Tenancies in Dekko
Tenancies are a centralised location for an organisation’s administrator to perform activities that relate to user management and policy enforcement. Tenancies govern HUBs that are assigned to them, and an organisation can have one or many tenancies depending on their plan with Dekko.
Dekko can help organisations manage their tenancies or they can be completely independent.
This page lists all users in the tenancy and lets tenancy admins disable 2FA should a user misplace their phone, or get a new phone and not be in possession of the old one.
To temporarily disable 2FA for a user, open the tenancy manager are navigate to the ‘Two-Factor Authentication’ tab:
Untick the selector against any user that needs 2FA temporarily disabled. The next time they log in they will be prompted to set up 2FA using a new token.
Authentication and policies
This page contains settings for authentication and usage policies for users in the tenancy. Settings in the page are:
Minimum password length
Enforce 2FA (email login users)
Enforce SMS verification on invite acceptance
Automatically set tenancy admins as trusted users for users in the tenancy
Disable the Public HUB for users in the tenancy
Enforce attribute designation for messages and files
Enforce session times
Enforce file retention times
- View Office 365 documents
To enable or adjust any of the above settings, make an appropriate change or combination of changes and then press ‘Save’.
This page reports the Dekko platform (excluding meetings) stored data totals for all HUBs in the tenancy and perform Hub deletion (main article).
This page contains settings for enabling or disabling features for all HUBs in the tenancy.
This page tracks pending invites HUBs in the tenancy.
This page reports all administrators for the tenancy.
This page reports data uploaded to, and downloaded from, all HUBs in the tenancy.
Charts on this page can display for a specified date range and by default shows the current month. Charts can also be split per HUB, per user, and the time period can be set by hour, day, month and year.
This page reports the transaction (billing) totals for the tenancy.
This report can display a specified range and by default shows the current month. The report can be filtered down to per HUB (domain) and per document. If you have Splunk enabled, these reports can be directly correlated with tenancy data traffic.
See SIEM integration page.
This page reports all users in the tenancy and which HUBs they are a member of.
Users can also be removed from HUBs here.
This page reports all current files shared in HUB in the tenancy and shows the owner, recipient(s), date shared and upload permissions for each share.
Viewing Office 365 documents
Microsoft Office document viewing in Dekko is provided by utilising a facility in the Dekko PROTECTED Cloud which renders the file and presents it to users within the web application.
During this rendering process temporary access to the document is granted to the processing appliance, which is deleted immediately after rendering is complete.
Disabling access to this feature is provided in order to maintain Dekko’s zero-knowledge capability should this be required for use of the service.
As mentioned view support has now been extended to Office documents, but there is a caveat that we check with customers before enabling the feature: In order to render Office files we use code in our Dekko cloud which renders the Office file as a PDF, and then sends it to the user for viewing. This code runs in a IRAP PROTECTED-assessed virtual machine on Azure and gains temporary access to the file for rendering, sends it to the user and then deletes it immediately after, so that the code can no longer access it.
The appliance that performs this process has of course been constructed with the best possible security componentry and practices possible, but is a slight departure from our zero-knowledge configuration where the Dekko cloud can ordinarily never access user data. This proposed access is only temporary, and applies to Office docs only when turned on.