2018 June Release

Advanced SettingsPermanent link for this heading

To access the advanced settings, click on Advanced Settings in the dashboard of the organization.

DashboardPermanent link for this heading

Depending on your edition and licensed apps following areas are available.

Overview

Shows the key information of the organization. By clicking “View” you can navigate to the properties of the organization.

App Configurations

If apps that are based on app configurations are licensed, the corresponding app configurations are displayed here. Navigate in the app configurations widget to create additional app configurations.

Target Domains for “Teamroom Transfer”

Shows domains that can be used as target for transferring or publishing Teamrooms. Navigate in the target domains widget to create additional domains.

OAuth Clients

OAuth clients are needed, for example, for the transfer Teamroom functionality. If you activate a target domain for transferring Teamrooms, an OAuth client is created automatically in the target domain. Navigate in the OAuth client widget, to create OAuth clients manually.

For OAuth clients defined in the organization, you can specify whether the use must be confirmed.

Mindbreeze InSpire Services

Mindbreeze InSpire Services can be used to classify documents automatically. Navigate in the Mindbreeze InSpire Services to create additional services. If only one service is available, it is automatically the default service. If multiple services are available, a service can be set as default service by using the “Set as Default” context menu command. The default service is used if no service has been explicitly defined in the respective context.

You can define the following settings:

  • Name
    The name of the service.
  • Filter Service URL
    The URL to the Mindbreeze InSpire filter service (e.g. https://mbinspire.example.com:8443/filter/23401).
  • Authentication
    Defines the authentication type for the filter service.
  • Root and Intermediate Certificate Authorities
    Defines the root and intermediate certificate authorities for the validation of the SSL server certificates of the filter service.
  • Tenant
    The Mindbreeze InSpire prediction service is multi-tenant capable. If a tenant is defined, it will be used in Mindbreeze InSpire.
    Note: In the Mindbreeze Management Center, the Tenant ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbtenant}}
  • Project
    Within a tenant several projects can be managed. If a project is defined, it will be used in Mindbreeze InSpire.
    Note: In the Mindbreeze Management Center, the Project ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbproject}}
  • Scope
    Within a project several scopes can be managed. If a scope is defined, the corresponding model will be used in Mindbreeze InSpire. Otherwise, the default model is used.
    Note: In the Mindbreeze Management Center, the Scope ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbscope}}
  • Send Feedback to Mindbreeze InSpire Service
    Defines whether feedback about the correctness of the classification will be sent to the Mindbreeze InSpire service. This can improve the future classification.
  • Key Mapping
    If the keys defined in Mindbreeze InSpire do not correspond to the keys in the Fabasoft Cloud, a mapping can be defined. As key in the Fabasoft Cloud the reference of the respective property is used (e.g. COOTC_1_1001_objcategory for the Category property). In the case of user-defined forms the programming name of the property is used as key.

If necessary, contact Mindbreeze InSpire Support to make the specific settings.

Define Contact DataPermanent link for this heading

You can enter addresses, telephone numbers and e-mail addresses of your organization. To add the e-mail domain for your organization, please contact the Fabasoft Cloud Support because the domain has to be verified. For example, users with an e-mail address that corresponds to one of your e-mail domains are recognized as members.

To define the contact data, perform the following steps:

  1. In the dashboard of the organization click Advanced Settings.
  2. Click the “Define Contact Data” action.
  3. Enter the desired data.
  4. Click “Save”.

Define LogoPermanent link for this heading

You can define a logo, a preview logo and a header background color for your organization. The logo will be displayed, for example, left above the actions. The preview logo is used when the organization is displayed for instance in a list.

To define the logos, perform the following steps:

  1. In the dashboard of the organization click Advanced Settings.
  2. Click the “Define Logo” action.
  3. Upload the logos or select already existing logos. If a logo exceeds the maximum display size, it will be automatically displayed smaller.
  4. If applicable, specify the background color for the header (as hexadecimal value, e.g.: #FF0000). The colors of the elements of the header are automatically adapted to the background color.
    Note: If you select a background color, the background color and the logo are also considered for the login pages.
  5. If you select the Use Logo and Background Color in E-Mails setting, the logo and the background color are also included in your organization's e-mails sent via the Cloud.
  6. Click “Save”.

Define PoliciesPermanent link for this heading

You can define for your organization centrally, which actions can be executed by which members, which contents can be stored and which team settings apply.

To define the policies, perform the following steps:

  1. In the dashboard of the organization click Advanced Settings.
  2. Click the “Define Policies” action.
  3. Switch to the desired tab and define the policies. Further information can be found in the next chapters.
  4. Click “Save”.

“Actions” tabPermanent link for this heading

Define which organization members are authorized to execute the following actions:

  • Manage Home
    Defines the members who are allowed to manage their “Home”. The management comprises creating, storing and removing Teamrooms or folders directly on “Home”.
  • Create Teamrooms
    Defines the members who are allowed to create Teamrooms.
  • Transfer Teamrooms (Enterprise and higher)
    Defines the members who are allowed to transfer or publish Teamrooms.
  • Create Search Folders for Audit Logs (Enterprise and higher)
    Defines the members who are allowed to search for audit logs.
  • Add Members to the Organization
    Defines the members who are allowed to add new members to the organization. Only members whose email address matches one of the organization's email domains can be added.
  • Add External Members to the Organization
    Defines the members who are allowed to add new external members to the organization.
  • Manage External Organizations
    Defines the members who are allowed to manage external organizations.
  • Manage Organizational Structure
    Defines the members who are allowed to manage the organizational structure.
  • Manage Teams
    Defines the members who are allowed to manage teams.

Note:

  • Owners and administrators are not affected by these settings and can always execute the actions.
  • These actions are generally not available for external members.
  • In the properties of the organization member you will find the restrictions that apply to this member on the “Administration” tab. If “Executable by all members except” or “Executable by no one except” are defined in the organization, you can also change the settings for the user on this tab. If a policy is defined via a team, the settings cannot be changed at the user.

“Content” tabPermanent link for this heading

Define settings regarding the allowed contents.

  • Blocked File Extensions
    Define a not allowed file extension per line. File with these file extensions cannot be uploaded.
  • Check Blocked File Extensions in ZIP Archives
    Defines whether file extensions are also checked in ZIP archives.
  • Maximum File Size (in MB)
    Files can only be uploaded if the file size does not exceed the specified value.
  • Maximum Number of Versions Kept
    When objects are changed a version is created. Here you can define how many versions are kept at maximum.
  • Signatures With Additional Password Verification (Compliant to FDA 21 CFR Part 11)
    Allows an additional password prompt when applying a signature that is defined in this policy.
  • Digitally Sign Documents
    Defines who is allowed to digitally sign documents.
    Note: The digital signature has to be configured for the organization.
  • Edit Office Documents in Microsoft Office Online
    Define users who are allowed to open documents that are assigned to your organization with Microsoft Office Online.
    Keep in mind that Office Online is a Microsoft service and use of Office Online is subject to Microsoft’s terms of use and privacy policy. When displaying or editing files, Office Online keeps a temporary copy of this file on Office Online servers.
    If you want to prevent that documents are transferred to an Office Online server, select “No one”.
  • Open or Download Content on the Workstation
    Can be used to determine for whom the open and download actions are available in the web browser client. In addition, Teamrooms and the assigned objects cannot be duplicated.
    For example, you can specify that nobody other than your organization members can use these actions.

“Team” tabPermanent link for this heading

Define settings regarding the team.

  • Send Teamroom Invitations to Members
    You can define whether a Teamroom invitation will be sent to the members of the organization, if the organization itself is added to a Teamroom.
  • Allowed Members in Teamrooms
    By default, users, teams and organizations can be authorized in Teamrooms. You can restrict the allowed members teams and organizations.

“Processes” tabPermanent link for this heading

Define settings regarding processes.

  • Process Administrators
    Process administrators get an overview of all predefined and ad hoc processes of the organization and can also manage them (if process statistics are enabled for process administrators).
  • Show Process Statistics for
    Defines who is allowed to see process statistics.
  • Process Statistics Calculation Interval
    Defines the interval for calculating the process statistics.
  • Schedule Process Statistics Calculation
    Defines when the next calculation of process statistics will take place.

“Authentication” tabPermanent link for this heading

Define settings regarding the authentication.

  • Authentication Methods That Do Not Require Two-Factor Authentication
    You can define that single sign-on and certificate authentication methods do not require a second factor. If you disable the second factor, your IT department must take appropriate measures to ensure that the authentication level is still maintained.

Define Certificate SettingsPermanent link for this heading

In order that members of your organization can log in via a client certificate, all certificate authorities that are allowed to issue client certificates for your organization, have to be stored in the corresponding field as CER files in PEM format.

Additionally, you have to store the superordinate root and intermediate certificate authorities for the issuing certificate authorities in the corresponding field as CER files in PEM format. Provide for each root, intermediate and issuing certificate authority the corresponding certificate revocation list URLs. You can define whether a two-factor authentication is necessary when using the certificate log-in.

The CN of the certificates and the DN of the issuer must not contain special characters.

To complete the certificate configuration for your organization, you have to add the common name of the corresponding client certificates to the members (see chapter “Define Authentication and Two-Factor Authentication”).

Note: You can also define certificate settings for external organizations. This way you can provide a client certificate log-in for your external members, too.

Define RADIUS SettingsPermanent link for this heading

In order that your organization members can use a one-time password via a RADIUS server, the settings of the RADIUS server must be defined in your organization. In addition, you have to define the respective User ID Used for RADIUS Server for your organization members.

Organization settings

Enter the computer name and the shared secret of the RADIUS server. The connection can be established either via UDP (port 1812) or RadSec (port 2083).

RADIUS server settings

  • You have to configure the following IP addresses in your RADIUS server:
    • 194.247.47.120
    • 213.95.138.12
    • 46.140.135.213
  • Your RADIUS server has to be accessible via one of the following ports.
    • TCP/2083 (RadSec)
    • UDP/1812

Define Organization RolesPermanent link for this heading

Via organization roles you can define users who are responsible for managing the organization. For further information about the roles, see chapter “Organization Roles”.

Configure EncryptionPermanent link for this heading

In order to be able to encrypt Teamrooms using Secomo, the encryption functionality must be configured.

  • Key Server
    Define a key server that should be used for encryption. Keys created as part of the encryption process will be managed by that key server.
  • Use Client Certificates for Authentication
    Define if client certificate authentication should be used for key server access. If client certificate authentication is configured for users of your organization, that authentication mechanism can be enabled for key server access.

As part of the initial configuration, keys are generated by the key server for your organization. After completion, the encryption functionality will be enabled.

Configure Digital SignaturePermanent link for this heading

To enable the digital signing of documents with a certificate, you must store the corresponding certificate in your organization. In addition, you can specify which organization members are allowed to sign digitally.

Note: Secomo is required for the digital signature.