest users in DRACOON
- Guest users are special users in DRACOON for simplified collaboration and easy data exchange with external persons in selected data rooms, such as business partners or external service providers.
- Guest users can be invited and added to their respective data rooms spontaneously and directly by room administrators without the room administrators having first to ask the user manager to add the user (as is required for regular, internal users).
A single guest user can also be invited to multiple data rooms (by the respective room administrators). - Guest users automatically receive somewhat restricted authorizations in DRACOON tailored to collaboration with external users, and some advanced features are hidden for them. Nevertheless, they have all the features available that are required for productive data exchange via data rooms in DRACOON: By default, they can save files in the data room or download them from there, rename files, comment on them, and much more.
- Guest users can use the two-step authentication with DRACOON (or must use it, if it was made mandatory for DRACOON), access DRACOON with all official clients (such as DRACOON for Windows/Mac or DRACOON for iOS/Android), and also change their profile picture.
- If required, guest users can be temporarily locked by the user manager, get an expiration date, and be removed from DRACOON when no longer needed.
- The DRACOON guest user concept takes data protection requirements into account. For example, room administrators cannot determine whether a particular guest user invited to the data room already has access to the DRACOON environment elsewhere and is a guest user in another data room.
- Adding guest users is disabled by default but can be generally allowed by the configuration manager.
Restrictions for guest users compared to regular, internal users
- Guest users cannot create shares and file requests and cannot manage share links.
- Guest users cannot permanently delete files and empty the recycle bin of a data room.
- Guest users cannot initiate the digital signing of PDF files with DRACOON (DRACOON Premium).
- Guest users cannot be added to groups and thus cannot be authorized to data rooms via group memberships.
- Guest users cannot see which other guest users are present in the respective data room (or DRACOON as a whole). (Exception: If another guest user uploads a file to the data room, his name is displayed as the editor of the file).
- Guest users cannot be appointed as room administrators and thus cannot invite other users to data rooms or create their own data rooms.
- Guest users cannot assume administrative roles for the general administration of DRACOON.
- Guest users can only log in to DRACOON using their email address as their username and cannot use an Active Directory account or OpenID Connect to authenticate to DRACOON.
Number of available guest users
User licenses for DRACOON do not distinguish between regular, internal users and guest users. A maximum of as many guest users can be added as there are users left in the user quota.
Example: You have booked a user quota of 100 users for DRACOON, 40 users are already created as internal users of your organization in DRACOON: As a result, a maximum of 60 guest users can still be added.
Invite and add guest users to a data room
Required prerequisite for inviting guest users
Guest users can only be invited to data rooms if this has been allowed by the configuration manager for your DRACOON environment.
Who is allowed to add guest users to DRACOON and a data room?
Inviting and adding new guest users to DRACOON and a data room is done by the room administrators of the respective data room.
User managers cannot add guest users to DRACOON—this is done solely by room administrators by inviting guest users to their data rooms.
- Open the data room to which you want to invite the guest user. You must be the room administrator in this room.
- Click the button to the right of the path navigation bar, and then click Permissions in the menu:
- Click the Guests tab.
- Click Invite guest in the right sidebar.
When the command Invite guest does not react to a mouse click, guest users on your DRACOON environment are not yet allowed by the configuration manager. Contact your configuration manager and tell him you need to add guest users.
- The Invite Guest dialog box appears. Enter the new guest user's first and last name and email address in the appropriate fields and click Send invitation.
The new guest user is informed by email that he has been invited and added to a data room in DRACOON.
- If the newly invited guest user was not yet a guest user in DRACOON, he receives a link in the email to activate his guest user account in DRACOON with an initial password. With the first login in DRACOON as a guest user, he must enter the initial password from the email and then choose another password. Afterward, the new guest user must confirm the terms of use if the configuration manager configured it to do so. He can then access the data room to which he has been invited.
- If the newly invited guest user already has a guest user account in DRACOON (because he has been invited to another data room before), he can immediately access the data room to which you have newly invited him by clicking the link in the invitation email after login with his email address and his previous password.
Customize permissions of a guest user in the data room (e.g. set read-only access)
By default, guest users in a data room have special guest access permission. To enable unrestricted collaboration with other users, the following actions are allowed with the default guest access permission in the data room: Uploading and downloading files, overwriting existing files with new versions, renaming files, moving and copying files (within the data room, e.g. to subfolders), creating folders, changing file classification, setting an expiration date for files, adding a description and comments to files, deleting files (only moving them to the recycle bin, not permanently deleting them), viewing the recycle bin, and restoring deleted files or previous file versions from the recycle bin.
If you do not want to grant all of these permissions to a particular guest user, you can restrict them as follows:
Who is allowed to adjust the permissions of a guest user in a data room?
Only the room administrators of the respective data room are allowed to change the permissions of guest users in the data room.
- Open the data room where you want to adjust the permissions of the guest user.
- Click the button to the right of the path navigation bar and then click Permissions in the menu:
- Click the Guests tab.
-
Select the desired guest user in the list.
If there are many guest users in the data room: To quickly locate a desired guest user, type part of the username you are looking for in the Search guest field above the list.
- In the right sidebar, click the arrow to the right of Advanced Settings to show the individual permissions:
- Remove the check boxes in front of the permissions you want to deny the guest user in the room.
Example: For read-only permission in the room (i.e. the guest user is only allowed to download existing files), set the following permissions:If you remove the Delete files and folders permission, the guest user cannot make any changes to existing files and save them in the data room with DRACOON for Windows/Mac. If the guest user should be able to use DRACOON for Windows/Mac, this permission should, therefore, not be removed. Even if the guest user has the Delete files and folders permission, he cannot delete files permanently, and files deleted by him can be restored, if necessary, from the recycle bin of the data room.
Remove guest users from a data room
If a guest user is no longer needed in a data room (e.g. after completion of a project), you can remove him from the data room.
Who is allowed to remove guest users from a data room?
Only the room administrators of the respective data room are allowed to remove guest users from the data room.
- Open the data room from which you want to remove the guest user so that they can no longer access the data room. You must be a room administrator in this room.
- Click the button to the right of the path navigation bar and then click Permissions in the menu:
- Click the Guests tab.
-
Select the guest user you want to remove.
If there are many guest users in the data room: To quickly locate a desired guest user, type part of the username you are looking for in the Search guest field above the list.
- Click Revoke permissions in the right sidebar.
- Confirm the security message by clicking Revoke.
The guest user is immediately removed from the room and can no longer access files in the room.
Guest users removed from a data room are not removed from DRACOON itself!
If a guest user is removed from a data room, he is not automatically also removed from DRACOON, but the guest user account of the user continues to exist in DRACOON (reason: If the same user is invited later again as a guest user to a data room, he does not have to go through the initial registration process with DRACOON, e.g. the definition of an own password).
If a guest user is to be finally deleted from DRACOON, this must be carried out by the user manager in the user administration (see the following section).
Check the guest users list in DRACOON and delete guest users from DRACOON
In the user administration of DRACOON, the list of all guest users can be viewed, e.g. to check how many guest users there are in total (each guest user is counted towards the user quota) and to delete guest users from DRACOON if necessary (e.g. if an external service provider indicates that the guest user is no longer working for them and should no longer have access to data rooms).
Who can view the list of all guest users and delete guest users from DRACOON?
Only users who have the role of User Manager may view the list of all guest users and delete guest users from DRACOON.
- Click Settings in the left sidebar.
- Click the Guest Users tab.
- The list of all existing guest users in DRACOON is displayed. You can filter the list by creation date (e.g. all new guest users in the last 30 days) or search for a specific guest user by name.
- Change settings of a guest user:
Just as with internal users, guest users can get an expiration date (after which they are automatically deleted from DRACOON), the guest user can be required to use two-factor authentication and more. If you want to specify these settings for the guest user, select it and click Edit User in the right sidebar. Then make the desired changes to the guest user in the dialog box that appears. - Remove guest user from DRACOON:
If you want to remove a guest user from DRACOON, select the user and click Delete user in the right sidebar. The user immediately loses his access to all data rooms to which he was invited (he can be invited back to his room after the deletion by a room administrator).
Convert guest users to regular internal users (and vice versa)
In case of need, a previous guest user can be converted to a regular, internal user. This is useful, for example, if a previous guest user should be able to use DRACOON without the restrictions that apply to guest users (if, for example, he is to be added to groups or be able to create shares for files, which guest users are not allowed to do). Conversely, an internal user can be converted to a guest user if necessary.
Who is allowed to convert guest users to internal users (and vice versa)?
Only users who have the role of User Manager may convert existing guest users to internal users and internal users to guest users.
Convert guest users to internal users
- Click Settings in the left side pane.
- Click the Guest Users tab.
- Select the guest user you want to convert.
- Click the three-dot button on the right and then Convert to internal user.
- Confirm the action by clicking the Convert button.
Convert internal users to guest users
When you convert an internal user to a guest user, the user will lose all previous group memberships, any assigned group memberships, and any assigned administrative roles, as well as the existing permissions on data rooms will be withdrawn. The user can then be re-invited by room administrators as a guest user to their respective data rooms.
- Click Settings in the left sidebar.
- The list of internal users is displayed. Select the user you want to convert to a guest user.
- Click the three-dot button on the right and then Convert to guest user.
- A warning message will be displayed informing you that all existing group memberships, role assignments, and permissions to the user's data rooms will be lost after the conversion. If you still want to continue the conversion, drag the security slider all the way to the right and then click the Convert button.
- An internal user cannot be converted to a guest user as long as he is the only room administrator in a data room (each data room must always have at least one room administrator, which would no longer be the case after converting the user). In this case, the user to be converted must first appoint another user of the data room as the room administrator.
- An internal user cannot be converted into a guest user if he is the only user in DRACOON who has a certain role to manage DRACOON (if he is the only auditor in DRACOON, for example). In this case, the user to be converted must first transfer the role to another user (or group) before he can be converted to a guest user.
Comments
0 comments
Article is closed for comments.