• All Files

Enabling account encryption

By default, project files for accounts on the Prysm hosted cloud are encrypted using an application encryption key. For additional security, you can apply a unique encryption key, specific to your organization, to set up custom account encryption for your Prysm project files. To set up custom account encryption, you must install a private key on each Prysm Application Appliance and a public key in Admin Portal.

Note: Prysm Application Appliances must be updated to Prysm release 2.12 to support account encryption.
Tip: If you enable custom account encryption, you can't add project files using Admin Portal, but you can add files using Prysm for web or desktop. See Working with Project Files.
ClosedGenerating an SSL certificate and a public key

Work with your IT administrator to obtain an SSL certificate and an associated key signed by a public or private Certificate Authority (CA) per your organization's key policies. The following files are required:

  • publickey.cer
  • public_privatekey.pfx

The SSL certificate and public key must have the following characteristics:

Key Characteristic Recommendation
Key type RSA
Key size 2048-4096 bits
Encryption method X.509
Certificate Authority Prysm recommends using a public or private CA.
Prysm strongly discourages the use of a self-signed certificate.
Certificate duration 1 year or longer per the key policy for your organization
Password Recommended
Compatibility Key must be compatible with the Windows certificate store.
ClosedInstalling the SSL certificate on each appliance

Import the SSL certificate to each Prysm Application Appliance.

Warning: Prysm strongly recommends working with your IT administrator for certificate management.

Assign certificates using a Group Policy or other Active Directory certificate management option to ensure domain users will be covered by a trusted certificate mechanism. If certificates are incorrectly assigned, users may not be able to sign in to Prysm Application Appliances.

In scenarios where an appliance is not domain-joined and in organizations that do not host their own CA, follow the practices of the issuing CA to import the certificate.
ClosedEnabling account encryption in Prysm Admin Portal
Note: Upgrade all Prysm Application Appliances in your account to Prysm release 2.12 and apply the SSL certificate to each Prysm Application Appliance before enabling account encryption in Prysm Admin Portal. If you don't, users won't be able to sign in to Prysm-enabled displays.

  1. From the Encryption Key page, toggle Enable Account Specific Encryption Key to the ON position.

    By default, Prysm Organizational Admins have the permissions required for encryption key management (CanManageTenantKeySettings and CanViewTenantKeySettings). Other users do not get these permissions and may not be able to view or manage encryption keys.

  2. Tap Choose File to select the certificate file you generated above (see Generating an SSL Certificate and a Public Key). The certificate has a .cer or .crt file extension.

  3. Tap Save to save the certificate. A validation prompt is displayed.

  4. In the validation box, type Reencrypt, then tap Continue to save the account encryption key. This validation step is required because:

    • Custom encryption for your project files is a resource-intensive process.
    • If you have not upgraded all Prysm appliances to Prysm release 2.12 and installed a private key on the appliance, users will not be able to sign in and use Prysm.
ClosedDisabling custom encryption

To disable custom encryption,

  1. From the Encryption Key page, toggle the Account Encryption Key setting to the Off position.

    If you disable custom encryption for an account that was encrypted, the project files for that account are re-encrypted using the default application encryption key.

  2. Wait until the process to disable custom encryption completes before attempting to sign in to Prysm.
Top