Customer lockbox

Note: If you have enabled the Customer lockbox feature in Relativity, please note that in order to access and administer security within a workspace, Relativity system administrators must belong to a group within that workspace as well as the System Administrators group. If you require further information about this feature, please reach out to our Support team for assistance, or see Permissions scenarios.

Customer lockbox overview

RelativityOne's Customer Lockbox feature is designed to protect your workspace data by preventing access by Relativity support and operations teams, even if they have administrative privileges. By default, this feature is enabled, which means that any system administrator, including those on the Relativity team, cannot see your workspace data without explicit permission.

Consider the following:

  • To access a workspace or administer security within it, system administrators must also belong to a group within that workspace. If a member of Relativity's Customer Support team needs to troubleshoot an issue that requires workspace access, you will be prompted to add them to a workspace group to grant them access.
  • You can view and manage security permissions for Relativity Support team users on the security permissions page unless you choose to lock them out entirely.
  • If you want to monitor workspace actions taken by Relativity employees, you can use the Security Center's Relativity employee workspace access feature. Additionally, you can use the Lockbox access feature of the Security Center to remove Relativity employee access from your workspaces if desired.
  • Whenever the EnableCustomerLockbox instance setting is enabled or disabled, a Security Alert is automatically generated. This helps you keep track of any changes to your workspace's security settings. To enable Lockbox Hardening, contact Support and they can assist you with the setup process.

Note: By default, Customer Lockbox does not completely block access to workspaces. However, if you want to prevent Relativity employees from granting themselves access to workspaces, you can request to enable the Lockbox Hardening feature. This feature ensures that only customers can grant access to workspaces, providing an additional layer of security.

Refer to Support if you need more information on this feature.

Lockbox reports

To help you monitor and audit the use of the Customer Lockbox feature in Relativity, we provide two scripts:

  • Lockbox Bypass report - This script provides an audit trail of any changes made to the EnableCustomerLockbox instance setting, including details such as who made the change and when it occurred.
  • Lockbox report - This script provides a list of all workspaces to which an employee of Relativity ODA LLC currently has access, as well as the name of the group to which the user is linked.
    Note: The report does not include the actual names of users. This report may reference Maintenance workspaces ("[DO NOT ACCESS]...") to which Relativity maintains access. While this script is focused on auditing "Relativity ODA LLC" employees, you can create a similar custom script to audit your own employees if desired.

Lockbox security notifications

In RelativityOne, system administrators can be added to the Security Notifications group for a given instance to receive notifications whenever any of the following events occur:

  • A member of Relativity staff is granted access to a customer workspace while Lockbox is enabled.
  • The EnableCustomerLockbox instance setting is disabled.
  • A user is added or removed from the Security Notifications group. Note that only the person who was added or removed will receive the email notification - other group members will not be notified.
    Note: If the Security Notifications group is accidentally deleted, you can re-add it.

Additionally, if any person with a Relativity email address is added to a group with associated workspaces, the email address will receive notifications whenever a user is added to or removed from the group.

When any of these conditions are met, members of the Security Notifications group will receive an email notification. The notification email includes a link to the Security Center, where Relativity workspace access can be revoked if needed.