Solved: thank Robert you for your

bayrem Nasri · ‎10-01-2014

Hi every one,

we are planning to use CRES for email encryption using ESA 8.5.6 version , my question is : is it possible to add the users accont instead of the final users?

best regards

Robert Sherwin · ‎10-01-2014

No - unfortunately with users outside of your domain, you would not have the ability to see or manage those users. You are only entitled to administer users that your company or domains are associated to under your CRES account.

So - if there were users with xyz@gmail.com, or xyz@hotmail.com - those users can setup and open/send messages through CRES, they just are not administrable. If users were xyz@nasri.com - and nasri.com is the domain mapped to your CRES account, all encrypted mail and user accounts for nasri.com, you would be able to see and address them accordingly.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117837-qanda-esa-00.html

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118288-technote-esa-00.html

http://www.cisco.com/c/en/us/support/docs/security/email-encryption/117794-configure-cres-00.html

-Robert

Cheers,
Robert Sherwin

View solution in original post

Robert Sherwin · ‎10-01-2014

Can you clarify what you mean?

With using CRES - the mail processes through your ESA, gets the encrypt handshake/header tacked on to the message from CRES, and then is sent through to the end-user... Once that end-user gets the message, they have to decrypt the message. In order for them to do so, they have to associate their user email address with the CRES service. Once they have done so, and they have a "valid account", they'll be able to decrypt the message.

If you are asking - is there a way to pre-populate the users that you are expecting to send through CRES - you can create accounts tied to with-in your own domain, if you wish. You need to get a CRES account created for your company/domain, and have that domain tied to the CRES account --- and you'll need to be a direct CRES administrator on that account. You can then login to https://res.cisco.com/admin as your admin account, and create specific users for that domain. But, you would need to create the passwords, account info, etc - and have that coordinated with them. The simple way to get this done is to just send an encrypted email to that user email address, and have them step through the process.

For CRES process info:

http://www.cisco.com/c/en/us/products/collateral/security/email-security-appliance/data_sheet_c78-677121.html

-Robert

Cheers,
Robert Sherwin

bayrem Nasri · ‎10-01-2014

Hi , thank you for your help,

I mean that we have a list of some external users ( they are in other domains) , is it possible to delegate the association of the users email addresses with the CRES account to an administrator and after that share with them needed informations including the encryption key or the password?

thanks

Robert Sherwin · ‎10-01-2014

No - unfortunately with users outside of your domain, you would not have the ability to see or manage those users. You are only entitled to administer users that your company or domains are associated to under your CRES account.

So - if there were users with xyz@gmail.com, or xyz@hotmail.com - those users can setup and open/send messages through CRES, they just are not administrable. If users were xyz@nasri.com - and nasri.com is the domain mapped to your CRES account, all encrypted mail and user accounts for nasri.com, you would be able to see and address them accordingly.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117837-qanda-esa-00.html

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118288-technote-esa-00.html

http://www.cisco.com/c/en/us/support/docs/security/email-encryption/117794-configure-cres-00.html

-Robert

Cheers,
Robert Sherwin

bayrem Nasri · ‎10-02-2014

thank you Robert for your help