Advanced Settings
To access the advanced settings, click on Advanced Settings in the dashboard of the organization.
Dashboard
Depending on your solutions and apps following areas are available.
Overview
Shows the key information of the organization. By clicking “View” you can navigate to the properties of the organization.
App Configurations
If apps that are based on app configurations are licensed, the corresponding app configurations are displayed here. Navigate in the app configurations widget to create additional app configurations.
Target Domains for “Teamroom Transfer”
Shows domains that can be used as target for transferring or publishing Teamrooms. Navigate in the target domains widget to create additional domains.
OAuth Clients
OAuth clients are needed, for example, for the transfer Teamroom functionality. If you activate a target domain for transferring Teamrooms, an OAuth client is created automatically in the target domain. Navigate in the OAuth client widget, to create OAuth clients manually.
For OAuth clients defined in the organization, you can specify whether the use must be confirmed.
Mindbreeze InSpire Services
Mindbreeze InSpire Services can be used, for example, to classify documents automatically. Navigate in the Mindbreeze InSpire Services to create additional services. If only one service is available, it is automatically the default service. If multiple services are available, a service can be set as default service by using the “Set as Default” context menu command. The default service is used if no service has been explicitly defined in the respective context (the fallback does not apply to an app room context).
You can define the following settings:
- Name
The name of the service. - Filter Service URL
The URL to the Mindbreeze InSpire filter service (e.g. https://mbinspire.example.com:8443/filter/23401). - Tenant
The Mindbreeze InSpire prediction service is multi-tenant capable. If a tenant is defined, it will be used in Mindbreeze InSpire.
Note: In the Mindbreeze Management Center, the Tenant ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbtenant}} - Project
Within a tenant several projects can be managed. If a project is defined, it will be used in Mindbreeze InSpire.
Note: In the Mindbreeze Management Center, the Project ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbproject}} - Scope
Within a project several scopes can be managed. If a scope is defined, the corresponding model will be used in Mindbreeze InSpire. Otherwise, the default model is used.
Note: In the Mindbreeze Management Center, the Scope ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbscope}} - Authentication
Defines the authentication type for the filter service. - Root and Intermediate Certificate Authorities
Defines the root and intermediate certificate authorities for the validation of the SSL server certificates of the filter service. - Send Feedback to Mindbreeze InSpire Service
Defines whether feedback about the correctness of the classification will be sent to the Mindbreeze InSpire service. This can improve the future classification. - Own Mindbreeze InSpire Service for Feedbacks
Defines whether the feedback will be sent to a dedicated Mindbreeze InSpire service. If enabled, the data (Filter Service URL, Tenant, Project, Scope, Authentication) can be specified for the dedicated Mindbreeze InSpire Service. - Own Mindbreeze InSpire Service for Training Data
Defines whether the training data will be sent to a dedicated Mindbreeze InSpire service. If enabled, the data (Filter Service URL, Tenant, Project, Scope, Authentication) can be specified for the dedicated Mindbreeze InSpire Service. - Software Component Prefixes for the Mapping of Fabasoft Cloud Keys
If no full reference is specified in the Key Mapping field, the system attempts to determine the property using the software components specified here (e.g. COOTC@1.1001). - Key Mapping
If the keys defined in Mindbreeze InSpire do not correspond to the keys in the Fabasoft Cloud, a mapping can be defined. As key in the Fabasoft Cloud the reference of the respective property is used (e.g. COOTC_1_1001_objcategory for the Category property). In the case of user-defined forms the programming name of the property is used as key.
When using short references (e.g. objcategory), the corresponding software component must be specified in the Software Component Prefixes for the Mapping of Fabasoft Cloud Keys field.
If necessary, contact Mindbreeze InSpire Support to make the specific settings.
Mindbreeze InSpire Entity Definitions
These settings are used to provide solution-specific AI functionality. You can find more information on this in the documentation for the respective solution.
Mindbreeze InSpire Configurations
These settings are used to provide solution-specific AI functionality. You can find more information on this in the documentation for the respective solution.
Actions
- Enable/Disable Delta Indexing
Defines whether changes are transferred to the index defined in the endpoint.
Note: If delta indexing is disabled, any changes are not logged and are therefore not reflected in the index even after enabling. - Schedule Full Indexing
Starts full indexing in the background. - Resume/Pause Delta Indexing
Defines whether changes are transferred to the index defined in the endpoint.
Note: If delta indexing is paused, any changes are logged and are therefore reflected in the index after resuming.
Mindbreeze InSpire Property Configurations
These settings are used to provide solution-specific AI functionality. You can find more information on this in the documentation for the respective solution.
Holiday Tables
Holiday tables allow the definition of holidays and time intervals. Holidays are used, for example, in the workflow and time intervals are considered for follow-ups.
By default, holiday tables are available for Austria, Germany and Switzerland. If no specific holiday table is selected in the Holiday Table field of app configurations, app rooms or Teamrooms, the default holiday table is used (“Set as Default” context menu command).
A new holiday table can be created using the “Create Holiday Table” action. If applicable, an existing holiday table can also be duplicated.
Holidays can be created using the “Create Holiday” or “Import Holidays” action. When importing, a sample CSV file can be downloaded via the “Download CSV Template” button. Alternatively, the holiday tables provided by the product can also be downloaded as CSV files (properties > Holidays (CSV File) field). Supported date format: yyyy-mm-dd
Time intervals can be created in the properties of the holiday table in the Time Intervals field.
Define Contact Data
You can enter addresses, telephone numbers and e-mail addresses of your organization. If you define an e-mail address as the invoice address, invoices from online purchases will be sent to that e-mail address (instead of the payment user's e-mail address). To add the e-mail domain for your organization, please contact Fabasoft Cloud Support because the domain has to be verified. For example, users with an e-mail address that corresponds to one of your e-mail domains are recognized as members. The company name and the UID number can only be changed as long as the organization has not been checked and classified as trustable by Fabasoft. Please contact Fabasoft Cloud Support if changes are necessary.
To define the contact data, perform the following steps:
- In the dashboard of the organization click Advanced Settings.
- Click the “Define Contact Data” action.
- Enter the desired data.
- Click “Save”.
Define Logo
You can define a logo, a preview logo, a background image and a header background color for your organization. The logo will be displayed, for example, left above the actions. The preview logo is used when the organization is displayed for instance in a list. The background image is displayed directly on “Home”.
To define the logos, perform the following steps:
- In the dashboard of the organization click Advanced Settings.
- Click the “Define Logo” action.
- Upload the logos or select already existing logos. If a logo exceeds the maximum display size, it will be automatically displayed smaller.
Note: The Logo is also displayed in the header if no own Header Logo has been defined. - Upload a background image for the home area.
- If applicable, specify the background color for the header (as hexadecimal value, e.g.: #FF0000). The colors of the elements of the header are automatically adapted to the background color.
Note: If you select a background color, the background color and the logo are also considered for the login pages. If you select no background color, the top bar is displayed grey because the most logos are designed for a light background. - If you enable Use Logo and Background Color in E-Mails option, the logo or header logo and the background color are also included in your organization's e-mails sent via the Cloud.
- If you enable the Use Logo und Background Color in Support Dialog option, the logo or header logo and the background color is used in the support dialog for internal support requests.
- Click “Save”.
Define Policies
You can centrally define policies and default settings for the members of your organization. This is an efficient way to ensure a consistent user experience.
To define the policies, perform the following steps:
- In the dashboard of the organization, click Advanced Settings.
- Click the “Define Policies” action.
- Switch to the desired tab and define the policies. Further information can be found in the next chapters.
- Click “Save”.
“Actions” tab
Define which organization members are authorized to execute the following actions:
- Allow “Create Teamrooms” for Each Data Location Separately
Defines whether the Create Teamroom policy can be defined for all data locations together or for each data location separately. - Create Teamrooms (all data locations or per data location)
Defines the members who are allowed to create Teamrooms. - Manage Home
Defines the members who are allowed to manage their “Home”. Members who are allowed to manage the home area can place or remove objects on their home. - Transfer Teamrooms
Defines the members who are allowed to transfer or publish Teamrooms. - Edit Forms and Categories
Defines the members who are allowed to create, edit and release forms and categories. Explicit authorization is required as app.ducx expressions can be created in the context of forms and categories. - Edit BPMN Process Diagrams
Defines the members who are allowed to create, edit and release BPMN process diagrams. Explicit authorization is required as app.ducx expressions can be created in the context of BPMN process diagrams. - Manage Inbox Rules
Defines the members who are allowed to create and edit rules for inboxes. Explicit authorization is required as app.ducx expressions can be created in the context of inbox rules. - Use Search Folders for Audit Logs
Defines the members who are allowed to see audit logs. - Synchronization Mode
Defines how the Cloud folder can be used by members to synchronize with the file system (“No Synchronization”, “Synchronized Desktop or Synchronized Folder”, “Synchronized Folder”).- No Synchronization
You can prevent the members can synchronize their data with the file system. - Synchronized Desktop or Synchronized Folder
The members can synchronize their whole “Home” or use the synchronized folder.
Note: If no value is selected, this option is used by default. - Synchronized Folder
The data in the synchronized folder of the members is synchronized.
Note:
- These actions are generally not available for external members.
- In the properties of the organization member, you will find the restrictions that apply to this member on the “Policies” tab. If “Executable by all members except” or “Executable by no one except” are defined in the organization, you can also change the settings for the user on this tab. If a policy is defined via a team, the settings cannot be changed at the user.
“Membership Administration” tab
Define settings regarding the membership administration.
- Add Members to the Organization
Defines the members who are allowed to add new members to the organization. Only members whose email address matches one of the organization's email domains can be added. - Add External Members to the Organization
Defines the members who are allowed to add new external members to the organization. - Remove Members from the Organization
Defines the members who are allowed to terminate memberships of members. - Remove External Members from the Organization
Defines the members who are allowed to terminate memberships of external members. - Manage Organizational Structure
Defines the members who are allowed to manage the organizational structure. - Manage External Organizations
Defines the members who are allowed to manage external organizations. - Manage Teams
Defines the members who are allowed to manage teams. - Automatically Terminate Membership of Unregistered External Members After
Enables the automatic termination of the membership of external members who have never logged in after the defined period of time. The check is carried out once a day. The external members concerned are informed of the termination of their membership by e-mail. - Automatically Terminate Membership of Inactive External Members After
Enables the automatic termination of the membership of inactive external members after the defined period of time. The check is carried out once a day. The external members concerned are informed of the termination of their membership by e-mail.
“Content” tab
Define settings regarding the allowed contents.
- Blocked File Extensions
Define a not allowed file extension per line. File with these file extensions cannot be uploaded. - Check Blocked File Extensions in ZIP Archives
Defines whether file extensions are also checked in ZIP archives. - Maximum File Size (in MB)
Files can only be uploaded if the file size does not exceed the specified value. - Maximum Number of Versions Kept
When objects are changed a version is created. Here you can define how many versions are kept at maximum. - Signatures With Additional Password Verification (Compliant to FDA 21 CFR Part 11)
Allows an additional password prompt when applying a signature that is defined in this policy. - Edit Office Documents in Microsoft Office for the Web
Define users who are allowed to open documents that are assigned to your organization with Microsoft Office for the web.
Keep in mind that Office for the web is a Microsoft service and use of Office for the web is subject to Microsoft’s terms of use and privacy policy. When displaying or editing files, Office for the web keeps a temporary copy of this file on Office for the web servers.
If you want to prevent that documents are transferred to an Office for the web server, select “No one”. - Final Format
Defines whether documents are converted to PDF/A or PDF in the final format. If nothing is specified, PDF/A is used by default.
Note: With PDF/A documents, there may be display problems with some fonts. - Open or Download Content on the Device
Can be used to determine for whom the open and download actions are available in the web browser client. In addition, Teamrooms and the assigned objects cannot be duplicated.
For example, you can specify that nobody other than your organization members can use these actions. - Open Content via a Network Drive (WebDAV)
Defines who is allowed to access your organization's content via a network drive (WebDAV). If access is not allowed, the common WebDAV clients are blocked. - Block Downloading of Content via Public Links
If enabled, the “Download” button is not displayed for public links throughout the organization. Otherwise, it can be defined for the Teamroom or public link whether the “Download” button is displayed. - Allow Push Notifications for Events
Defines whether push notifications are sent for events. If the affected object is assigned to another organization, Allow Push Notifications for Events must also be enabled in this organization for the push notification to be sent. - Allowed Members in Teamrooms
By default, users, teams and organizations can be authorized in Teamrooms. You can restrict the allowed members teams and organizations.
“Teamroom” tab
Define the default settings for new Teamrooms of the organization.
- Access Protection
Defines whether only the specified team is allowed to access the Teamroom or whether everyone can read the Teamroom but not search for it. - Restrict Shortcuts Within Teamroom
Defines which type of shortcuts may be stored in the Teamroom. You can restrict the permitted shortcuts to objects that are assigned to the organization or to objects that are assigned to the Teamroom. In this way, you can prevent, for example, that shortcuts are stored to which the members of the Teamroom do not have access. - Restrict the Downloading or Opening of Content on the Device
Allows team members to restrict who can open or download content at the device. - Roles That Are Allowed to Open or Download Content on the Device
Defines which permissions a team member must have in order to open or download content at the device. - Team Members Visible to All Members
Defines whether all members are allowed to see the team members. Note that disabling this setting also restricts other use cases.
Note: Team members with change access can be eventually seen by all members, since changes are logged in log properties such as Last Change by.- Only team members with “Full Control” have access to the “Permissions”, can start processes, use templates and release templates and presettings.
- Only team members with “Full Control” see the events by default. The display of events can also be enabled for team members who are not allowed to view the team. However, only events that could not lead to conclusions about team members with read access will be displayed.
- Team members with read access cannot use remarks, public comments, signatures, processes or comment on news feeds.
- Team members with read access cannot use the time travel.
- Team members with read access cannot be selected as participants in processes.
- Team members with read access cannot create public links.
- Display Events for Team Members Who Are Not Allowed to View the Team
Only team members with “Full Control” see the events by default. The display of events can also be enabled for team members who are not allowed to view the team. However, only events that could not lead to conclusions about team members with read access will be displayed. - All Team Members May Add Members
Defines whether all team members can add users to the team or only team members with “Full Control”. Members with change access may grant or revoke change access or read access to other members. Members with read access may grant or revoke read access to other members. - Restrict Team Members
Defines the organizations, organizational units, teams and external organizations whose members may be added to the Teamroom. If the list does not contain any entries, members can be added without restriction.
“Key Server” tab
Define settings regarding key servers.
- Choose Key Server
Users can select a key server when encrypting if they have been authorized to do so via the organization policy. Otherwise, the default key server is used automatically.
“Processes” tab
Define settings regarding processes.
- Process Administrators
A process administrator can monitor and control all processes in the organization. - Show Process Statistics for
Defines for whom process statistics are displayed. A process administrator can view the statistics for all processes in the organization. A process owner can view the statistics for the processes for which he is responsible. - Process Statistics Calculation Interval
Defines the interval for calculating the process statistics. - Schedule Process Statistics Calculation
Defines when the next calculation of process statistics will take place.
“Authentication” tab
Define settings regarding the authentication.
- Settings for Login Session
Defines the settings for the login sessions.- Validity Period
Defines the maximum validity period of a login session. You can choose a value between 2 hours and 3 days. The default value is currently 16 hours. - Validity Period in Case of Inactivity
Defines the maximum validity period of a login session when the user is inactive. You can choose a value between 15 minutes and 4 hours. The default value is currently 2 hours. - Value for SameSite Attribute of Session Cookie
Defines the value of the SameSite attribute of the web browser cookie used for the login session. You can use the “Strict” or “Lax” value to reduce the risk of cross-site request forgery (CSRF). However, these values limit usability and may require users to log in more frequently. The default value is “Lax”.
Note: The integration for Microsoft Teams and the task pane integration for Microsoft Office for the Web can only be used with the “None” value.
- Trusted Networks
Defines IPv4 addresses or address ranges (in CIDR notation, e.g. 198.51.100.0/24) of your trusted networks with which users communicate with the Internet. This allows, for example, extending the logon session binding from one IPv4 address to IPv4 ranges. - Authentication Methods That Do Not Require Two-Factor Authentication
You can define that single sign-on and certificate authentication methods do not require a second factor. If you disable the second factor, your IT department must take appropriate measures to ensure that the authentication level is still maintained. - Permanent Login
Defines the users who can use the permanent login. - Period of Validity for Permanent Login
Defines the maximum time until a new explicit login is required. - Permitted Operating Systems for a Permanent Login
Defines the operating systems on which permanent login is possible. - Certificate Authorities for Computer Certificates for Microsoft Windows, Apple macOS and Ubuntu
On devices with Microsoft Windows, Apple macOS or Ubuntu, for security reasons, a permanent login is only possible if the devices can be identified by a computer certificate. This is to prevent users from permanently logging in on devices that are not under your organization's control (such as private or public devices). Specify all certification authorities that issue computer certificates to your organization by uploading the certificates from these certification authorities as a CER file in PEM format.
If a user wants to perform a permanent login on a device, the system checks whether a computer certificate issued by one of the configured certification authorities can be found on the device. The following certificates are used:- Microsoft Windows
“Local Computer” > “Personal” > “Certificates”
CN of the certificate: local host name and domain name - Apple macOS
Default keychain
CN of the certificate: local host name and domain name - Ubuntu
Network authentication certificate (802.1x)
CN of the certificate: local host name
- Login With OpenID Connect
Defines authentication settings for OpenID Connect services.- Validity Period
Defines the default maximum validity of OpenID Connect service sessions. - Override Validity Period
Overrides the maximum validity of OpenID Connect sessions for specific services.
- Activate Password Policy
Defines whether the guidelines for passwords should be used. - Guideline for Passwords
Defines criteria for passwords of user accounts and public links.- Minimum Length
Defines the minimum length of a password. - Require at Least One Lowercase and Uppercase Character
Defines whether a password must include at least one lowercase and one uppercase letter. - Require at Least One Digit
Defines whether a password must include at least one digit. - Require at Least One Special Character
Defines whether a password must include at least one special character.
Default Settings
On the “Basic Settings”, “Accessibility”, “Notifications”, “Workflow”, “Home” and “Qualified Electronic Signature” tabs, you can define default settings for your members. Additionally, you can define whether the settings are changeable by the members. Via the “Reset to Default Settings” button, you can restore the settings predefined by Fabasoft. You can also define the settings individually in the properties of the members.
Note:
- If the organization from which a user is managed changes, the default settings of the new organization are applied to the user.
- Changes to the default settings only affect new members.
The “Apply Organizational Settings” context menu command is available for users, teams, organizational units, external organizations and organizations in order to take over changed default settings. - The virtual owner and the user for background tasks are displayed in the properties of the organization on the “Service Accounts” tab. For solution-specific special cases, the “Apply Organizational Settings” context menu command can be used to apply the organization settings also to the service users.
“Basic Settings” tab
Define the basic settings for your members. Users can find the settings here: “account menu (user name)” > “Basic Settings” > “General” tab.
In the Allow Users to Change Data Location field, you can also specify whether users should be able to change the data location. If not, users may only be able to change to the standard data location via the data location menu.
“Accessibility” tab
Define the accessibility settings for your members. Users can find the settings here: “account menu (user name)” > “Basic Settings” > “Accessibility” tab.
“Notifications” tab
Define the notification settings for your members. Users can find the settings here: “account menu (user name)” > “Advanced Settings” > “Notifications” > “Settings” button > “Settings” tab.
“Workflow” tab
Define the workflow settings for your members. Users can find the settings here: “account menu (user name)” > “Advanced Settings” > “Workflow” > “Personal Settings” tab.
“Home” tab
Define which items on “Home” should be available to members of the organization.
- Available Elements on Home
Defines which elements are available on Home. Additionally, the size and order of the elements can be defined. - Start With
Defines an element available on Home that is initially displayed after login. - More Elements on Home
Defines additional elements that should be available on Home. - Show Organization Management for Administrators on Home
Define whether the organization management should be shown to administrators of the cloud organization on Home. If you disable this option, administrators can manage only selected settings using the “Settings” action of an app's personal dashboard.
You can define whether members are allowed to manage their home area themselves via the “Manage Home” policy (see chapter ‘“Actions” tab’).
“Qualified Electronic Signature” tab
Define the qualified electronic signature settings for your members. Users can find the settings here: “account menu (user name)” > “Advanced Settings” > “My Signatures”.
Note: Only available if the qualified electronic signature has been acquired for the organization.
“Fabasoft Cloud Client” tab
Define the Fabasoft Cloud Client settings for organization members.
- Additional Description Text for the Installation of the Fabasoft Cloud Enterprise Client
Defines a multilingual description text to be displayed in the web browser status if the Fabasoft Cloud Client is not installed or not up to date. - Link to the Fabasoft Cloud Enterprise Client in the Software Center
Allows organization members to install the Fabasoft Cloud Enterprise Client via the web client from your Microsoft Software Center. You can find the corresponding link by navigating to the Fabasoft Cloud Enterprise Client in the software center and clicking on the “Share” button at the top right.
Note: The link to the Fabasoft Cloud Enterprise Client in the software center must be updated after each update. - Link to the Self-Provided Fabasoft Cloud Enterprise Client
Defines the link to the Fabasoft Cloud Enterprise Client in an alternative deployment tool (can be set independently or in addition to the software center link). - Display Name for the Link to the Self-Provided Fabasoft Cloud Enterprise Client
Defines the multilingual display name for the link to the alternative deployment tool. - Provide Versions From the Deployment Tools Only
Defines whether only the links to the deployment tools are displayed.
Note: If you do not enable this option, the Fabasoft Cloud Client can be obtained alternatively from the cloud installation, e.g. in the event of an error if the deployment tool cannot be reached. If a Fabasoft Cloud Enterprise Client is already installed, it will be downloaded for the update. - Show Link to the Fabasoft Cloud Enterprise Client
Defines whether the link to the Fabasoft Cloud Enterprise Client is displayed. - Fabasoft Cloud Client Options
Defines the default settings for the Fabasoft Cloud Client. Users can find the settings here: “account menu (user name)” > “Advanced Settings” > “Fabasoft Cloud Client”.
Login Options: Active Directory / SAML 2.0
To enable members or external members of your organization to log in via Active Directory or SAML 2.0, you must configure the appropriate login servers.
Configuration of the Login Server
Follow the steps described in the white paper “Configuration of Single Sign-On”:
https://help.cloud.fabasoft.com/index.php?topic=doc/Configuration-of-Single-Sign-On/index.htm: new window
Configuration in the Cloud Organization
To perform the configuration in the cloud organization, proceed as follows:
- Navigate to the advanced settings of your cloud organization.
- Click the “Login Options” > “Active Directory / SAML 2.0” action.
- Select the login method (Active Directory or SAML 2.0) and upload the metadata XML file of your login server.
Note: If a login server is already configured, click “Add” first. - In addition, you can specify whether two-factor authentication is required for the login method and whether users should be automatically created the first time they log in.
Note: Automatic creation is only possible if the users use the URL for automatic login displayed on the next page. - Click “Next”.
- Enter a short name for the login server.
- Specify the e-mail domains to be associated with this login server (one e-mail domain per line without the @ sign).
Example:
sub1.example.com
sub2.example.com - You can make the displayed URL available to your users so that they can log in directly using the login server.
- Define whether the URL for direct login via the login server should also be used for sent links.
- Click "Next".
Note:
- Repeat the steps to add additional login servers.
- Existing login servers can also be edited or removed.
- Organization administrators will receive a notification in the welcome screen and by e-mail when the metadata certificate expires within the next two weeks or has expired.
- When a user is automatically created, the user becomes a member if the e-mail domain matches an e-mail domain of the organization. Otherwise, the user becomes an external member. A change to the organization's e-mail domains can be requested via Fabasoft Cloud Support.
Login Options: Certificate
In order that members of your organization can log in via a client certificate, all certificate authorities that are allowed to issue client certificates for your organization, have to be stored in the corresponding field as CER files in PEM format.
Additionally, you have to store the superordinate root and intermediate certificate authorities for the issuing certificate authorities in the corresponding field as CER files in PEM format. Provide for each root, intermediate and issuing certificate authority the corresponding certificate revocation list URLs. You can define whether a two-factor authentication is necessary when using the certificate log-in.
The CN of the certificates and the DN of the issuer must not contain special characters.
To complete the certificate configuration for your organization, you have to add the common name of the corresponding client certificates to the members (see chapter “Define Authentication and Two-Factor Authentication”).
Note: You can also define certificate settings for external organizations. This way you can provide a client certificate log-in for your external members, too.
Login Options: RADIUS
In order that your organization members can use a one-time password via a RADIUS server, the settings of the RADIUS server must be defined in your organization. In addition, you have to define the respective User ID Used for RADIUS Server for your organization members.
Organization settings
- Fully-Qualified Host Name of RADIUS Server
Defines the fully-qualified computer name of the RADIUS server. - Shared Secret of RADIUS Server
Defines the shared secret for communication with the RADIUS server. - Connection via
The connection can be made either via UDP (port 1812) or RadSec (port 2083).- RadSec Client Certificate (PKCS12)
The RadSec client certificate is used to establish a TLS connection with the RADIUS server. The RADIUS server must trust the issuing certification authority (CA) of the client certificate. - Password for RadSec Client Certificate
Defines the password of the RadSec client certificate. - Issuing Certification Authority (CA) of the RADIUS Server Certificate (PEM)
The issuing certification authority (CA) of the RADIUS server certificate is required to validate the server certificate.
- Contact E-Mail Address for RADIUS Server
Defines the contact e-mail address of the operator of the RADIUS server.
RADIUS server settings
- You have to configure the following IP addresses in your RADIUS server:
- 194.247.47.120
- 213.95.138.12
- 46.140.135.213
- Your RADIUS server has to be accessible via one of the following ports.
- TCP/2083 (RadSec)
- UDP/1812
Note: You can also define RADIUS settings for external organizations. This way you can provide a RADIUS log-in for your external members, too.
Define SMTP Settings
You can define your own SMTP server for e-mails sent via the Fabasoft Cloud. Make sure that the defined SMTP server is officially authorized to send e-mails for the domains of the specified sender e-mail addresses (Sender Policy Framework).
Define Organization Roles
Via organization roles you can define users who are responsible for managing the organization. For further information about the roles, see chapter “Organization Roles”.
Configure Encryption
In order to be able to encrypt Teamrooms using Fabasoft Secomo, a key server that should be used for encryption has to be defined. Keys created as part of the encryption process will be managed by that key server.
As part of the initial configuration, keys are generated by the key server for your organization. After completion, the encryption functionality will be enabled.
Note:
- If multiple key servers are available for your organization, you can set the default key server.
- Members can select a key server when encrypting if they have been authorized to do so via the organization policy. Otherwise, the default key server is used automatically.
- If you have a private key server, you can add additional organizations that are allowed to use your key server in the Authorized Organizations field in the key server properties.
Configure Digital Signatures
To enable the digital signing of documents with own certificates, you must store the corresponding certificates in your organization (“Advanced Settings” > “Configure Digital Signatures” action). In addition, you can specify which organization members are allowed to sign digitally with the certificates.
In addition to certificates, you can also define company stamps. To do this, click the “Add Company Stamp” button in the Company Stamps field. Assign a name, define the organization members who are allowed to use the company stamp and upload an image as company stamp.
Note:
- If the use of X.509 certificates is restricted, one of the following usage types (“Key Usage”) is required: “Digital Signature” or “Non Repudiation”.
- Certificates can be updated using the “Update” context menu command. Organization administrators and owners receive a notification on the welcome screen when the certificate expires within the next two weeks or has expired.
- Certificates can be deleted using the “Delete” context menu command. Deleted certificates can no longer be used for signing, but already signed documents are not affected.