Provisioning groups come into play if you have synced your organization with a Google Workspace or an Azure Active Directory (AD). Once a Workspace or Azure domain is synced, by default, all users in that domain become licensed users. If you have purchased licenses for only a subset of your users, then you need to implement a provisioning group to maintain licensing compliance.
A "Licensed" user is any user that has the ability to send secure emails with one of the Virtru plugins or apps. Non-licensed users will still have the ability to activate plugins with read-only access.
Configuring a Provisioning Group
The provisioning group is created and maintained within the Workspace or Azure environment. Virtru customers can create a Google Group on their Workspace or a mail-enabled group in their Azure AD and add only their desired Virtru senders to that group. Follow the steps below to configure a provisioning group:
2. Add the users you want to license to this group. Those users will become the only users in your organization who can compose new encrypted messages. Everyone else in your domain will still be able to decrypt the messages that are sent to them, but they will be unable to create new encrypted emails, even if they have Virtru installed.
3. Sync with Virtru:
- If you have already synced with Virtru, you can perform a domain refresh
- If you have not synced with Virtru, you will want to install Virtru on the domain level in Google Workspace or Azure Active Directory (AD).
Once complete, Virtru will automatically recognize the provisioning group and license users appropriately. Non-provisioned users will still appear in the Control Center and may appear as "Active", but they will have read-only access.
After creating the provisioning group, the list will need to be maintained into perpetuity. A "domain refresh" will need to be performed for any provisioning group changes to take effect in Virtru (or any other changes to groups and/or users).
Finding Provisioned Users
Inside of the Virtru Control Center, you have the ability to filter your users by members of your Virtru provisioning group. In order to see the users that you have assigned licenses to, you may perform the following steps below:
- Sign in to the Virtru Control Center
- Go to the Users & Groups page > Users tab
- Using the filter drop-downs, select All Users in Groups and type in virtru-provisioning-group@[yourdomain.com]
- Click the magnifying glass to submit the search
- This will list the users within your organization's Virtru provisioning group
User Experience and Impact
A provisioned user will not see any changes to their experience. However, non-provisioned users will see significant changes:
- User will have read-only access when using a plugin and will still be able to decrypt encrypted emails
- User will NOT be able to create new encrypted emails or drafts
- User will NOT be able to reply to encrypted emails via the plugin, but can still use the Secure Reader to read and securely reply to messages.