Last date modified: 2026-May-04

RelativityOne lockbox

RelativityOne's Lockbox feature gives you greater control over data access in your workspace. It helps protect sensitive information from unauthorized access by System Administrators, while still enabling authorized users to access data for valid legitimate purposes.

Lockbox also offers built-in alerting, providing notifications whenever access changes occur. This ensures you have full visibility into your tenant's security posture.

Configuration details:

Lockbox includes two separate controls, managed through the EnableRelativityLockbox and EnableCustomerLockbox instance settings. This separation allows precise configuration based on your specific requirements. By default, EnableCustomerLockbox is disabled, but you can turn it on when your organization needs additional oversight for System Administrator access.

Instance settings:

Instance setting name

Description

 Default Value Impact

EnableRelativityLockbox

Controls access to workspaces for all Relativity employees, except those explicitly granted access by the customer.

True

 Prevents all Relativity employees from accessing workspaces unless they are added to workspace groups. This requires manual intervention by the customer to grant access to Relativity employees.
EnableCustomerLockbox

Controls access to workspaces for System Administrators.

False

 Prevents System Administrators from accessing workspaces unless they are added to workspace groups. This requires System Administrators to disable Lockbox to access workspaces, which triggers alerts to be generated.
  • You can view and manage security permissions for Relativity Support team users on the security permissions page unless you choose to lock them out entirely.
  • When the EnableCustomerLockbox instance setting is enabled or disabled, a Security Alert is automatically generated. This built-in alerting helps you maintain full visibility into any changes to your workspace's security settings and ensures you are always informed when access controls are adjusted.
  • To allow your System Administrators to access workspaces, set the EnableCustomerLockbox instance setting to "False".
  • To grant Relativity support temporary access to a workspace, you can either add Relativity support to a group that belongs to the workspace, or set the EnableRelativityLockbox instance setting to "False".

When you contact Relativity Support for troubleshooting, the following high-level steps are performed if access to customer workspace is required to resolve an issue:

  1. Support is requested through the usual means.
  2. The Relativity Customer Support technician will request that you add a RelativityOne Support group to the workspace in question.
  3. The Relativity Customer Support technician will troubleshoot your case per standard protocol.
  4. Upon resolution, the Relativity Customer Support technician will advise you that the issue is resolved.
  5. You should then remove the RelativityOne Support group from the workspace you added them to.

Refer to Support if you need more information on this feature.

Lockbox reports

To help you monitor and audit the use of the Customer Lockbox feature in Relativity, we provide two scripts:

  • Lockbox Bypass report - This script provides an audit trail of any changes made to the EnableCustomerLockbox instance setting, including details such as who made the change and when it occurred.
  • Lockbox report - This script provides a list of all workspaces to which an employee of Relativity ODA LLC currently has access, as well as the name of the group to which the user is linked.
    The report does not include the actual names of users. This report may reference Maintenance workspaces ("[DO NOT ACCESS]...") to which Relativity maintains access. While this script is focused on auditing "Relativity ODA LLC" employees, you can create a similar custom script to audit your own employees if desired.
    The Security Center – Lockbox Access tab provides an in-application view of all workspaces where Relativity employees have or had access (with user names, groups, and timestamps), which can be used as an alternative to running the Lockbox report script for on-demand transparency into RelativityOne support access.

Lockbox security notifications

In RelativityOne, system administrators can be added to the Security Notifications group for a given instance to receive notifications whenever any of the following events occur:

  • A member of Relativity staff is granted access to a customer workspace while Lockbox is enabled.
  • The EnableCustomerLockbox instance setting is enabled or disabled.
  • A user is added or removed from the Security Notifications group. Note that only the person who was added or removed will receive the email notification - other group members will not be notified.
    If the Security Notifications group is accidentally deleted, you can re-add it.

Additionally, if any person with a Relativity email address is added to a group with associated workspaces, the email address will receive notifications whenever a user is added to or removed from the group.

When any of these conditions are met, members of the Security Notifications group will receive an email notification. The notification email includes a link to the Security Center, where Relativity workspace access can be revoked if needed.

Return to top of the page
Feedback