Skip to main content

Qiata Company Administrator

danger

As of version 4.0 the Company Administor must login using the old login, which is available from https://FQDN/sc. You can find more information in our FAQ section.

Introduction​

The role of a Company Administrator is to manage the following.

  • Users
  • Groups
  • Roles
  • Policies
  • Archives
  • Company Templates
  • Authentication

The Company Administrator also have the task of reviewing all transfers flagged for review. For auditing the file transfers, the Company Administrator has access to all transfer logs.

Company Administrator Levels​

There are three levels of Company Administrators in the Qiata. The first level, created by the System Administrator is the Primary Company Administrator. The Primary Company Administrator then create other Company Administrators. The third and lowest level of Company Administrator is also known as the Group Administrator. The Group Administrator administers users and groups created under the the group that was assigned to the Group Administrator.

The following table shows their access levels.

Administrator LevelCreate Company AdministratorsCreate Group AdministratorsCreate Users
Primary Company Administrator (PCA)YesYesYes
Company Administrator (CA)YesNoYes
Group Administrator (GA)NoNoYes

Primary Company Administrator​

The Primary Company Administrator is the main Company Administrator created by the System Administrator. The Primary Company Administrator can create additional Company Administrators to assist in managing the Qiata. The Primary Company Administrator cannot be deleted by other Company Administrators. The Primary Company Administrator can create and assign Roles for other Company Administrators, also he can assign a Company Administrator to a group, converting that role into a Group Administrator.

From the login page, login with the Primary Company Administrator email address and password. After logging in, the home page will be displayed.

Company Administrator Home

The Home page shows the latest login date and the amount of storage used. If the Company Administrator is also a Group Administrator for a group, the home page will also display the name of the managed group.

To change the password, click on the Change Password button. Clicking on the Change Settings button will bring up the Change Settings dialog for changing the email signature for the Company Administrator.

Change Settings Dialog

Enter the signature to use in all notification emails in the Signature Text text box. Then click on the Update button to save the signature.

Adding Company Administrator​

To add a new Company Administrator, click on the New Users button from the System menu. The new user dialog will be displayed.

New User Dialog

In the Role selection box, select the Company Administrator option. The new user dialog will be modified as shown in the following figure.

New Company Administrator Dialog

Enter the email address of one or more new Company Administrator in the Email Addresses text box.

Select the group for the Company Administrator in the Group selection box. You can also leave it blank if you want to assign the group later.

Click on the Save button to add the new Company Administrator.

Assigning A Group Administrator​

When a Company Administrator is assigned to a group as Group Administrator, he becomes a Group Administrator. At this level, he can only administer users and groups under the group that he is assigned to.

To assign a Company Administrator to a group, select a group from the group properties dialog and select the Administrators tab as shown in the following example.

Group Edit Dialog

From the list of Company Administrators, check one or more Company Administrator to be assigned to the group. When done, click on the Update button to save the changes. The selected Company Administrator is now a Group Administrator.

tip

Only the Primary Company Administrator is allowed to assign the Group Administrator to a group. For the other Company Administrators and Group Administrators, the Group Administrator selection field in the the group properties dialog is a read-only field.

Users and Groups​

One of the roles of the Company Administrator is to manage users and groups.

Adding a New Group​

To add a new group, click on the New Group button in the System page.

System page for Company Administrator

The new group dialog will be be displayed.

New Group Dialog

Enter the name of the group in the Group Name field.

In the LDAP Authentication selection box, you can select either None or a LDAP server account created by the System Administrator. The list of LDAP server accounts is defined by the LDAP Server Account list described in chapter. If None is selected, the local user database will be used for authentication.

note

When new users login from the Login Page and their id and password matches an entry from the LDAP server specified in the LDAP Authentication field of a group, they are automatically added to the respective group. This is the only situation where users are created using LDAP authentication. When new users are created directly from the New User dialog, they will use Local Authentication even if the group is using an LDAP server for Authentication.

If licensed and configured, you can enable OIDC Authentication (OpenID Connect). After activation, you must define a corresponding Group Claim. You can find more information here.

warning

The OIDC functionality is a paid feature and only available if the corresponding license is available.

Enter the storage quota for the group in the Storage Quota box.

If LDAP Authentication, OIDC Authentication or Automatically Sign-Up Users is selected, the Default User Storage Quota will be displayed. In this text field, enter the default storage to be allocated to the user when the account is automatically created with a positive authentication.

New Group Dialog with LDAP

In the Maximum Daily Transfers box, enter the maximum number of transfers that each user in the group is allowed per day.

Check the Allow User Invites check box to allow the users in the group to send invites.

If the license is available for the Team Transfer feature, the Allow Sending Team Transfers check box will be visible. To allow users in the group to initiate Team Transfers, check this box. More details on the Team Transfer feature is described in the Team Transfer chapter on page.

If the MultiSpace feature is licensed, the Allow Using MultiSpace check box will be available. If you want to assign the MultiSpace right to all participants in the group, activate this option.

A global MultiSpace Storage Quota can also be set for MultiSpace on a group basis. In addition, a Default User MultiSpace Quota is required, which will be automatically assigned to all users within the group. Fill the fields with the desired values.

note

The MultiSpace Quota has no influence on the group's standard quota.

In addition to the quota, you can select whether all users in the group should automatically receive access data for MultiSpace by activating the option Send account data automatically. If you activate this option, all participants in the group will receive an email with their username, a newly generated MultiSpace password and their MultiSpace path.

If this option is not activated, users must choose their own password via the web interface or have a mail with access data sent manually using the button in the MultiSpace area.

note

In order to ensure that a possible flood of emails does not overload the mail server, the mailings are sent at a maximum interval of 100 pieces.

The Allow Sending As, Limit Remote Access and Automatically Sign-Up Users check boxes are described in the next section.

Click on the Save button to create the group.

Editing / Deleting a Group​

To edit a group, double click on the group in the group list and the group edit dialog will be displayed.

Group Edit Dialog

If the group is a member of one or more groups, the Parent Groups text box will be displayed with the names of the parent groups.

If the Allow Sending Team Transfers check box is checked, members of the group will be allowed to create Team Transfers. To add permanent members to each Team Transfer (created by members of the group), enter the email address of these members in the Mandatory Team Member text box.

To allow members of the group to send transfers with a different email address (probably shared by the group e.g. support email address), check the Allow Sending As check box and enter the email address(es) in the Email Addresses text box.

In the Limit Remote Access section, you can enter a list of IP address and address range for source IP checking. When a user in this group logs in and this field is not empty, the source IP will be checked against this range. The user will be allowed to log in if and only if it matches the list. Some examples of IP address and ranges that can be used are 192.168.1.0/255.255.255.0, 192.168.1.0/24, 192.168.10.2 etc.

To enable this feature, check the Enable check box and enter a list of IP Address patterns in the IP Address Ranges text box.

Group Edit Dialog with more features

For automatic user sign up, check the Enable check box in the Automatically Sign-Up Users section. Two text boxes will be displayed. In the Email Address Patterns text box, fill in the patterns for the email addresses that can be used for automatic sign up. In the Patterns To Reject text box, enter the patterns for the emails to reject. Example of an email pattern is *@secudos.de which will match all email addresses from secudos.de.

When there is at least one group with automatic user sign up, a link will appear in the main login page. Clicking on the link will redirect the user to the sign up page where he fills in his email address. If the email address matches the Email Address Patterns and doesn't match any patterns in the Patterns To Reject, an email will be sent to that email address together with a password. The user can then use his email address and the password to login.

In the Policies section, the list of available policies will be displayed. Check its respective check box to apply the policy to the users in the group.

Policy Settings for Group Edit

In the Group Administrators section, you can select a Company Administrator to administer the group. This section can only be viewed and edited by the Primary Company Administrator.

Administrator Settings for Group Edit

In the Settings section as shown in the following figure, the Company Administrator can override the settings for the users in the group.

User Settings Dialog

To limit the maximum number of downloads for a new transfer, check the Set Maximum Downloads/Transfers check box. Then in the Maximum Downloads/Transfers text box, enter the maximum number.

To limit the maximum expiry period for a new transfer, check the Set Days to Expiry check box. Then in the Days to Expiry text box, enter the maximum days to expiry.

To force all new transfers to use 'PIN Code', select the Yes option in the PIN Code selection box. To force all new transfers not to use PIN Code, select the No option. To leave it to the user to decide, select the Per-User Setting option.

To force all new transfers to use passwords, select the Yes option in the Check Passwords selection box. To force all new transfers not to use passwords, select the No option. To leave it to the user to decide, select the Per-User Setting option.

To force all users in this group to use 'One-Time Password', select the Yes option in the One-Time Password selection box. To force all users to not use 'One-Time Password', select the No option. To leave it to the user to decide, select the Per-User Setting option.

note

For One-Time Password to properly work, it is important that the system clock and the clock on mobile devices is set correctly. Please make sure in advance that the time is set correctly. You can find informationens regarding date and time in the DOMOS manual.

To force an option for notifying the sender when each recipient has been notified, select the option in the Notify Sender Upon Sending - there are five options for this selection box - Yes, As BCC, As Digest, No and Per-User Setting. For every successful notification sent to each recipient, a notification is sent to the sender if Yes is selected. If As BCC is selected, the same notification is blind copied to the sender. If you don't want to be notified for each recipient in the transfer, select the As Digest option. If No is selected, no notification will be sent to the sender. To leave the decision to the user, select the Per-User Setting option.

To force an option to remind recipients if they haven't viewed the download link, select the optino in the Remind Recipients selection box. When a recipient has not clicked on the link in the email, a reminder notification will be sent automatically after three days. Select Yes, No or Per-User Setting.

To force an option for notifying the sender when a recipient has downloaded one or more files, select the option in the Notify Sender Upon Download selection box. Every time a recipient downloads a file, a notification will be sent to the sender with details such as recipient name, file name, date and time of download, download status and the time taken for the download. Select Yes, No or Per-User Setting.

Click on the Update button to save the changes to the group.

To remove the group, click on the Remove button.

Click on the Close button to close this dialog.

Adding a New User​

To add a new user, click on the New User button in the System page. The New User Dialog will display.

New User Dialog

In the Email Addresses text box, enter a list of email addresses separated by a new line. Up to 100 email addresses can be added at the same time. The email address can be any of the following formats.

  • Name <email address> e.g. John Doe <john.doe@example.com>

  • email address e.g. john.doe@example.com

In the Role selection box, select a role for the user. This can be either User, Company Administrator or one of your custom roles.

In the Group selection box, select a group that the user will be a member of. Each user can only be a member of one group.

note

If no group is chosen for the user, the ungrouped user is limited to 10 daily transfers. Users who are created using this method will always use the Local Authentication for authentication. This will be the case even if the Authentication method of the selected group is set to LDAP.

Enter a storage quota for the user in the Storage Quota box.

note

When the user's storage is close to the storage quota, a notification email will be sent to the Primary Company Administrator.

To create the user in the disabled mode, check the Deactivated Account check box.

To set an expiry date on the user account, check the Deactivate On Expiry check box. The Expiry Date field will be displayed as shown in the following diagram.

New User Dialog with Expiry Date option

On the stated expiry date, the user account will be deactivated.

Select the preferred language for the user in the Preferred Language selection box.

When the user accounts are created, the account details with their passwords are sent to their email addresses. To be copied on the account details, check the Password Email BCC check box. A copy of the account detail email will be sent to the Company Administrator.

Click on the Save button to create the user.

Adding a New Administrator​

To add a new Company Administrator, follow the same steps as the Adding a New User section. In the Role selection box, select the Company Administrator option. The respective fields will be displayed as shown in the following diagram.

New Company Administrator Dialog

To prevent the Company Administrator from making any changes to the system, check the Read Only check box. This is useful for creating an auditor role where the main function of the Company Administrator is to audit and check on the logs and files.

note

The Read Only option is only available to the Primary Company Administrator. Other Company Administrators cannot set the Read Only flag for other Company Administrators.

Editing a User​

To view the list of users, select the Users submenu tab in the System menu tab. The list of users will be displayed as shown.

User List

To filter the list of users based on specific conditions, select the respective radio buttons. To filter the list of users based on the email address, enter a pattern in the Search For Email Address field and press the Enter key. The list of users will be filtered based on their email addresses.

note

The email address of deactivated user accounts will be in red color.

To edit a user, double click on a user in the user list. The User Properties dialog will display.

User Properties Dialog

The following status are shown.

  • Used Storage - total storage used by the user.
  • All Files Archives - total storage used by the files in the archives.
  • Uploads - total storage uploaded to the user.
  • De-duplicated - total storage that already present and not stored again.
  • Last Login - last login date and time.
  • Currently Logged In - this is a read-only field will be checked if user is currently logged in.
  • Using A Session - this is a read-only field will be checked if user is currently using a session.
  • Last Password Change - last date and time of password change.

To disable the user without deleting the account, check the Deactivated Account check box and enter a reason in the Reason text box that appears. All transfers linked to this user will be temporarily deactivated. When the user attempts to log in, the reason will be displayed.

Disable User

To set an expiry date for the user account, check the Deactivate On Expiry check box. The expiry date field will be displayed. Set the expiry date for the user account in the Expiry Date field.

Expiry Date for User Account

To reset the password for the user, check the Reset Password check box. Two new fields will appear - enter the new password for the user in the New Password field and again in the Confirm New Password field.

Password Reset

To reset a user's one-time password connection to a device, check Reset one-time password connection and then click Update. At the next login, the corresponding user will first be guided through the one-time password configuration again. He can therefore connect a new device.

note

Please note that resetting the connection will cause all existing backup codes to become invalid.

OTP Reset

The Available Policies box shows a list of policies available. To apply a policy on the user, check on the respective policy check box.

Policy Settings for User Edit

Click on the Update button to apply the changes for the user.

To remove the user, click on the Remove button.

Click on the Reset button to undo the current changes.

Bulk change of Users​

To view the list of users, select the Users submenu tab in the System menu tab.

You can select multiple users with CTRL or SHIFT. If more than one user is selected, you can click on the button Bulk change.

note

Selected company administrators will ignore all changes. Bulk change will be disabled if the system administrator is selected.

A window with multiple options will open:

Bulk Change

  • Change Quota
    • Changes the Quota
    • You can type the new quota size in the field Storage Quota
  • Activate Users
    • Activates all selected deactivated users
  • Deactivate Users
    • Deactivates all selected activated users
    • A reason can be given in the field Reason
  • Move to group
    • Changes the group of all selected users to the selected group
  • Convert to Internal User
    • Converts all selected external users to internal users
  • Remove Users
    • Removes all selected users
    • All transfers of the users will also be removed
note

Not all options can be selected simultaneously. Illegitimate combinations will deaktivate on selection.

After you made your selection, you can change all selected users with Update. The changes are done when the window automatically closes. It can take a few minutes for larger selections.

danger

Do not close the browser while the changes are being applied.

Administrative Roles​

There are 2 default administrative roles preinstalled, that can directly be assigned.

  • Company Administrators
  • Technical Administrator (ftadmin)

These roles cannot be modified.

The Primary Company Administrator can only be created by ftadmin.

If the roles don't fit the Company Compliance, the Primary Company Administrator can create new administrative roles and assign them to new or existing Accounts.

Currently it is possible to create a role with these Permissions:

  • Company Admin (Manage Qiata)
  • Audit-Log (View Audit-Log)
  • App Settings (Quota, Language, Limits, Passwords)
  • Web Config (Webserver Configuration)
  • Mail Config (Mailserver Configuration)
  • Encryption Config (Encryption Key Configuration)

When creating or modifying a role, you can select the question mark on each Permission to get more details.

The Encryption Key Config Permission is only available if you have a valid License with the Encryption Option. If you select the Company Admin Permission, logins with this role will be provided with a white background page, indicating to manage the Qiata. Otherwise the background colour is black. Only the Primary Company Administrator can manage and assign custom roles for administrative purposes.

Adding a role​

To add a new role, click on the New Role button in the System page.

Create new Role Dialog

The new role dialog will be be displayed.

Create a name, give it a description and select the Permissions you like to assign and click Save. When deleting a role, first make sure it is not assigned anymore.

The ftadmin with the Technical Administrator role can be deactivated.

Roles Tab Overview

The new roles tab provides an overview of your roles.

Policies​

Policies are rules to check on file transfers and enforce an action when rules match. The two possible actions are to block the transfer or to flag it for review. In the latter case, the transfer is put on hold pending approval or denial from the Company Administrator.

Policies can check on the following parameters.

  • Recipient(s) of the transfer.
  • Type of file(s) in the transfer.
  • File name.
  • Maximum file size.

When a transfer or invite is flagged by a policy for review, the Group Administrator will be notified by email. The Group Administrator or all other Company Administrators above the user can then log in and allow or block the transaction.

Adding New Policy​

To add a new policy, click on the New Policy button in the System page. The New Policies dialog will display.

New Policy Dialog

Enter a name for the policy in the Policy Name box.

In the Policy Action selection box, select either Flag for Review, Alert or Block. When Alert is selected, the transfer will be allowed and an alert email will be sent to the Company Administrator. When Flag for Review is selected, the affected transfer will not be delivered first, pending further action. The Company Administrator will be alerted and the pending transfer is also listed in the Awaiting Review page as described in the Pending Transfer section on page.

To match on the recipient name, check the Enable check box in the Restrict Recipients section. In the Recipient selection box, select either the Must match one of or the Must not match any of option. In the Email Address Patterns text box, enter one or more email address patterns to match or not match. You can use the asterisk character (*) to denote any characters e.g. *@secudos.

To match on the file type, check the Enable check box in the Restrict File Type section. In the File Type selection box, select either the Must be or the Must not be option. Then select a file type in the second File Type field.

To match on the file name, check the Enable check box in the Restrict File Name section. In the File Names selection box, select either the Must match one of or the Must not match one of option. Then enter one or more file patterns in the File Name Patterns text box.

To match on the file size, check the Enable check box in the Restrict File Size section. Enter the maximum file size in the Maximum File Size field.

Click on the Save button to create the new policy.

Editing / Deleting a Policy​

To edit or delete a policy, double click on the policy in the policy list. The Policy Properties dialog will display.

Policy Properties Dialog

The Objects Assigned This Policy box shows a list of users or groups that use this policy.

Make any changes on the dialog and click on the Update button to update the policy.

To remove the policy, click on the Remove button.

Click on the Close button to close this dialog.

Audit​

All transfer activities are logged and a Role with Audit-Log Company Administrator can view them in the Audit Log page.

Audit Log

When the entry in the audit log is red in color, this means that the entry is related to some failure e.g. fail to login etc. When the entry color is orange, this indicates that the entry is for some incomplete or in-progress event e.g. incomplete download or download in progress etc. The following figure shows an example of a failure to deliver mail with the error code shown.

Email Delivery Failure Log

To view more information related to the log entry, double click on the entry. A related dialog box, if any, will display. The following is an example dialog.

File Status Dialog

Filtering Audit Log​

You can show all events or filter by successful or failed events by selecting either the All Events On, Successful Events On or Failed Events On option respectively.

To filter the audit log by event type, select it from the next selection box. The following event types are available.

  • Archives - activities related to system archive.
  • Comments - comments made on all transfers.
  • Contacts - activities related to the contact book.
  • Emails - emails sent by the system.
  • Files - files that are added or downloaded.
  • Groups - activities related to groups.
  • Invites - activites related to transfer invites.
  • Passwords - activities related to password creation and change.
  • Policies - activities related to policies.
  • Policy Errors - activities related to policy matches.
  • Recipients - recipients added or removed from transfers.
  • Transfers - activities related to file transfers.
  • Users - user activites.
  • All Object Types - everything.
  • Selected Object Only - activites related to the selected entry.

To search for string in the audit entries, enter a string in the Search For text box.

To filter by user, select from the From User selection box. You can also type in the email address to quickly zoom in to the user if the list is long.

Enter the range of dates in the Between and And fields.

When Files option type is selected, two additional options are available on the page as shown in the following figure.

File Filter options

Enter the file name or part of it in the Search For File text box. To search by file type, select it from the File Type selection box.

Click on the Refresh button to refresh the logs.

Downloading Audit Log​

To download the filtered audit logs, click on the Export As CSV button in the Audit Log menu.

Pending Transfers​

When transfer or invite requests are flagged for review, it will show up in the Awaiting Review page.

Awaiting Review Page

In the meantime, the sender will receive an email notification saying that the transfer is put on hold pending the outcome of the review.

The Group Administrator, if assigned, will also receive an email notification regarding the pending transfer. If there is no Group Administrator for the user, the Primary Company Administrator will be notified by email.

Select the review entry and the details will appear on the right hand pane. To download the file for review, select the file and click on the Download button.

To allow the transfer, click on the Allow button on the right hand pane.

To block the transfer, click on the Block Transfer button. The transfer will then be removed.

Company Branding​

info

With great flexibility comes great responsibility. We would like to point out that improper use of the templates can lead to possible security compromises. Changes to the templates should only be made by experts.

Company branding enables the Company Administrator to modify the Qiata to reflect the company images and styles in the web pages and email notifications.

Select the Templates submenu tab in the Company tab to show the company templates page.

Company Templates Page

There are four types of customizable templates: HTML Page, Email, Image and CSS. The first two types can support different language customization while images and css are the same across all languages.

tip

From version 1.50 upwards new templates (email and pages) were provided. The new templates are automatically installed only for new customers. Existing customers can use the Reset all Templates button in the company admin area to patch files to the new templates. Attention: All existing changes to the templates will be overwritten.

Customizing CSS Files​

To customize the various CSS styles that the Qiata uses, select the entry where the type is CSS and double click on it. The dialog box will display. Make the changes in the HTML text box and click on the Update button to save your changes. Click on the Close button to close this dialog. To undo the changes, click on the Reset button. To undo the changes and revert back to the original CSS file, check the Revert To Factory Default check box and click on the Update button to save the reverted page.

tip

Please note that changes to the new CSS files login.css, style.css and media.css only apply when using the new templates (from version 1.50).

UI Theme for SDC and new WebUI​

The Secure Desktop Client (SDC) and the new WebUI can be customized according to your color preferences. To customize the colors for all clients, please select the template UITheme Styling via double click.

In the file you will find 5 different colors:

* {
--ct1-themecolor: #2f8ecd;
--ct1-themecolor-alt: #2775a9;
--ct1-topbar: #2f8ecd;
--ct1-sidebar-top: #2f8ecd;
--ct1-logincolor: linear-gradient( to bottom, #79aed5E6 0%, #000000B3 100% );
}

Change the desired colors here based on the HEX Color values. For example, the following values are possible here:

  • red
  • #123456

The logincolor carries a gradient, where the first value indicates the upper part and the second value represents the target. The logincolor does not have to consist of a gradient. A standard HEX value is also possible here.

warning

The values should represent compatible HEX values. If a non-valid value is entered, the default values are used.

Qiata uses four different logos/images that are used in different places.

  • Logo External logo_qiata_ext.png Size: 200px x 70px
  • Logo Login/Mail logo_qiata_login_mail.png Size: 200px x 166px
  • Logo Internal logo_qiata_int.png Size: 200px x 70px
  • Background Login bg.jpg At least 1920px width recommended

Image Upload Dialog

Click on the Choose File button to select a new image file. Then click on the Update button to upload the image file. All references to the logo will now use this image file. To reset to the factory default logo, click on the Reset button.

warning

The images Logo Login/Mail logo_qiata_login_mail.png, Logo Internal logo_qiata_int.png and Background Login bg.jpg are also displayed in the SDC and used there for UI theming.

Customizing the Fav Icon​

To customize the icon that appears when a web page is loaded (also known as Fav Icon), double click on the Fav Icon entry. The image upload dialog will display.

Fav Icon Upload Dialog

Click on the Choose File button to select an Icon file. Then click on the Update button to upload the Icon file. The web page fav icon will now use this icon. To reset to the factory default icon, click on the Reset button.

Customizing Web Pages​

To customize the various web page templates that the Qiata uses, select the entry where the type is HTML and double click on it. The dialog box will display.

Web Page Edit Dialog

Make the changes in the HTML text box and click on the Update button to save your changes. Click on the Close button to close this dialog.

To undo the changes, click on the Reset button.

To undo the changes and revert back to the original template, check the Revert To Factory Default check box and click on the Update button to save the reverted page.

Customizing Email Templates​

To customize the various email templates that the Qiata uses, select the entry where the type is Email and double click on it. The dialog box will display.

Email Edit Dialog

Some email clients are not able to read HTML contents, so the email notification that the Qiata sends out contains two parts, a plain text portion and a html portion. The Plain Text text box contains the plain text of the email and the HTML text box contains the formatted text portion.

The Language text box shows the current language template for the email. You can change the email subject by entering that into the Subject text box.

To check the email format, check the Send Test Email check box. When you click on the Update button, a test email will be sent to the email account of the current Company Administrator.

Make the changes in the Plain Text and HTML text box and click on the Update button to save your changes. Click on the Close button to close this dialog.

To revert the template to factory default, check the Revert To Factory Default check box and click on the Update button to revert any changes.

Adding Custom Image​

To add a custom image to the templates, click on the Add Template button at the bottom of the Templates submenu.

The Template Properties page will be displayed as shown in the following figure.

Template Properties Page for Image

Enter a name for the image in the Name field. Click on the Choose File button to pick an image file from your system. Then click on the Save button to save the image to the Qiata.

You can refer to this image in any templates by enclosing the image name in double curly braces. For example, if the name of the image is logo2, then its reference in the templates will be {{logo2}}.

Adding Custom Text Field​

To add a custom text field to the templates, click on the Add Template button at the bottom of the Templates submenu.

Select the Text Field option in the Type field and the Template Properties will change to the relevant page as shown in the following figure.

Template Properties Page for Text Field

Enter a name for the image in the Name field. The value in this field will be used for the custom text field name in the template system. To use this text field in the templates, just enclose the name in double curly braces. For example, if the name of this text field is OfficeHours, its usage will be {{OfficeHours}}.

In the Plain Text text box, enter the text that will be used for this text field. In the same example, if this text box contains the text "Our office hours are from 8am to 6pm every day, except for holidays.", then whenever {{OfficeHours}} is encountered in the templates, it will be replaced by the respective text.

tip

You can use html elements in this field for example <b></b>, <p></p> etc.

Click on the Save button to save the text field to the Qiata.

Adding Email Notification Style​

In the New Transfer, Invite to Transfer or Team Transfer action, you can use custom email styles for the email notifications. To do this, you create Email Notification Style templates in the template section.

To add a Email Notifcation Style to the templates, click on the Add Template button at the bottom of the Templates submenu.

Select the Email Notification Style option in the Type field and the Template Properties will change to the relevant page as shown in the following figure.

Template Properties Page for Email Notification Style

Enter a name for the Email Notification Style in the Name field.

In the Style selection box, select from Invite, Transfer and Team Transfer. This style will be added to the Style selection option in the respective transfer.

Depending on the selected option in the Style selection box. The Subject, Plain Text and HTML fields will be populated with the respective default values. Edit them as required and click on the Save button to save this Email Notification Style.

System Archive​

The system archive feature allows logs and files related to expired or inactive transfers to be moved to a remote FTP site. This frees up disk space while keeping all transfers around for auditing at a later date.

Creating a New Archive​

To create a new archive, click on the New Archive button and the New Archive dialog will display.

New Archive Dialog

The Archive Name box will be filled with the current date. You can change this to your own choice of name.

Enter a description for the archive in the Description text box.

To apply the archive for all users, select the Everybody option in the Objects From selection box. To limit the archive for a group, select the group in the selection box.

By default, the archive will move all deleted transfers and its related logs to the remote FTP site. The Archive All Deleted Objects field shows the mount of storage that can be recovered.

To archive more items, check the items in the Other Objects To Archive section. For each selection, the amount of storage that can be recovered will be displayed on the right hand side of each entry.

  • Expired Transfers - These are transfers that have expired, but not removed by the users.
  • Active And Complete Transfers - These are transfers that are still active, but have been fully downloaded by all recipients.
  • Active But Incomplete Transfers - These are transfers that are still active and not fully downloaded. Usually these are transfers that have been around for some time and are taking up storage. Enter the number of days in the Older Than selection field and all transfers older than this number of days will be selected for archive.

To set a recurring schedule for the archive, check the Enable Scheduling check box. For more details, see the section Setting a recurring archive on page

By default, the destination in the Archive To selection is Trash. This means that the selected transfers will be deleted and not archived. This is useful when there is no need to audit transfers that have expired or are deleted.

To send the archive to a remote FTP site, select FTP in the Archive To selection.

New Archive Dialog to FTP

Enter the host name or IP address of the FTP server in the Archive Server box. The default FTP port is 21. You can change this in the Port field.

Enter the path name for the archive in the Path box.

Enter the user name and password for the FTP account in the User Name and Password boxes accordingly.

When done, click on the Create button. The archiving process will start in the background. You can check the status by double clicking on the related entry. The Archive Properties page will display.

Archive Properties Page

The status of the archive is shown in the Status field. If it has failed, the reason will be shown in the Reason field. You can make changes to the archive to fix the reason for the failure. Then click on the Retry button to try again.

It is important to note that no transfers, files or audit logs are removed if the archive process fails.

To see the activities related to the archive, select the Audit Log menu tab. In the activities selection, select the Archives option. The audit log will display all activities related to the archive. An example is shown in the following figure.

Archive Audit Log

Setting a recurring archive​

A recurring schedule can be set for an archive to run. First, open the Archive Properties Dialog by double-clicking on the selected archive from the Archives submenu tab of the System menu tab. The dialog is shown in the following figure.

Archive Properties

Check the Enable Scheduling check box and the scheduling fields will appear as shown in the following figure.

Archive Properties with Scheduling

Select the hour that the archive will run in the Hour field.

For daily schedule, select Any in the Day of Week and Month selection box. The Any Day Of The Month check box should be checked.

For weekly schedule, select the day of the week that the schedule will run in the Day Of Week selection box e.g. Sunday. The Any Day Of The Month check box should be checked and the Month selection box set to Any.

For monthly schedule, select Any in the Day Of Week selection box. Uncheck the Any Day Of The Month check box and the Day Of Month selection box will be displayed as shown in the following figure. Select the day of the month that the schedule will run in this selection box. Finally, select Any for the Month selection box.

Archive Properties with Scheduling

Click on the Update button to save the schedule settings to the archive.

Using an Archive​

After an archive is created, it is listed in the Archives submenu tab of the System menu tab. Double click on the selected archive to display the Archive Properties dialog as shown in the following figure.

Archive Properties

From this dialog, you can see the items that were archived and the archive location. When the archive is mounted, the items in its audit logs are accessible in the Audit Log search menu. To mount an archive, click on the Mount button.

LDAP Server Accounts​

The Qiata can connect to one or more external LDAP Server(s) for authentication, authorization and contact sharing. The LDAP Server can be used for automatically signing up users in an AD and putting them in a group.

To see the list of accounts, select the Company menu tab and then on the Servers submenu tab. The list of LDAP Server Accounts is listed in the LDAP table as shown in the following figure.

Company Server Settings

Adding a LDAP Server​

From the Servers submenu tab, click on the Add LDAP Server button. The LDAP Server Properties dialog will be displayed.

LDAP Server Properties

In the Server Name text box, enter a name for the LDAP account.

In the Security selection, select the security option for the LDAP server. You can select No encryption; or for more security, TLS or STARTTLS.

In the Address text box, fill in the hostname or IP Address of the LDAP Server. Select the port number in the Port selection box.

Select the priority of the LDAP Server in the Priority selection box. The priority will be used when going through multiple LDAP Server accounts to check for user authentication. The lower the number, the higher the priority.

In the Users Object Class text box, enter the object class for the users list. The default is user.

In the Email Attribute text box, enter the attribute for the email parameter. This is used to extract the email address from the LDAP entries. The default is mail.

If the entries from LDAP account can be used in the global shared contact list, check the Share Contacts check box. When this option is selected, entries from the LDAP server which have the email address in the mail attribute will be added to the global shared contact list. The entries are updated every day at 4am or when the server settings are updated. The entries in the LDAP account can be shared with all users or with selected group. This option is available when the Share Contacts check box is selected as shown in the following figure.

LDAP Share Contacts

Select the attribute to use for login identification in the Login Attribute selection box. The options are sAMAccountName, userPrincipalName, displayName, cn and mail.

To bind to the account without a DN, check the Anonymous Bind check box. The next two fields will not be used and will be hidden.

Enter the Distinguised Name and Password in the Bind DN and Bind Password text boxes respectively.

Enter the base Distinguished Name in the Base DN text box. An example base DN is cn=Users,dc=secudos,dc=com.

To further refine the list of entries from the LDAP account, enter a filter in the Search Filter text box. Only entries that matches this filter will be used.

Example - The list of users authorized to use the Qiata is added as members of a group named Qiata Users in the Engineering Organization Unit of secudos.com (DC=secudos,DC=com). The filter will be as follows.

memberOf=CN=Qiata Users,OU=Engineering,DC=secudos,DC=com_

Click on the Save button to save the values. To test the settings, click on the Test button. The result of the testing will be shown in the Test Result text box.

If there are existing users in the local database that also belong to the LDAP group, you can check the Convert Existing Accounts check box. This will convert the user accounts from using the local database to use the current LDAP account.

Editing an LDAP Server Account​

To edit an LDAP Server Account, double click on the account entry. The LDAP Server properties page will be displayed as shown in the following figure.

LDAP Server Accounts

Make changes and click on the Update button to save the changes.

OpenID Connect​

With Qiata it is possible to authenticate via an external OpenID Connect Provider (AzureAD or AD FS). You can find instructions on how to connect AD FS here and AzureAD here.

Reports​

The Qiata can generate various reports on the system resource usage and email to designated recipients on a daily, weekly or monthly basis.

The following reports can be generated.

  • Quota usage
  • File uploads
  • File downloads
  • Invites
  • File transfers
  • Files
  • User Logins

These reports can be generated for every user or every group.

To manage reports, click on the Reports submenu tab from the Company menu tab as shown in the following figure.

Reports Menu

Double click on any reports to edit the respective report. An example in shown in the following figure.

Report Properties Page Example

Adding a New Report​

To add a new report, click on the Add Report button at the bottom of the Reports menu. The new report page will be displayed as shown in the following figure.

New Report Page

Enter the name of the report in the Report Name field.

In the Parameters section, you select the report type. First, you select the grouping for the report in the Target selection box. Select User to target the reports for all users or Groups to target the reports at the group level.

Next select the report type. The following lists the available report type and their usage.

  • Quota Use - report on quota usage and maximum quota
  • Uploads - report on amount of data in bytes uploaded
  • Downloads - report on amount of data in bytes downloaded
  • Invites - report on number of invites sent and received
  • Transfers - report on number of transfers sent and received
  • Files - report on the number of files sent and received
  • Logins - report on the user login activities

In the Period section, check one or more period options (Daily, Weekly, Monthly) and enter one or more email address in the Email Addresses text box.

Setting Company Properties​

To set up or change the company properties, select the Company menu tab and then the Properties submenu tab as shown in the following figure.

Company Properties Page

The Company Name field displays the name of the company.

The Company FQDN field displays the Public IP Address or Host Name of the Qiata. This field is used as a prefix for all url generated by the system. If the url is hosted on a different port number (default is 443), the port number is displayed as a number after the name separated by a colon (:) character. For example demo.secudos.com:8080.

To disable a company temporarily, check the Deactivated check box. When deactivated, only Company Administrators are allowed to access the system.

Enter a description for the company in the Description text box.

The amount of storage that the Qiata can use is displayed in the Storage Quota field.

Select the default language for the templates in the Default Language selection box. Currently, the supported languages are English, French, German and Simplified Chinese.

The number of internal and external users are displayed in the following respective fields.

Short description of all fields​

Properties

Company Name - Name of company.

Company FQDN - IP Address or Host name of the Qiata e.g. fta.example.com

Deactivated - Check this check box to disable the company account.

Description - Description of company.

Storage Quota - Size of storage to allocate to company.

Default Language - Select the language template to use.

Limits

Maximum Number of Users - Maximum number of users that can be created.

Number of Internal Users - Displays current number of internal users in the system.

Number of External Users - Displays current number of external users in the system.

Deactivate Users after Inactivity - Specifies the value after which user accounts are automatically deactivated (in days).

warning

The value of Deactivate Users after Inactivity is set to 0 after a restore for security reasons, so that no accounts are mistakenly deactivated.

Uploads Size - Maximum size of each file that can be uploaded.

Maximum Zip Size - Maximum size of files that getting zipped.

Concurrent Downloads - Maximum number of concurrent downloads.

Maximal Authentication Age - Specifies how long a single sign-on session can last.

Email Notifications - Check this check box to enable email notifications.

Add-in Configuration​

The Add-In Configuration pane contains the following configuration parameters:

Add-In Configuration

Custom OWA Url - The address entered here is listed as an accepted domain for the Content-Security-Policy and can thus be used to display the Add-In. E.g https://owa.domain.com

Blocked words - Enter the desired words or characters here for which the Add-In should react. Entries are separated by commas or lines. Only letters and digits are allowed

Maximum attachment size - Enter the maximum attachment size here for which the Add-In should react. If the size is 0, then the allowed size is infinite.

info

Here you can see how the user is informed about a buzzword or a maximum attachment size override: Qiata Outlook Add-In Smart Alerts

Action - Select the action to take, based on the keywords or maximum attachment size.

  • PromptUser: the user still has the possibility to send the email without using the Qiata Add-In
  • SoftBlock: forces the user to use the Qiata Add-In
info

In case the Qiata can not be reached a user can still send the mail even with SoftBlock.

Manifest - The link points to the manifest on the Qiata that you can be used for installation or rollout.

warning

The following changes cause the manifest to be reinstalled in Outlook:

  • Changing the Company FQDN
  • Changing the Action from PromptUser to Softblock (or vice versa)
  • Adding, changing, or removing an OpenID Connect provider

Configuring Account Password Security Level​

The third part of the Company Properties page allows the Company Administrator to define the security level for account passwords.

Password Security Settings

To force users to change their passwords on the first login, check the Require Change on First Login check box.

To force the password to expire after a period, check the Expire Periodically check box. The After selection will be displayed as shown in the following figure.

Password Expire

Select the number of days to expire a password and force a password change when the user logins.

Check the Enforce Strength check box to ensure that the password is a strong password.

Extra options will be displayed as shown in the following figure.

Enter the minimum length of the password in the Minimum Length field.

The next three fields: Digits, Capital Letters and Non Alphanumerics, define the type of characters that must be in the password.

Check the Prevent Reuse check box to prevent the same password as well as previously used passwords from being used again.

Enforce Password Strength

Configuring SMTP Relay​

The last part of the Company Properties page allows the Company Administrator to define the SMTP server settings as shown in the following figure.

SMTP Server Settings

The Qiata must use a SMTP relay to send all mail notifications. This is done in the Properties submenu page in the Company menu tab.

Modern authentication via Office - If required, modern authentication can be set up via Office. This is set up via the DOMOS Control Center.

Note

When using modern authentication, mail is sent via the DOMOS mail server (Postfix). Therefore, a functioning mail configuration must first be set up in DOMOS in order to then activate modern authentication in Qiata.

Enter the SMTP server name or IP address in the Server field.

Enter the SMTP port number to use in the Port field.

If the SMTP server requires user authentication to relay mails, enter the user name and password in the User Name and Password field respectively.

If STARTTLS is supported by the mail relay, check the Use STARTTLS check box.

To test the SMTP relay settings, click on the Test SMTP button. The test dialog will be displayed as shown in the following figure.

Test SMTP

In the From and To field, fill in the respective sender and recipient email address. Then click on the Send button to start the test. The test result will be shown in the Test Result field as shown in the following figure.

Test SMTP Result

Configuring Email Notification​

The next two fields are used for the sender details for system originated emails e.g. account details. To change the default sender information in notification emails, change the settings in the Properties submenu page in the Company menu tab. Set the default name in the Name field and the default email address in the Email Address field.

If the SMTP Relay is unable to relay mails with unauthenticated sender email address, you can work around this using the Override Exception option. When this is enabled, senders whose email address do not match the domains in the Domains text box, will have their From address set to the default email address.

Click on the Save button to update the changes in the system.

Notice Board​

Use this feature to place a customized message to all internal users through their home page. To activate this feature, check the Enable check box and enter your message as shown in the following diagram.

Notice Board Settings

The following shows an example of show the message will look like in the home page.

Notice Board Example