The Admin Interface

The Admin Interface is an extended version of the Journalist Interface, that allows you to manage users and configure the appearance and behaviour of your instance’s web interfaces.

Logging in

To log in to the Admin Interface, start the Admin Workstation with persistence enabled. Open the SecureDrop Menu and select the “Launch Journalist Interface” option. Tor Browser will start and load the login page for the Journalist Interface. Use your username, passphrase, and two-factor authentication token to log in.

By default, you will be logged in to the Journalist Interface’s source list page.

The top navigation of the Journalist Interface says 'Logged on as Journalist' and displays an 'Admin' link.

In the course of normal administration operations you should not need to view source communications, but if you do, you can find information on managing submissions in the journalist guide.

Note

If you have lost your login information or your two-factor authentication is no longer valid, you can create another account with admin privileges via the command line on the Application Server. See here for more information.

User Management

You can use the Admin Interface to add and remove users, and to reset their credentials if necessary. To open the Admin Interface, click Admin in the upper right corner of the Journalist Interface.

Adding Users

After logging in, you can add new user accounts for the journalists at your organization who will be checking the system for submissions. Make sure the journalist is physically in the same room as you when you do this, as they will have to be present to enable two-factor authentication. SecureDrop supports the use of either a smartphone authenticator app or a Yubikey for two-factor authentication. If an app is to be used, the journalist should install it before proceeding with the account setup.

Tip

We recommend using FreeOTP (available for Android and for iOS) to generate two-factor codes because it is Free Software. However, if it does not work for you for any reason, alternatives exist:

  1. Click Admin in the top right corner of the page to load the Admin Interface.

    The Admin Interface displays an 'Add User' button.

  2. Click Add User to add a new user.

    The form used to create new users displays a pre-generated Diceware passphrase.

  3. Hand the keyboard over to the journalist so they can create their own username.

  4. Once they’re done entering a username for themselves, have them save their pre-generated Diceware passphrase to their password manager.

  5. If the new account should also have admin privileges, allowing them to add or delete other journalist accounts, select Is Admin.

  6. Finally, set up two-factor authentication for the account, following one of the two procedures below for your chosen method.

Note

The username deleted is reserved, as it is used to mark accounts which have been deleted from the system.

FreeOTP

  1. If the journalist is using FreeOTP or another app for two-factor authentication, click Add User to proceed to the next page.

    The form used to enable FreeOTP displays a barcode and a two-factor secret.

  2. Next, the journalist should open FreeOTP on their smartphone and scan the barcode displayed on the screen.

  3. If they have difficulty scanning the barcode, they can tap on the icon at the top that shows a plus and the symbol of a key and use their phone’s keyboard to input the two-factor secret into the Secret input field, without whitespace.

  4. Inside the FreeOTP app, a new entry for this account will appear on the main screen, with a six-digit number that recycles to a new number every thirty seconds. The journalist should enter the six-digit number in the Verification code field at the bottom of the Enable FreeOTP form and click Submit.

If two-factor authentication was set up successfully, you will be redirected back to the Admin Interface and will see a confirmation that the two-factor code was verified.

YubiKey

  1. If the journalist wishes to use a YubiKey for two-factor authentication, select Is using a YubiKey. You will then need to enter their YubiKey’s OATH-HOTP Secret Key. For more information on how to retrieve this key, read the YubiKey Setup Guide.

    The form used to create new users, filled with the 40-character HOTP secret key of a Yubikey.

  2. Once you’ve entered the Yubikey’s OATH-HOTP Secret Key, click Add User. On the next page, have the journalist authenticate using their YubiKey, by inserting it into a USB port on the workstation and pressing its button.

    The form used to verify the setup of the Yubikey requests a 6-digit verification code.

  3. If everything was set up correctly, you will be redirected back to the Admin Interface, where you should see a flashed message that says “The two-factor code for user new username was verified successfully.”.

The journalist will require their username, passphrase, and two-factor authentication method whenever they check SecureDrop. Make sure that they have memorised their username and passphrase, or stored them in their password manager, and that they can keep their two-factor authentication device secure.

Passphrases and Two-Factor Resets

Warning

Both of these operations will lock a user out of their SecureDrop account. Users should be physically present when their passphrase or two-factor authentication method is reset. If this is not possible, store the passphrase and/or two-factor authentication secret in your own password manager before securely transmitting them to the user in question, and delete them once the user has confirmed they can successfully log in.

Even while following passphrase best practices, your journalists may occasionally lock themselves out of their accounts. This can happen if, for example, they lose their two-factor device or if they forget the passphrase to their password manager. When this happens, you can reset their account as follows:

  1. Log in as an administrator to the Journalist Interface

  2. Select Admin at the top right to open the Admin Interface

  3. Find the user’s account name and select Edit

The account editing form allows admins to change name, reset passphrase, and reset two-factor authentication.

Next, you can either rotate their passphrase or reset two-factor authentication for their account.

To change their passphrase to the randomly-generated passphrase shown:

  1. Have the journalist enter their current passphrase and two-factor code.

  2. Make sure the new passphrase is saved in a password manager.

  3. Click Reset Password

To reset two-factor authentication:

  1. Click the button that corresponds to the user’s chosen two-factor authentication method:

    • Click Reset Mobile App Credentials for accounts using FreeOTP or a similar authentication app

    • Click Reset Security Key Credentials for accounts using a Yubikey

  2. Follow the on-screen instructions to complete the process and verify their new two-factor authentication credentials.

Off-boarding Users

See our guide to off-boarding users from SecureDrop.

Instance Configuration

The Instance Configuration section of the Admin Interface allows you to:

  • update the organization name and logo displayed on the Source and Journalist Interfaces

  • set submission preferences for the Source Interface

  • send test OSSEC alerts.

Updating the Organization Name

Your organization name is used in page titles and logo ALT text on the Source Interface and Journalist Interface. By default, it’s set to SecureDrop. To change it, enter your desired name in the Organization Name field and click Set Organization Name.

Updating the Logo Image

You can update the system logo shown on the web interfaces of your SecureDrop instance via the Admin Interface. We recommend a size of 500px x 450px. Only PNG-format images are supported. To update the logo image:

  1. Copy the logo image to your admin workstation

  2. Click Browse and select the image from your workstation’s filesystem

  3. Click Update Logo to upload and set the new logo

You should see a message appear indicating the change was a success.

The Instance Configuration form displays 'Image updated' after the logo was updated successfully.

It may be necessary to hold the Shift key while pressing the Reload button in the browser, which will force it to purge the cached version of the logo in order to see the new one.

Testing OSSEC Alerts

To verify that the OSSEC monitoring system’s functionality, you can send a test OSSEC alert by clicking Send Test OSSEC Alert.

The Instance Configuration form displays 'Test alert sent' after a test OSSEC alert was sent successfully.

You should receive an OSSEC alert email at the address specified during the installation of SecureDrop. The email may take several minutes to arrive. If you don’t receive it, refer to the OSSEC Guide for information on troubleshooting steps.

Submission Preferences

The Submission Preferences subsection allows you to restrict the types of submissions accepted by your instance.

Disabling Document Uploads

By default, SecureDrop supports both text submissions and document uploads. If you only want to receive text messages, you can disable uploads as follows:

  1. Check the Prevent sources from uploading documents checkbox

  2. Click Update Submission Preferences

This change will be applied immediately on the Source Interface. Documents that were previously uploaded will still be available via the Journalist Interface.

Preventing Short Initial Messages

By default, SecureDrop does not apply a minimum length requirement to messages. If your instance is experiencing a high volume of short one-time messages with no actionable content, or if you would like to indicate to sources that their initial message should include enough information for journalists to respond to them effectively, you can set an initial message length as follows:

  1. Check the Prevent sources from sending initial messages shorter than the minimum required length checkbox

  2. Enter the desired minimum length in the field below the checkbox

  3. Click Update Submission Preferences

This change will be applied immediately on the Source Interface. Initial messages that are too short will be rejected, with an error message informing sources of the requirement. This requirement will not be applied to initial messages that also include a document, or to subsequent messages in the conversation.

To remove the requirement, uncheck the checkbox and click Update Submission Preferences.

Preventing Initial Messages Containing the Source’s Codename

Sources should never need to share their seven-word codename with journalists. If your instance is receiving one-time messages consisting of the source’s codename, you can optionally reject those messages, before they are stored, as follows:

  1. Check the Prevent sources from submitting their codename as an initial message checkbox

  2. Click Update Submission Preferences

This change will be applied immediately on the Source Interface. Initial messages that contain the source’s codename will be rejected, with an error message reminding sources to protect their codename and keep it secret. To remove this restriction, uncheck the checkbox and click Update Submission Preferences.