Creating and Managing Authorized Connections

In this article you will learn:

• How to Create an Authorized Connection

• How to Share an Authorized Connection

• How to Suspend Adding for a User

• How to Rename Authorized Connection Credentials

• How to Revoke an Authorized Connection

• How to Revoke All Access for an Authorized Connection

• Authorized Connection Video Tutorial

How to Create an Authorized Connection

In Onna, admins are able to create an authorized connection for enterprise data sources using login credentials for source accounts. Currently, you can create an authorized connection for the following connectors:

• Box Enterprise

• Dropbox Business

• Google Workspace

• Microsoft Outlook Enterprise

• Microsoft Teams Enterprise

• Quip Enterprise

• Slack Enterprise

Additionally, if you want to use Onna’s Integrated Legal Holds feature to create holds within the source application, you will need to create a separate authorized connection for the connector you would like to use. Currently, we support the creation of holds for the following connectors:

• Google Workspace

• Slack Enterprise

To establish an authorized connection, follow the steps below:

Step 1:

Navigate to your user profile menu and select ‘Authorized connections’.

Step 2:

Click the arrow next to ‘Enterprise sources’

Step 3:

You will now see the following:

1. A list of admin credentials for existing authorized connections

2. A list of In-place preservation credentials for existing IPP authorized connections
   

To add a new authorized connection click on ‘Add Admin Credentials’ (c).

Step 4:

Select the connector you want to add credentials for from the list (a). If you want to create In-Place Preservations using Google Workspace or Slack Enterprise, toggle to ‘yes’ next to ‘Grant Access to Slack Legal Holds or Grant Access to Google Vault’ (b).

Next, click the blue ‘Connect’ button. Onna will then redirect to the connector OAuth flow. You may need a specific type of credentials depending on the source you selected. To learn more about the requirements for your connector, visit our Connectors page.

How to Share an Authorized Connection

If a user with the proper permissions does not have access to the login credentials to the enterprise connector account, these credentials can be securely shared by the admin who created the authorized connection. This way, any user that has either an admin role or member role with the ‘Manage enterprise sources’ special permission can create source syncs using enterprise connectors. To share an authorized connector with another Onna admin, follow the steps below:

Step 1:

From inside the ‘Enterprise sources’ section of the ‘Authorized connections’ page, click on the ellipsis next to the source you want to share.

Step 2:

Select ‘Share credentials’ from the dropdown menu that appears.

Step 3:

Next, a share window will appear. From here, add the names of Onna admins you would like to share your authorized connection with (a).

Then, click on the blue ‘Share’ button (b).

How to Suspend Adding for User

After you have shared an authorized connection, there may be instances where you want to remove the ability of a user to continue adding sources using the authorized connection, but you want the existing sources that the user has previously set up using the connection to continue to sync. In this case, you would suspend adding for the user. To do so, follow the steps below:

Step 1:

From inside the connector listed in the ‘Enterprise sources’ section of the ‘Authorized connections’ page, click on the ellipsis next to the user you want to suspend adding for.

Step 2:

Select ‘Suspend adding’ from the dropdown menu that appears.

Step 3:

After selecting ‘Supend adding’ you’ll see a pop-up appear asking you to confirm that you want to suspend adding for the user. To confirm, click on the blue arrow.

How to Rename Authorized Connection Credentials

In order to keep authorized connection credentials organized and prevent the use of incorrect credentials, you are able to rename them to meet the organizational needs of your team. To rename authorized connection credentials, follow the steps below:

Step 1

From your list of authorized connection credentials in the ‘Enterprise sources’ section of your ‘Authorized connections’ page, click on the ellipsis to the right of the authorized connection credentials you want to rename.

Step 2

From the dropdown menu that appears, click on ‘Rename credentials’.

Step 3

You are now able to edit the name of your authorized connection credentials (a), and then click on the blue arrow (b) to save the changes. If you don’t want to save you can click the gray ‘X’ to cancel.

How to Revoke an Authorized Connection

In instances where you’ve shared an authorized connection and want to prevent the user from adding new sources with the connection and stop the syncing of existing sources, you can revoke the authorized connection from the user. Doing this will not remove the existing sources that the user set up with the connection, but it will stop any further syncing of those sources.

To revoke an authorized connection, follow the steps below:

Step 1:

From inside the connector listed in the ‘Enterprise sources’ section of the ‘Authorized connections’ page click on the ellipsis next to the user you want to revoke credentials for.

Step 2:

Select ‘Revoked’ from the dropdown menu that appears.

Step 3:

After selecting ‘Revoked’ you’ll see a pop-up appear asking you to confirm that you want to revoke credentials from the user. To confirm, click the red ‘Revoke’ button.

How to Revoke All Access for an Authorized Connection

Once an authorized connection has been established and shared you have the option of revoking access to the authorized connection from all users it was shared with and delete the credentials. To do this you will revoke all. To revoke all, follow the steps below:

Step 1:

From inside the ‘Enterprise sources’ section of the ‘Authorized connections’ page click on the ellipsis next to the source you want to revoke all for.

Step 2: Select ‘Revoke all’ from the dropdown menu that appears.

Step 3:

After selecting ‘Revoke all’ you’ll see a pop-up appear asking you to confirm that you want to revoke all shares and the credentials. To confirm, click the red ‘Revoke’ button.

Authorized Connection Video Tutorial

For a short video overview of Authorized Connections in Onna, please see below:

Sharing Account Permissions with Authorized Connections FAQ's

If the password of an account is changed will I have to update it in Authorized connections?

No, Onna does not store your password information. It creates a token that allows access to the account. You will not need to update the password unless you go through the OAuth flow again.

Is there an Expiration Date for an Authorized Connection?

No, currently an Authorized Connection will be in place until you manually revoke the permission in Onna.

What do we do if the source owner who created the authorized connection leaves the organization? What will happen to the data sources using the authorized connection?

In the event that the source owner leaves the organization, resulting in the authorized connection becoming invalid, you can create a new authorized connection for your enterprise source. Afterward, please contact Onna support with the Enterprise source and creator email address for the new authorized connection. The Onna support can transfer the invalid authorized connections to the new one for the affected data sources.

To minimize this issue, we recommend that you avoid using personal accounts to set up your authorized connections in Onna.