Quick-start guide: Initial setup

This guide provides you with our recommended steps for setting up Graphus for the first time. We suggest following the guide step-by-step to ensure a successful outcome.

If you are working in a team and are not doing the setup alone, you should start adding your core team as global users under MSP Administration > User Management. If you are using KaseyaOne, you can let KaseyaOne manage the user account creation by activating Unified Login and Central User Management under MSP Administration > KaseyaOne.

When adding a new user, you must assign one of these roles to the user:

  • Admin: Selected by default when adding a new user. The admin role enables the user to perform all activities in the application. An admin can add, update, and disable other users, change settings, and investigate alerts.
  • Analyst: Users assigned the analyst role can only investigate alerts in Graphus.

NOTE  For more information about:
- Adding users, see the article Adding users to Graphus.
- KaseyaOne, see the article Enabling KaseyaOne Unified Login for Graphus.

Graphus is a multi-tenancy tool that allows you to protect and manage multiple email domains (Graphus calls these domains Organizations). Before you start rolling out Graphus to multiple domains, you should set up default values under MSP Administration > Global Settings. The default values will be applied automatically to each new organization that you onboard. If you don't set up default global values, you will need to configure and enable them separately for each organization.

Graphus offers you default settings for the following features:

  • Branding: Customize your Graphus reports by adding your company logo and picking a report header and footer color. Refer to the Quick-start guide: Branding.
  • EmployeeShield Banner: The EmployeeShield banner is an interactive warning banner inserted in the recipient’s email. It allows a recipient to mark an email as safe or unsafe. Under Global Settings, you can manage the look and feel of the banner. Refer to the article Setting up the EmployeeShield® banner.
  • Whitelisting: Use whitelisting if you want Graphus to skip processing any inbound email with attributes that match the whitelisted parameters. Graphus quarantine and EmployeeShield® functionalities will not be applied to these emails. Refer to the article Graphus whitelisting options and best practices
  • EmployeeShield® Application on Suspicious and Not Yet Trusted Senders: You can elect when the EmployeeShield® banner appears in emails from a new external sender or a sender that has not been trusted yet by Graphus.
  • Daily Insights Report: A daily phishing defense report can be generated and emailed to specific recipients.

To start configuring Graphus, click the MSP Administration tab. The Global Settings page is selected by default.

Each setting provides the following options:

  • Save As Default: Creates a default setting that will be applied when a future organization is created.
  • Apply: Applies the setting to existing organizations that you select.
  • Save as Default And Apply: Applies the setting to new organizations added to Graphus going forward and allows you to apply the setting to existing organizations that you select.

NOTE  If you are setting up Graphus the first time and have not yet added any organizations, click the Save as Default button to save each of your settings.

For more information about each of these settings, see the MSP global settings feature guide.

If you are using other Kaseya products, we recommend that you activate the integrations available for these products. The IT Glue and Graphus integration is especially useful. It will ease client onboarding by allowing you to copy organization names and email domains from IT Glue to Graphus. The integration will also keep your organization name automatically updated in Graphus if you change it in IT Glue.

For more information about the available integrations, see the article Setting up Kaseya integrations.

Rolling out Graphus to an email domain is a multi-step process and starts by creating an organization. To create an organization you will need to know the main/root email domain, give it a name, and for M365 domains, enter your Microsoft Entra tenant ID.

After you create an organization, you must provide Graphus with the API permissions required to access your email domain. This is done by activating the organization. The steps to activate an organization are different for Microsoft and Google domains. For both types of domains, you will need admin or super-admin credentials.

After you provide Graphus with the needed API access, the Graphus AI will analyze all historical data in your email domain, which might take 24 to 48 hours. After this step is completed, Graphus will start protecting your email. All global settings you defined via default values will automatically be applied to your domain. We recommend that you go into your organization's settings and configure the following:

  • Investigation Functionalities
  • Phish911
  • Executive Spoofing Prevention
  • Impersonation Protection for Internal Senders
  • Email Notification for Graphus Alerts or SIEM/Ticketing Integration (especially Phish911)

You can find detailed information for onboarding an organization and configuring its settings in the Quick-start guide: Onboarding a new email domain.

Graphus provides settings to customize the look of Graphus reports and the EmployeeShield banner. Organizations can apply branding characteristics, like colors and logos, for which the organization is identified.

Branding selections can be made at the global level and then applied to existing organizations. Also, you can opt to have branding automatically applied to new organizations as you add them to Graphus. In addition, branding can be applied at the organization level which will override the global settings.

Detailed information for branding your reports and EmployeeShield banner can be found in the Quick-start guide: Branding