5.2 Retain Users and User Accounts

Whereas the Retain Address Book is integral to organizing the archive and tracking all user identities on the system, it is a system-level component that operates mainly behind the scenes.

The primary purposes of Retain User Accounts are administration and access to the Retain archive.

User Accounts store individual user configuration settings that govern such things as preferences, administrative rights, the mailboxes to which users have access, authentication requirements, and encrypted account passwords.

If a user in the Retain Address Book successfully logs in to Retain, the password used is encrypted for use in subsequent authentication requests, and the user is added to Retain’s User Account List. This process is explained in Authentication Part 1: Username/Password or OpenID Connect.

There are three ways that User Accounts get created, as outlined in Figure 5-1 and explained in Table 5-1, Populating Retain’s User Account List.

Figure 5-1 Retain User Account Creation

Table 5-1 Populating Retain’s User Account List

Letter

Explanation

The first Retain User Account is created during the Retain installation process and is the system administrator, Admin.

After Retain is installed and configured, the Admin user can create other Retain users to help with various administrative functions, such as report generation and auditing.

These users authenticate using what Retain calls Offline Passwords, which you create for them. Offline means that no connection to a separate messaging system is required for authentication because the password is encrypted and stored locally.

In the example graphic, Admin creates the users admin2 and auditor1.

As message data is archived, usernames associated with the archived data are created in the Archive’s Address Book.

At this point there are no Retain User Accounts associated with the usernames.

In the example graphic, User1 wants to access the Retain archive, so it enters the same username and password as when accessing the back-end messaging system.

Next, the processes described in Authentication Part 1: Username/Password or OpenID Connect take place.

As described in Figure 6-1, letter N, if User1 enters valid credentials, a User Account is created in the Retain User Account List.

User6 also wants to access the archive, so it enters the username and password from its back-end messaging system.

The same process occurs for User 6 as described for User1 in letter D.

At this point, the Archive Address Book contains at least 7 users with archived data, but only two of them have Retain User Accounts.