RelativityOne lockbox

RelativityOne’s Lockbox feature provides you with greater control over your workspace data and access. It helps protect sensitive information from unauthorized access by Relativity System Admins, while still allowing authorized users to access data for legitimate purposes. Lockbox is designed to protect your workspace data by preventing access by Relativity support and operations teams, even if they have administrative privileges. By default, this feature is enabled, which means that any system administrator, including those on the Relativity team, cannot see your workspace data without explicit permission.

Consider the following:

  • RelativityOne Lockbox has granular control that is managed through separate EnableRelativityLockbox and EnableCustomerLockbox instance settings. This allows for a precise configuration based on your specific needs.
Instance setting name

Description

 Value Impact

EnableRelativityLockbox

Controls access to workspaces for all Relativity employees, except those explicitly granted access by the customer.

True

 Prevents all Relativity employees from accessing workspaces unless they are added to workspace groups. This requires manual intervention by the customer to grant access to Relativity employees.
EnableCustomerLockbox

Controls access to workspaces for Client System Administrators.

True

 Prevents Client System Administrators from accessing workspaces unless they are added to workspace groups. This requires Client System Administrators to disable Lockbox to access workspaces, which triggers alerts to be generated.
  • You can view and manage security permissions for Relativity Support team users on the security permissions page unless you choose to lock them out entirely.
  • If you want to monitor workspace actions taken by Relativity employees, you can use the Security Center's Relativity employee workspace access feature. Additionally, you can use the Lockbox access feature of the Security Center to remove Relativity employee access from your workspaces if desired.
  • When the EnableCustomerLockbox instance setting is enabled or disabled, a Security Alert is automatically generated. This helps you keep track of any changes to your workspace's security settings.
  • To enable Lockbox for Relativity employees and prevent them from adding themselves to workspace groups, set the EnableRelativityLockbox instance setting to "True".
  • To allow your System Administrator to access workspaces, set the EnableCustomerLockbox instance setting to "False".
  • To grant Relativity support temporary access to a workspace, you can either add Relativity support to a group that belongs to the workspace, or set the EnableRelativityLockbox instance setting to "False".

When you contact Relativity Support for troubleshooting, the following high-level steps are performed if access to customer workspace is required to resolve an issue:

  1. Support is requested through the usual means.
  2. The Relativity Customer Support technician will request that you add a RelativityOne Support group to the workspace in question.
  3. The Relativity Customer Support technician will troubleshoot your case per standard protocol.
  4. Upon resolution, the Relativity Customer Support technician will advise you that the issue is resolved.
  5. You should then remove the RelativityOne Support group from the workspace you added them to.

Refer to Support if you need more information on this feature.

Lockbox reports

To help you monitor and audit the use of the Customer Lockbox feature in Relativity, we provide two scripts:

  • Lockbox Bypass report - This script provides an audit trail of any changes made to the EnableCustomerLockbox instance setting, including details such as who made the change and when it occurred.
  • Lockbox report - This script provides a list of all workspaces to which an employee of Relativity ODA LLC currently has access, as well as the name of the group to which the user is linked.
    Note: The report does not include the actual names of users. This report may reference Maintenance workspaces ("[DO NOT ACCESS]...") to which Relativity maintains access. While this script is focused on auditing "Relativity ODA LLC" employees, you can create a similar custom script to audit your own employees if desired.

Lockbox security notifications

In RelativityOne, system administrators can be added to the Security Notifications group for a given instance to receive notifications whenever any of the following events occur:

  • A member of Relativity staff is granted access to a customer workspace while Lockbox is enabled.
  • The EnableCustomerLockbox instance setting is disabled.
  • A user is added or removed from the Security Notifications group. Note that only the person who was added or removed will receive the email notification - other group members will not be notified.
    Note: If the Security Notifications group is accidentally deleted, you can re-add it.

Additionally, if any person with a Relativity email address is added to a group with associated workspaces, the email address will receive notifications whenever a user is added to or removed from the group.

When any of these conditions are met, members of the Security Notifications group will receive an email notification. The notification email includes a link to the Security Center, where Relativity workspace access can be revoked if needed.