SoteriMail

Soteria Cloud administrator guide

SoteriMail Knowledge Base

Operational guidance for Aggregators, MSPs, and customer administrators covering tenant setup, integrations, users, identity linking, archive operations, APIs, support, security, and troubleshooting.

Version 2026.05.19.3Updated 2026-05-19

Aggregators

Partner hierarchy, tenant creation, inherited branding, mailer defaults, billing visibility, and MSP oversight.

MSPs

Customer onboarding, Microsoft and Acronis readiness, user rollout, identity linking, and support operations.

Customer Admins

Tenant integrations, user creation, mailbox inventory, archive search, restore, security review, and escalation.

Knowledge Base

Roles, Scope, And Operating Model

How Aggregators, MSPs, and customer administrators should understand tenant scope, responsibility boundaries, and the SoteriMail operating model.

Administrator Responsibilities By Role

Use this as the baseline for who owns tenant creation, customer onboarding, user access, integrations, and day-to-day support.

AggregatorMSPCustomer Admin

Details

Aggregator administrators operate above MSPs and customers. They manage their own partner workspace, create downstream MSP or customer tenants when permitted, maintain inherited branding, and oversee service delivery patterns across the channel.

MSP administrators operate their own workspace and customer tenants in their scope. They typically own customer onboarding, Microsoft and Acronis readiness, customer branding overrides, user rollout, support triage, and monthly service operations.

Customer administrators operate inside one customer tenant. They manage customer users, mailbox assignment, integration health, identity linking, archive readiness, support cases, and security/compliance review.

Administrator Checks

  • Confirm the active tenant shown in the top bar before making administrative changes.
  • Use Partner Workspace for tenant and partner-level operations.
  • Use Admin for user, identity, and integration operations inside a customer tenant.
  • Use Setup as the daily readiness page after integration or onboarding changes.
  • Use Support and Activity to validate operational outcomes.

Tenant Hierarchy And Inheritance

SoteriMail uses a partner-aware tenant hierarchy so branding, mailer defaults, and operational responsibility can flow from platform to aggregator, MSP, and customer levels.

AggregatorMSP

Details

Platform owners control global configuration. Aggregators can create or manage downstream tenant scopes where enabled. MSPs can manage their customer estate. Customers are the operational boundary for mailbox, archive, and end-user activity.

Branding can inherit downward until a downstream tenant applies its own branding. Mailer settings follow the nearest configured override before falling back to platform defaults.

Archive and Microsoft integrations are customer-tenant scoped. Do not reuse one customer's credentials or tenant IDs in another customer tenant.

Administrator Checks

  • Create the correct tenant type before onboarding users.
  • Confirm parent tenant and tenant status are correct.
  • Set branding at the highest level that should own the visual identity.
  • Configure customer integrations in the customer workspace, not the partner workspace.

Access Model

End users are mailbox-bound. Administrators can operate across permitted mailboxes inside their organization scope.

MSPCustomer Admin

Details

End users do not need an Acronis account. They can sign in with Microsoft where Microsoft sign-in is configured, and SoteriMail resolves their archived mailbox using Microsoft identity and mailbox address.

Administrators are the users expected to have Acronis integration authority. The admin connection is used for tenant discovery, archive readiness, and mailbox inventory refresh.

End-user archive search is restricted to the single resolved mailbox. Administrative search can expose broader mailbox options only when role and tenant scope permit it.

Administrator Checks

  • Do not create Acronis accounts for every end user solely for SoteriMail access.
  • Make sure each end-user portal account has a mailbox identity or Microsoft identity.
  • Refresh archive discovery after archive mailbox changes.
  • Review ambiguous mailbox matches before enabling broad rollout.

Knowledge Base

Integration Runbooks

Step-by-step integration guidance for Acronis archive connectivity, Microsoft tenant configuration, directory sync, and readiness validation.

Acronis Archive Integration

Configure Acronis tenant context so SoteriMail can discover mailbox inventory, validate archive readiness, run archive searches, and orchestrate restore operations.

MSPCustomer Admin

Procedure

  1. Open the customer workspace.
  2. Go to Admin, then Connections.
  3. Enter the Acronis data center URL, client ID, client secret, and root tenant ID.
  4. Enter archive encryption password only when the customer's archive requires it.
  5. Save the configuration.
  6. Run the archive connection validation.
  7. Run tenant sync or archive discovery.
  8. Return to Setup and confirm mailbox inventory, archive entitlement, and readiness status.

Administrator Checks

  • Use customer-specific Acronis credentials and tenant IDs.
  • Confirm the Acronis actor account can open archive mailboxes.
  • Run validation after changing credentials, data center, tenant ID, archive password, or actor login.
  • If mailbox inventory is empty for administrators, rerun discovery and check the Acronis actor account.

Reference Structures

TenantIntegrationConfigInput
{
  "requestedMode": "live",
  "dataCenterUrl": "https://eu2-cloud.acronis.com",
  "clientId": "acronis-client-id",
  "clientSecret": "secret",
  "rootTenantId": "root-tenant-id",
  "archiveEncryptionPassword": "optional-password",
  "portalActorLogin": "admin@example.com",
  "portalActorEmail": "admin@example.com",
  "archiveMailboxId": "optional-mailbox-override-id",
  "archiveMailboxName": "optional-mailbox-override-name",
  "clearClientSecret": false,
  "clearArchiveEncryptionPassword": false
}

Microsoft 365 Integration

Configure Microsoft tenant access for Microsoft sign-in, directory sync, mailbox context, Outlook add-in identity, calendar, contacts, and task workflows.

MSPCustomer Admin

Procedure

  1. Create or identify the Microsoft application registration for the customer tenant.
  2. Capture Microsoft tenant ID, client ID, and client secret.
  3. Save Microsoft configuration in Admin, then Connections.
  4. Complete Microsoft admin consent when prompted.
  5. Run Microsoft directory sync.
  6. Review identity linking recommendations.
  7. Test Microsoft sign-in with an administrator account before inviting end users.

Administrator Checks

  • Directory sync should show users before bulk onboarding.
  • Microsoft sign-in can be used before every identity is manually reviewed when the tenant connection is ready.
  • If a user belongs to multiple workspaces, they select the workspace after Microsoft sign-in.
  • Keep Microsoft app credentials tenant-specific unless a platform-managed Microsoft model has been intentionally configured.

Reference Structures

Microsoft Configuration Fields
{
  "microsoftTenantId": "entra-tenant-id",
  "microsoftClientId": "application-client-id",
  "microsoftClientSecret": "application-client-secret",
  "clearMicrosoftClientSecret": false
}

Readiness Validation

Use Setup and Admin validation to confirm that SoteriMail is ready before rolling out users.

AggregatorMSPCustomer Admin

Procedure

  1. Open Setup for the target customer tenant.
  2. Review readiness status, attention items, and recommended actions.
  3. Open Admin if Acronis, Microsoft, users, or mailbox readiness needs work.
  4. Run archive validation and Microsoft directory sync.
  5. Return to Setup and confirm improved readiness counts.
  6. Review Activity for validation and sync audit events.

Administrator Checks

  • Archive inventory should show mailbox candidates.
  • Microsoft directory sync should show users.
  • Identity linking should show connected or candidate Microsoft accounts.
  • End users should have mailbox and Microsoft identity context before rollout.

Knowledge Base

Users, Identity Linking, And Onboarding

How administrators create users, onboard mailboxes, link Microsoft identities, and control the rollout from partner or customer workspaces.

Create Users Manually

Manual user creation is useful for administrators, pilot users, or exceptions that should not wait for bulk onboarding.

MSPCustomer Admin

Procedure

  1. Open the target customer workspace.
  2. Go to Admin, then Access and Roles.
  3. Choose Create User.
  4. Enter display name, email, role, and initial password.
  5. For an end user, assign the correct archive mailbox.
  6. Save the user and communicate the sign-in method.
  7. Ask the user to complete first sign-in and 2FA enrollment where local sign-in is used.

Administrator Checks

  • Customer admins can create customer admins and end users inside their tenant scope.
  • MSP and aggregator admins can create roles only where their provisioning scope permits.
  • End users must remain mailbox-bound.
  • Administrative users should not be assigned end-user mailbox scope unless they also need personal mailbox workflows.

Bulk Onboarding From Microsoft Directory

Bulk onboarding turns synced Microsoft accounts into controlled portal user creation candidates, then verifies archive coverage before invitation.

MSPCustomer Admin

Procedure

  1. Run archive discovery and Microsoft directory sync.
  2. Open Admin, then Bulk Onboarding.
  3. Review candidate states such as Ready, Provisioned, Shared mailbox, Legal mailbox, No archive match, and Held.
  4. Filter to Ready candidates.
  5. Edit suggested username, display name, and email when needed.
  6. Create users in controlled batches.
  7. Review identity linking after creation.

Administrator Checks

  • Do not bulk-create accounts for shared or legal mailboxes unless they have a real user owner.
  • Hold candidates when the Microsoft identity does not map cleanly to a protected archive mailbox.
  • Prefer Microsoft directory email addresses over synthetic archive-local addresses.
  • Run a small pilot batch before full customer rollout.

Identity Linking

Identity linking connects portal users to Microsoft identities and archive mailboxes so sign-in and archive scope resolve correctly.

MSPCustomer Admin

Details

SoteriMail evaluates Microsoft account status, archive mailbox status, link status, login readiness, and archive access readiness.

Use Link Recommended when the system found a high-confidence Microsoft match. Use Link Selected when the correct Microsoft account must be chosen manually. Use Clear Link when a link is incorrect.

For end users, Microsoft identity and mailbox email are sufficient for SoteriMail access when the archived mailbox is discoverable through Acronis. End users do not need individual Acronis accounts.

Administrator Checks

  • Resolve duplicate or ambiguous identities before inviting users.
  • Check that mailbox email, Microsoft email, and user principal name align.
  • Refresh discovery after mailbox rename or migration events.
  • If a user cannot see archive search, confirm their account is linked to the correct mailbox identity.

Knowledge Base

Archive, Recovery, Support, And Security Operations

Daily operating procedures for archive search, restore, support escalation, activity review, and security/compliance workflows.

Archive Search

Archive search is mailbox-scoped for end users and role-scoped for administrators.

MSPCustomer Admin

Procedure

  1. Open Archive.
  2. Choose the mailbox if your role exposes more than one mailbox.
  3. Enter a keyword or use subject, sender, recipient, and date filters.
  4. Choose the reason code.
  5. Run the search.
  6. Review preview, retention label, legal hold status, and restore availability.
  7. Use Acronis handoff only when the result or mailbox requires console-assisted access.

Administrator Checks

  • End-user searches must use self-service reason code.
  • Administrators should use reason codes that reflect the business purpose.
  • Legal hold and console-assisted preview paths should be treated as sensitive.
  • Search and handoff events are audited.

Restore Workflow

Restore requests preserve source message, target mailbox, overwrite mode, status, and audit context.

MSPCustomer Admin

Procedure

  1. Open a search result or Recover.
  2. Choose restore target.
  3. Choose overwrite mode: safe merge or restore copy.
  4. Submit the restore request.
  5. Track status in Recover.
  6. Review Activity for restore audit events.
  7. Escalate to Support if status does not move as expected.

Administrator Checks

  • Use original mailbox target for normal end-user recovery.
  • Use administrative target selection only when policy permits it.
  • Never restore across customer tenants.
  • Keep a support case attached when restore requires investigation.

Support, Security, And Forensics

Support keeps operational context attached to user issues. Security and forensic workspaces help administrators review protection state and evidence.

AggregatorMSPCustomer Admin

Details

Support cases can be assigned, triaged, moved in progress, responded to, resolved, reopened, and annotated with internal notes.

Security gives customer administrators a protection score, top risks, email security, awareness, collaboration app security, posture management, and recommendations.

Forensics supports evidence collection, case management, preserved searches, custody history, export packages, and threat intelligence context where configured.

Administrator Checks

  • Assign support ownership early.
  • Use requester-visible responses only when ready to communicate with the user.
  • Use internal notes for operational detail.
  • Use preserved searches for investigation repeatability.
  • Export forensic packages only for approved incident response, legal, or compliance workflows.

Knowledge Base

Partner And Commercial Operations

Guidance for tenant onboarding, branding, mailer configuration, billing visibility, and partner support responsibilities.

Tenant Onboarding

Partner admins use the Partner Workspace to create downstream tenants and prepare them for customer operations.

AggregatorMSP

Procedure

  1. Open Partner Workspace.
  2. Create the downstream tenant type allowed by your role.
  3. Set tenant name, slug, status, and primary administrator role.
  4. Create or invite the first customer administrator.
  5. Switch into the customer workspace.
  6. Configure Acronis and Microsoft integrations.
  7. Run readiness validation before user rollout.

Administrator Checks

  • Confirm tenant type before creating users.
  • Disable tenants instead of deleting them when temporary suspension is needed.
  • Deleting tenants should be treated as a controlled cleanup operation.
  • Record customer onboarding completion in operational notes or support systems.

Branding, Mailer, And Billing

Partner branding and mailer settings can inherit through the tenant hierarchy. Billing visibility supports partner and tenant-level review.

AggregatorMSP

Details

Branding can be configured at platform, aggregator, MSP, or customer level. The nearest configured tenant branding is used unless a lower tenant overrides it.

Mailer configuration follows tenant override, nearest partner override, platform default, then runtime fallback.

Billing statements and billable-user visibility are available to platform and partner roles where enabled by tenant type and scope.

Platform owners use the billing workspace to review organization-level usage, including parent-child relationships and per-organization portal-user counts across aggregators, MSPs, and customers.

The platform-owner billing workspace also defines the billing-account tier table, including MRR bands, per-user price for each tier, and the default tier that applies to generated statements.

Individual organizations can override the default tier with an organization-specific tier assignment when the commercial agreement differs from the default account tier.

Administrator Checks

  • Set branding before customer rollout to avoid inconsistent user experience.
  • Validate mailer settings after changing sender details or credentials.
  • Review billable user statements after archive discovery and user onboarding.
  • Use the platform-owner billing workspace when you need a cross-organization hierarchy and per-organization user-count view.
  • Keep the active billing tier aligned to the commercial account tier before issuing statements or exporting billing data.
  • Assign an organization tier override only when that organization has a different agreed rate than the default billing-account tier.
  • Use partner margins according to commercial agreement and pricing sheet.

Knowledge Base

API Structures And Endpoint Map

The JSON structures, endpoint groups, and request patterns administrators and integration teams need for implementation review.

API Conventions

SoteriMail APIs are JSON-first, session-authenticated, and return a direct domain object on success or an error field on failure.

AggregatorMSPCustomer Admin

Details

Most endpoints require a signed-in portal session. Microsoft OAuth endpoints are used for Microsoft sign-in and Microsoft connection flows.

Most successful responses return the domain object directly rather than wrapping in a data envelope.

Failed responses return JSON with an error field and an HTTP status code appropriate to the failure.

Reference Structures

Error Contract
{
  "error": "Human readable error message."
}

Common Schemas

Core schemas used across archive, recovery, tenant, support, and identity operations.

AggregatorMSPCustomer Admin

Reference Structures

SessionUser
{
  "id": "user_123",
  "username": "jane.customer",
  "displayName": "Jane Customer",
  "email": "jane@example.com",
  "primaryIdentityEmail": "jane@example.com",
  "microsoftUserId": "11111111-2222-3333-4444-555555555555",
  "microsoftEmail": "jane@example.com",
  "microsoftUserPrincipalName": "jane@example.com",
  "role": "customer-admin",
  "tenantId": "tenant_customer_001",
  "tenantType": "customer",
  "mailboxId": "mailbox_001",
  "mailboxLabel": "Jane Customer",
  "mailboxEmail": "jane@example.com"
}
SearchInput
{
  "mailboxId": "mailbox_001",
  "query": "invoice",
  "reasonCode": "self-service",
  "dateFrom": "2026-01-01",
  "dateTo": "2026-03-21",
  "subject": "renewal",
  "sender": "accounts@example.com",
  "recipient": "jane@example.com",
  "attachmentMode": "with-attachments"
}
RestoreRequest
{
  "id": "restore_001",
  "tenantId": "tenant_customer_001",
  "actorUserId": "user_123",
  "targetMailboxId": "mailbox_001",
  "messageRef": "msg_001",
  "restoreTarget": "jane@example.com",
  "overwriteMode": "safe-merge",
  "taskId": "task_001",
  "status": "queued",
  "requestedAt": "2026-03-21T07:18:00.000Z",
  "sourceSubject": "Renewal invoice"
}
CreatePortalUserInput
{
  "tenantId": "tenant_customer_001",
  "displayName": "Jane Customer",
  "email": "jane@example.com",
  "username": "jane@example.com",
  "role": "end-user",
  "password": "initial-password",
  "mailboxId": "mailbox_001"
}
BulkOnboardingInput
{
  "candidateIds": ["candidate_001", "candidate_002"],
  "overrides": [
    {
      "candidateId": "candidate_001",
      "username": "jane.customer",
      "displayName": "Jane Customer",
      "email": "jane@example.com"
    }
  ]
}
CreateTenantInput
{
  "tenantName": "Customer Ltd",
  "tenantSlug": "customer-ltd",
  "tenantType": "customer",
  "adminUsername": "admin.customer",
  "adminDisplayName": "Customer Admin",
  "adminEmail": "admin@customer.example",
  "adminPassword": "initial-password",
  "requestedMode": "live",
  "dataCenterUrl": "https://eu2-cloud.acronis.com",
  "clientId": "acronis-client-id",
  "clientSecret": "secret",
  "rootTenantId": "root-tenant-id"
}

Authentication And Workspace APIs

Session establishment, Microsoft sign-in, workspace selection, and profile/session inspection endpoints.

AggregatorMSPCustomer Admin

Details

Use these endpoints when reviewing portal session handling, Microsoft sign-in redirects, and multi-workspace activation behavior.

Workspace activation is session-bearing and should be reviewed with cookie-setting behavior in mind.

Endpoint Groups

Authentication And Workspace

Session, login, Microsoft SSO, password reset, profile, and workspace selection.

MethodPathPurpose
POST/api/auth/loginStart local sign-in
POST/api/auth/verify-2faComplete local sign-in with 2FA
GET/api/auth/microsoft/startStart Microsoft sign-in or connect flow
GET/api/auth/microsoft/callbackComplete Microsoft OAuth callback
GET/api/auth/workspacesList Microsoft-linked workspaces
POST/api/auth/workspacesSwitch or activate a workspace
GET/api/session/meRead current session
GET/api/profileRead profile state

Archive And Recovery APIs

Archive mailbox discovery, search, result inspection, Acronis handoff, and restore orchestration endpoints.

MSPCustomer Admin

Details

These endpoints are the core recovery surface for archive-backed search and restore workflows.

Search and restore operations are mailbox-scoped and should be reviewed with role and tenant scope rules in mind.

Endpoint Groups

Archive And Recovery

Mailbox inventory, archive search, search sessions, message preview, handoff, and restore.

MethodPathPurpose
GET/api/mailboxesList accessible archive mailboxes
POST/api/archive/searchCreate an archive search session
GET/api/archive/search/[id]Read search session
GET/api/archive/search/[id]/resultsRead search results
POST/api/archive/search/[id]/open-in-acronisCreate Acronis handoff
GET/api/archive/messages/[ref]Read archived message metadata
POST/api/archive/messages/[ref]/restoreRequest restore for archived message
GET/api/restore/[id]Read restore status

Communication Workspace APIs

Mailbox, delegated access, calendar, contacts, and tasks endpoints that drive the Microsoft-backed communication workspace.

MSPCustomer Admin

Details

These are operational mailbox and collaboration endpoints, not archive endpoints.

Delegated mailbox visibility and action restrictions should be reviewed separately from self-mailbox behavior.

Endpoint Groups

Communication Workspace

Microsoft-backed mail, calendar, contacts, tasks, avatars, delegated mailboxes, and mailbox actions.

MethodPathPurpose
GET/api/mailbox/folders/[folderId]/messagesRead mailbox folder messages
POST/api/mailbox/searchSearch Microsoft mailbox content
POST/api/mailbox/sendSend or draft mailbox message
POST/api/mailbox/messages/[messageId]/actionApply message action such as move or delete
GET/api/mailbox/messages/[messageId]/attachments/[attachmentId]Download message attachment
GET/api/mailboxes/delegatedList delegated mailbox access
GET/api/calendar/eventsList calendar events
POST/api/calendar/eventsCreate calendar event
POST/api/calendar/free-busyRead availability
GET/api/contactsList contacts
GET/api/tasksList tasks

Administration APIs

Customer-tenant administration endpoints for integration configuration, validation, user access, onboarding, identity linking, and support workflow.

MSPCustomer Admin

Details

This domain is the primary operational API surface for customer administrators and MSP operators working inside a customer tenant.

Bulk onboarding and identity linking should be reviewed together because rollout depends on both surfaces.

Endpoint Groups

Administration

Tenant setup, integration validation, sync, users, bulk onboarding, identity links, and support.

MethodPathPurpose
GET/api/admin/summaryRead admin summary state
GET/api/admin/integrationRead integration state
PUT/api/admin/integrationSave tenant integration configuration
POST/api/admin/integration/validateRun tenant validation checks
POST/api/admin/integration/microsoft/syncSync Microsoft directory
GET/api/admin/usersList portal users
POST/api/admin/usersCreate portal user
GET/api/admin/users/bulkRead bulk onboarding candidates
POST/api/admin/users/bulkCreate users from onboarding candidates
GET/api/admin/identity-linksRead identity linking state
PATCH/api/admin/identity-linksLink or clear Microsoft identity
PATCH/api/admin/supportUpdate support case assignment, status, response, or notes

Partner And Platform APIs

Tenant onboarding, branding, mailer, Microsoft platform configuration, billing, and threat-intel provider endpoints.

AggregatorMSP

Details

These endpoints should be reviewed separately from customer-tenant administration because their scope and role requirements differ.

Platform configuration routes and partner onboarding routes are adjacent, but they are not interchangeable operational surfaces.

Platform billing now persists currency, a billing-tier table, and the active account tier rather than one flat per-user rate.

Reference Structures

PlatformBillingConfigInput
{
  "currency": "ZAR",
  "activeTierId": "tier-2",
  "tiers": [
    {
      "id": "tier-1",
      "label": "Tier 1",
      "minimumMonthlyRecurringRevenue": 0,
      "maximumMonthlyRecurringRevenue": 1000,
      "pricePerUser": 7
    },
    {
      "id": "tier-2",
      "label": "Tier 2",
      "minimumMonthlyRecurringRevenue": 1001,
      "maximumMonthlyRecurringRevenue": 6000,
      "pricePerUser": 6.37
    }
  ],
  "organizationTierAssignments": [
    {
      "tenantId": "tenant_customer_001",
      "tierId": "tier-1"
    }
  ]
}

Endpoint Groups

Partner And Platform

Tenant onboarding, branding, mailer, Microsoft platform config, billing, and threat intelligence.

MethodPathPurpose
GET/api/platform/tenantsList scoped tenants
POST/api/platform/tenantsCreate downstream tenant
GET/api/platform/microsoftRead platform Microsoft configuration
PUT/api/platform/microsoftSave platform Microsoft configuration
GET/api/platform/brandingRead branding configuration
PUT/api/platform/brandingSave branding configuration
POST/api/platform/brandingUpload branding asset
GET/api/platform/mailerRead mailer configuration
PUT/api/platform/mailerSave mailer configuration
POST/api/platform/mailer/validateValidate mailer configuration
GET/api/platform/billingRead billing analytics and statement state
PUT/api/platform/billingSave billing configuration
GET/api/platform/threat-intelRead threat-intel provider configuration
PUT/api/platform/threat-intelSave threat-intel provider configuration

Security, Mail Authentication, And Forensics APIs

Security posture, mail-auth intelligence, forensic case management, evidence handling, hunt execution, and preserved-search endpoints.

AggregatorMSPCustomer Admin

Details

Security and forensics are grouped here because they are adjacent operationally, but they serve different analyst workflows.

Evidence collection, custody, and export endpoints should be read as an investigation surface, not as normal admin workflow APIs.

Endpoint Groups

Security, Mail Authentication, And Forensics

Security dashboard, mail authentication intelligence, forensic cases, evidence, preserved searches, custody, and exports.

MethodPathPurpose
GET/api/admin/securityRead security and compliance dashboard
POST/api/admin/securityRun security refresh, validation, or sync actions
GET/api/admin/security/mail-authRead SPF, DKIM, and DMARC intelligence
GET/api/forensics/casesList forensic cases
POST/api/forensics/casesCreate forensic case
GET/api/forensics/evidenceList evidence records
POST/api/forensics/evidenceCreate forensic evidence record
GET/api/forensics/evidence/[id]Read forensic evidence record
POST/api/forensics/evidence/[id]/collectCollect evidence artifact
GET/api/forensics/evidence/[id]/custodyRead custody event history
GET/api/forensics/evidence/[id]/exportExport evidence package
GET/api/forensics/huntsRead forensic hunt workspace state
POST/api/forensics/huntsRun forensic hunt
POST/api/forensics/cases/[id]/evidenceAttach or detach evidence from a forensic case
GET/api/forensics/cases/[id]/preserved-searchesList preserved searches for a forensic case
POST/api/forensics/cases/[id]/preserved-searchesCreate preserved search for a forensic case

Outlook Add-in APIs

Bootstrap, archive, restore, support, and deeplink endpoints used by the Outlook add-in surface.

MSPCustomer Admin

Details

These endpoints are specific to the Outlook task-pane experience and should be reviewed separately from the main portal UI routes.

Outlook archive and restore operations are scoped through add-in bootstrap context rather than the full portal shell.

Endpoint Groups

Outlook Add-in

Outlook task pane bootstrap, archive search, restore, support escalation, and deeplinks.

MethodPathPurpose
POST/api/outlook/bootstrapResolve Outlook user, mailbox, and allowed actions
POST/api/outlook/archive/searchRun scoped archive search from Outlook
POST/api/outlook/archive/restoreRequest restore from Outlook
GET/api/outlook/protection-statusRead mailbox protection status
POST/api/outlook/support/escalateCreate support escalation from Outlook
GET/api/outlook/deeplinkBuild portal handoff URL

Acronis CyberApp Launch And Callback APIs

Launch, OAuth, connect/disconnect, and event/action callback endpoints used when the portal is embedded or launched from Acronis.

AggregatorMSPCustomer Admin

Details

This domain is integration-facing rather than operator-facing and should be reviewed whenever CyberApp launch or callback behavior changes.

OAuth start/callback and CyberApp action/event handlers belong together because deployment and callback URLs are coupled operationally.

Endpoint Groups

Acronis CyberApp Launch And Callbacks

Cyber Protect launch, OAuth callback, connect/disconnect, and callback action handling.

MethodPathPurpose
GET/api/acronis/launchHandle Acronis launch context
GET/api/auth/acronis/startStart Acronis OAuth flow
GET/api/auth/acronis/callbackComplete Acronis OAuth flow
POST/api/acronis/connectConnect Acronis tenant context
POST/api/acronis/disconnectDisconnect Acronis tenant context
POST/api/acronis/eventReceive Acronis event callback
POST/api/acronis/actionHandle Acronis callback action

Knowledge Base

Troubleshooting

Common issues and the checks administrators should run before escalating to Soteria Cloud support.

Mailbox Inventory Is Empty

Administrators see no mailbox inventory or users cannot see archive search options.

MSPCustomer Admin

Administrator Checks

  • Confirm the customer tenant has a saved Acronis integration configuration.
  • Run archive connection validation.
  • Confirm the Acronis actor account can open archive mailboxes.
  • Run tenant sync or archive discovery again.
  • Check Setup for archive entitlement and mailbox discovery status.
  • For end users, confirm their Microsoft identity or mailbox email matches the archived mailbox.

Microsoft Sign-in Fails

Microsoft sign-in requires tenant configuration, consent, and a portal user or mailbox identity match.

AggregatorMSPCustomer Admin

Administrator Checks

  • Confirm Microsoft tenant ID, client ID, and client secret are saved.
  • Complete Microsoft admin consent.
  • Run Microsoft directory sync.
  • Check the user's email, user principal name, and linked Microsoft account.
  • If the same Microsoft account belongs to multiple workspaces, use workspace selection after sign-in.
  • If the account is unresolved, create or bulk-onboard the portal user first.

Search Or Restore Errors

Search and restore failures usually indicate scope mismatch, missing live archive session, expired Microsoft session, or archive readiness problems.

MSPCustomer Admin

Administrator Checks

  • Confirm the mailbox is visible to the current role.
  • Use self-service reason code for end-user searches.
  • Run a fresh search before restoring a live archive item.
  • Check whether the message is under legal hold.
  • Reconnect Microsoft mailbox access if mailbox workspace actions fail.
  • Open Activity and Support to preserve context before escalating.