Qiata System Administrator
As of version 4.0 the Company Administor must login using the old login, which is available from https://FQDN/sc. You can find more information in our FAQ section.
Introductionβ
The role of the System Administrator is to set up and maintain the system configuration for the Qiata. The System Administrator also sets up the Primary Auditor for the Qiata. The role of the Primary Auditor is discussed in the Auditor Guide section.
System Requirementsβ
The following information are required to set up the Qiata.
- Fully Qualified Domain Name for the company.
- Email address of the Primary Company Administrator.
- IP address or hostname of SMTP Relay.
- If needed, the user name and password of a valid email account for mail relay.
- Email address for system notifications.
Anti-Virusβ
The Qiata is installed with an Anti-Virus utility from ClamAV (www.clamav.net). Files in all transfers will be automatically scanned for virus using this utility. When a virus is detected in a file, the file will be removed and the sender of the file will be notified for each infected file found. If there are no more files in the transfer, the transfer will be aborted. If there are other non-infected files in the transfer, it will go ahead without the infected files.
The Anti-Virus database is checked every two hours for updates. The Qiata will initiate a web session to the Anti-Virus database mirror to check for updates. Hence TCP port 80 sessions must be allowed on the firewall from the Qiata. The Anti-Virus utility will always use the latest updates for scanning. If an update failed, it will still run with the previous updates. At the next successful update, the Anti-Virus database will be using the latest updates
Company Setupβ
From the login page, login with the default email address/password which is ftadmin/ftadmin. The home page will show the last log in date and total disk usage of the Qiata.
Select the Change Settings buton on the home page, to display user settings.
In the Preferred Language selection box, select a language that is preferred. Otherwise, select As Per Browser to use the language setting of the browser.
If One-Time Password is set to Yes, then it has been enabled for your account. The next time you log in, you will be prompted to configure it. If you have any questions, contact your administrators.
For more details on how to setup One-Time Password have a look at OTP configuration
Select the Company tab and the company set up page will be displayed.
Fill in the following fields.
Properties
Company Name - Name of company.
Company FQDN - IP Address or Host name of the Qiata e.g. fta.example.com
Deactivated - Check this check box to disable the company account.
Description - Description of company.
Storage Quota - Size of storage to allocate to company.
Default Language - Select the language template to use.
Administration
Company Administrator - Email address of Primary Company Administrator.
Send Password Again - Check this check box to re-send the password to the email address of the Primary Company Administrator.
Limits
Maximum Number of Users - Maximum number of users that can be created.
Number of Internal Users - Displays current number of internal users in the system.
Number of External Users - Displays current number of external users in the system.
Deactivate Users after Inactivity - Specifies the value after which user accounts are automatically deactivated (in days).
The value of Deactivate Users after Inactivity is set to 0 after a restore for security reasons, so that no accounts are mistakenly deactivated.
Uploads Size - Maximum size of each file that can be uploaded.
Maximum Zip Size - Maximum size of files that getting zipped.
Concurrent Downloads - Maximum number of concurrent downloads.
Maximal Authentication Age - Specifies how long a single sign-on session can last.
Email Notifications - Check this check box to enable email notifications.
Add-In Configurationβ
Custom OWA Url - The address entered here is listed as an accepted domain for the Content-Security-Policy and can thus be used to display the Add-In. E.g https://owa.domain.com
Blocked words - Enter the desired words or characters here for which the Add-In should react. Entries are separated by commas or lines
Maximum attachment size - Enter the maximum attachment size here for which the Add-In should react
Here you can see how the user is informed about a buzzword or a maximum attachment size override: Qiata Outlook Add-In Smart Alerts
Action - Select the action to take, based on the keywords or maximum attachment size.
PromptUser: the user still has the possibility to send the email without using the Qiata Add-InSoftBlock: forces the user to use the Qiata Add-In
Manifest - The link points to the manifest on the Qiata that you can be used for installation or rollout.
The following changes cause the manifest to be reinstalled in Outlook:
- Changing the Company FQDN
- Changing the Action from PromptUser to Softblock (or vice versa)
- Adding, changing, or removing an OpenID Connect provider
Notice Board
Notice Board - Use this feature to place a customized message to all internal users through their home page. To activate this feature, check the Enable check box and enter your message as shown in the following diagram.
Access controlβ
The settings for passwords only apply to local user accounts, not to external logins, e.g. via LDAP or OIDC.
Require Change on First Login - Check this check box to force the user to change password at the first login.
Expire Periodically - Check this check box to expire the password after the specified interval. Fill in the number of days in the After field.
Minimum Length - Set the minimum length for the password.
Digits - Check this check box to ensure that there is at least one digit in the password.
Capital Letters - Check this check box to ensure that there is at least one capital letter in the password.
Non Alphanumerics - Check this check box to ensure that there is at least one non alphanumeric character in the password.
Enforce Strength - Check this check box to enforce the previous four settings on password change. If this is turned off, the previous four settings only apply to the password generated by the Qiata.
Licenseβ
If your license is a abo license, you can skip these steps as the license will be installed automatically.
A license key is required for certain features like Encryption or TeamTransfer. After obtaining a license key file from Qiata or our partners, you can add the license to the Qiata. Click on the License submenu tab from the Company menu tab. The license page is shown.
Click on the Choose File button to select the license file and then click on the Upload button to upload and install the license key.
SSL Certificateβ
The Qiata uses SSL for all transactions. The default certificate is self-signed and will trigger verification warning from browsers. Select the Certificate sub menu tab from the Company tab as shown in the following figure.
To have a signed certificate from a known publisher, you need to first generate a certificate signing request or CSR for short. To generate a CSR, click on the Generate CSR button from the Company menu. The Generate Certificate Signing Request dialog will be displayed.
Fill in the required values for your organization and click on the Generate button to generate the CSR. The resultant RSA Key and CSR will be displayed.
Copy the RSA Key from the RSA Key text box and paste it into a text document. This will be the RSA Key for the CSR.** Keep it safely**. Copy the CSR from the CSR text box and paste it into another text document. This will be the Certificate Signing Request that most signing companies require. Send or submit this document to them.
The signing authority will return a SSL Certificate to you.
How to install SSL Certificateβ
Click on the Choose File button for Certificate and select the SSL Certificate that was returned from the signing authority. Click on the Choose File button for Private RSA Key and select the RSA Key file that you saved earlier. Some certificate signing companies require the use of intermediate certificate. If this is required, click on the Choose File button for Intermediate Certificate (Optional) and select the intermediate certificate file.
All files must be in PEM format without BAG Attributes.
Click on the Upload button to upload the RSA Key file and SSL Certificate file to the Qiata. The Qiata will now use the uploaded certificate for its HTTPS sessions.
Encryptionβ
The Qiata is able to encrypt all stored files on the system. A key is entered by the administrator and is used to encrypt and decrypt all files. All file uploads are encrypted before they are stored on the hard disk. No cleartext file is stored on the hard disk. To encrypt all stored files, select the Encryption submenu from the Company menu. The following page will be displayed.
In the Key Value text box, enter the key for encryption. The key must be at least 100 characters in size. For example, you can cut and paste a paragraph of text from somewhere as the key. When done, click on the Save button to start using the key to encrypt and decrypt files on the storage. The checksum will be computed for the key.
If the Qiata was used before and there are unencrypted files on the system that you want to remove, check the Remove Unencrypted Files checkbox and click on the Save button. The unencrypted files will be archived to trash.
When using encryption, the virus checking and ZIP creation functions are lost. Since the files are never unencrypted, these features are not available.
Mail/SMTP-Relayβ
To use user authentication for the SMTP Relay, the SMTP Relay must support one of the following authentication scheme: DIGEST-MD5, CRAM-MD5, PLAIN, LOGIN or NTLM. GSSAPI is not supported.
Modern authentication via Office - If required, modern authentication can be set up via Office. This is set up via the DOMOS Control Center.
When using modern authentication, mail is sent via the DOMOS mail server (Postfix). Therefore, a functioning mail configuration must first be set up in DOMOS in order to then activate modern authentication in Qiata.
Server - Host name or IP address of SMTP Relay.
Port - Port number to use for the SMTP Relay (default is port 25).
User Name - User name for SMTP Relay account.
Password - Password for SMTP Relay account.
Use STARTTLS - Check this check box to use TLS for SMTP.
Email Notifications Sender
Name - Name of Qiata user. This is used as the sender name in the notification emails.
Make sure that the Mail settings are filled out and are working before setting a new Company Administrator, as this user gets his credentials via Mail.
Email Address - Email address of Qiata user. This is used in the reply-to address of notification emails.
Only Override ... Domains - Check this check box if the SMTP Relay is unable to relay mails with unauthenticated sender email address. When this is enabled, senders whose email address do not match the domains in the Domains text box, will have their From address set to the default email address.
Domains - One or more domains to check against when the previous setting is enabled.
Click on the Update button to save the configuration. If the Company Administrator email address is new, an email will be sent to that email address with the One Time Password.
Updates for Qiataβ
All updates for the Qiata software are obtained centrally via the DOMOS operating system. An update via DOMOS therefore automatically includes all new packages for the Qiata software. No additional update is required elsewhere.
For instructions on how to obtain and install updates in DOMOS, see: DOMOS Updates
Troubleshooting support casesβ
If the system does not run as usual, extended debugging may be necessary.
We recommend that you make the following changes only after consulting an expert.
Activate Debug-Loggingβ
The following changes can cause extreme system limitations if used incorrectly. Please do not make these changes unless prompted to do so. If you have any questions, please contact support first.
- Log in to the system as root
When logging in via SSH, you must first log in with the user admin and then become the user root via su -.
- Navigate on the system to
/var/lib/fta/company/default/cfg
Enable Debug Log-Levelβ
- Change the value loglevel in the company.xml to
4and save the file
Enable Log-Topicsβ
- Add the required line to the company.xml, after the loglevel. Our support team will inform you which topic to debug. Here is an example for the env topic.
<logtopic>env</logtopic>
Currently these topics are available:
env- Logs environment extra informationsprocess- Logs process signals and runtimessession- Logs verbose user session informations
We recommend using the VI editor. Open the file e.g. via vi company.xml
:::
4. Restart both services once via systemctl restart ftad.service and systemctl restart httpd.service
5. Now force (if possible) the error again. Otherwise, continue to monitor the system until the error occurs again, if necessary.
Create a system report after forcing the error again:
- Log in to your system via your DOMOS interface (https://FQDN:10000).
- Navigate to the Overview item
- Click on Version Details at the bottom
- Then click on Create System Report
- Please send us the sarch.tgz you have just downloaded
After the system report is created, it is essential to reset the Loglevel back to 2 and remove the logtopic line. Also restart the two services mentioned above.
For instructions on how to obtain the system report in DOMOS, see: DOMOS Version Details