Imprint
2022 June Release

Advanced SettingsPermanent link for this heading

To access the advanced settings, click on Advanced Settings in the dashboard of the organization.

DashboardPermanent link for this heading

Depending on your edition and licensed apps following areas are available.

Overview

Shows the key information of the organization. By clicking “View” you can navigate to the properties of the organization.

  • Name of the Fabasoft Private Cloud
    To personalize your installation, you can enter your own name for your private cloud. The name is used in several product strings.
  • E-Mail Address (No Reply)
    This e-mail address is used for automatic e-mails, such as for sending new events.
  • E-Mail Address (Sender)
    This e-mail address is used for automatic e-mails that are sent in conjunction with a user account (e.g. Teamroom invitations).

App Configurations

If apps that are based on app configurations are licensed, the corresponding app configurations are displayed here. Navigate in the app configurations widget to create additional app configurations.

Target Domains for “Teamroom Transfer”

Shows domains that can be used as target for transferring or publishing Teamrooms. Navigate in the target domains widget to create additional domains.

OAuth Clients

OAuth clients are needed, for example, for the transfer Teamroom functionality. If you activate a target domain for transferring Teamrooms, an OAuth client is created automatically in the target domain. Navigate in the OAuth client widget, to create OAuth clients manually.

For OAuth clients defined in the organization, you can specify whether the use must be confirmed.

Mindbreeze InSpire Services

Mindbreeze InSpire Services can be used to classify documents automatically. Navigate in the Mindbreeze InSpire Services to create additional services. If only one service is available, it is automatically the default service. If multiple services are available, a service can be set as default service by using the “Set as Default” context menu command. The default service is used if no service has been explicitly defined in the respective context (the fallback does not apply to an app room context).

You can define the following settings:

  • Name
    The name of the service.
  • Filter Service URL
    The URL to the Mindbreeze InSpire filter service (e.g. https://mbinspire.example.com:8443/filter/23401).
  • Tenant
    The Mindbreeze InSpire prediction service is multi-tenant capable. If a tenant is defined, it will be used in Mindbreeze InSpire.
    Note: In the Mindbreeze Management Center, the Tenant ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbtenant}}
  • Project
    Within a tenant several projects can be managed. If a project is defined, it will be used in Mindbreeze InSpire.
    Note: In the Mindbreeze Management Center, the Project ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbproject}}
  • Scope
    Within a project several scopes can be managed. If a scope is defined, the corresponding model will be used in Mindbreeze InSpire. Otherwise, the default model is used.
    Note: In the Mindbreeze Management Center, the Scope ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbscope}}
  • Authentication
    Defines the authentication type for the filter service.
  • Root and Intermediate Certificate Authorities
    Defines the root and intermediate certificate authorities for the validation of the SSL server certificates of the filter service.
  • Send Feedback to Mindbreeze InSpire Service
    Defines whether feedback about the correctness of the classification will be sent to the Mindbreeze InSpire service. This can improve the future classification.
  • Own Mindbreeze InSpire Service for Feedbacks
    Defines whether the feedback will be sent to a dedicated Mindbreeze InSpire service. If enabled, the data (Filter Service URL, Tenant, Project, Scope, Authentication) can be specified for the dedicated Mindbreeze InSpire Service.
  • Own Mindbreeze InSpire Service for Training Data
    Defines whether the training data will be sent to a dedicated Mindbreeze InSpire service. If enabled, the data (Filter Service URL, Tenant, Project, Scope, Authentication) can be specified for the dedicated Mindbreeze InSpire Service.
  • Software Component Prefixes for the Mapping of Fabasoft Cloud Keys
    If no full reference is specified in the Key Mapping field, the system attempts to determine the property using the software components specified here (e.g. COOTC@1.1001).
  • Key Mapping
    If the keys defined in Mindbreeze InSpire do not correspond to the keys in the Fabasoft Cloud, a mapping can be defined. As key in the Fabasoft Cloud the reference of the respective property is used (e.g. COOTC_1_1001_objcategory for the Category property). In the case of user-defined forms the programming name of the property is used as key.
    When using short references (e.g. objcategory), the corresponding software component must be specified in the Software Component Prefixes for the Mapping of Fabasoft Cloud Keys field.

If necessary, contact Mindbreeze InSpire Support to make the specific settings.

Holiday Tables

Holiday tables allow the definition of holidays and time intervals. Holidays are used, for example, in the workflow and time intervals are considered for follow-ups.

By default, holiday tables are available for Austria, Germany and Switzerland. If no specific holiday table is selected in the Holiday Table field of app configurations, app rooms or Teamrooms, the default holiday table is used (“Set as Default” context menu command).

A new holiday table can be created using the “Create Holiday Table” action. If applicable, an existing holiday table can also be duplicated.

Holidays can be created using the “Create Holiday” or “Import Holidays” action. When importing, a sample CSV file can be downloaded via the “Download CSV Template” button. Alternatively, the holiday tables provided by the product can also be downloaded as CSV files (properties > Holidays (CSV File) field).

Time intervals can be created in the properties of the holiday table in the Time Intervals field.

Define Contact DataPermanent link for this heading

You can enter addresses, telephone numbers and e-mail addresses of your organization.

To define the contact data, perform the following steps:

  1. In the dashboard of the organization click Advanced Settings.
  2. Click the “Define Contact Data” action.
  3. Enter the desired data.
  4. Click “Save”.

Define LogoPermanent link for this heading

You can define a logo, a preview logo, a background image and a header background color for your organization. The logo will be displayed, for example, left above the actions. The preview logo is used when the organization is displayed for instance in a list. The background image is displayed directly on “Home”.

To define the logos, perform the following steps:

  1. In the dashboard of the organization click Advanced Settings.
  2. Click the “Define Logo” action.
  3. Upload the logos or select already existing logos. If a logo exceeds the maximum display size, it will be automatically displayed smaller.
    Note: The Logo is also displayed in the header if no own Header Logo has been defined.
  4. Upload a background image for the home area.
  5. If applicable, specify the background color for the header (as hexadecimal value, e.g.: #FF0000). The colors of the elements of the header are automatically adapted to the background color.
    Note: If you select a background color, the background color and the logo are also considered for the login pages. If you select no background color, the top bar is displayed grey because the most logos are designed for a light background.
  6. If you enable Use Logo and Background Color in E-Mails option, the logo or header logo and the background color are also included in your organization's e-mails sent via the Cloud.
  7. If you enable the Use Logo und Background Color in Support Dialog option, the logo or header logo and the background color is used in the support dialog for internal support requests.
  8. Click “Save”.

Define PoliciesPermanent link for this heading

You can centrally define policies and default settings for the members of your organization. This is an efficient way to ensure a consistent user experience.

To define the policies, perform the following steps:

  1. In the dashboard of the organization, click Advanced Settings.
  2. Click the “Define Policies” action.
  3. Switch to the desired tab and define the policies. Further information can be found in the next chapters.
  4. Click “Save”.

“Actions” tabPermanent link for this heading

Define which organization members are authorized to execute the following actions:

  • Create Teamrooms
    Defines the members who are allowed to create Teamrooms.
  • Manage Home
    Defines the members who are allowed to manage their “Home”. Members who are allowed to manage the home area can place or remove objects on their home.
  • Transfer Teamrooms (Enterprise and higher)
    Defines the members who are allowed to transfer or publish Teamrooms.
  • Edit Forms and Categories
    Defines the members who are allowed to create, edit and release forms and categories.
  • Edit BPMN Process Diagrams
    Defines the members who are allowed to create, edit and release BPMN process diagrams.
  • Manage Inbox Rules
    Defines the members who are allowed to create and edit rules for inboxes.
  • Use Search Folders for Audit Logs (Enterprise and higher)
    Defines the members who are allowed to see audit logs.
  • Synchronization Mode
    Defines how the Cloud folder can be used by members to synchronize with the file system (“No Synchronization”, “Synchronized Folder”, “Synchronized Desktop or Synchronized Folder”).
    No synchronization: You can prevent the members can synchronize their data with the file system.
    Synchronized desktop: The members can synchronize their whole “Home”.
    Synchronized folder: The data in the synchronized folder of the members is synchronized.

Note:

  • These actions are generally not available for external members.
  • In the properties of the organization member, you will find the restrictions that apply to this member on the “Policies” tab. If “Executable by all members except” or “Executable by no one except” are defined in the organization, you can also change the settings for the user on this tab. If a policy is defined via a team, the settings cannot be changed at the user.

“Membership Administration” tabPermanent link for this heading

Define settings regarding the membership administration.

  • Add Members to the Organization
    Defines the members who are allowed to add new members to the organization. Only members whose email address matches one of the organization's email domains can be added.
  • Add External Members to the Organization
    Defines the members who are allowed to add new external members to the organization.
  • Remove Members from the Organization
    Defines the members who are allowed to terminate memberships of members.
  • Remove External Members from the Organization
    Defines the members who are allowed to terminate memberships of external members.
  • Manage Organizational Structure
    Defines the members who are allowed to manage the organizational structure.
  • Manage External Organizations
    Defines the members who are allowed to manage external organizations.
  • Manage Teams
    Defines the members who are allowed to manage teams.

“Content” tabPermanent link for this heading

Define settings regarding the allowed contents.

  • Blocked File Extensions
    Define a not allowed file extension per line. File with these file extensions cannot be uploaded.
  • Check Blocked File Extensions in ZIP Archives
    Defines whether file extensions are also checked in ZIP archives.
  • Maximum File Size (in MB)
    Files can only be uploaded if the file size does not exceed the specified value.
  • Maximum Number of Versions Kept
    When objects are changed a version is created. Here you can define how many versions are kept at maximum.
  • Signatures With Additional Password Verification (Compliant to FDA 21 CFR Part 11)
    Allows an additional password prompt when applying a signature that is defined in this policy.
  • Open or Download Content on the Device
    Can be used to determine for whom the open and download actions are available in the web browser client. In addition, Teamrooms and the assigned objects cannot be duplicated.
    For example, you can specify that nobody other than your organization members can use these actions.
  • Open Content via a Network Drive (WebDAV)
    Defines who is allowed to access your organization's content via a network drive (WebDAV). If access is not allowed, the common WebDAV clients are blocked.
  • Block Downloading of Content via Public Links
    If enabled, the “Download” button is not displayed for public links throughout the organization. Otherwise, it can be defined for the Teamroom or public link whether the “Download” button is displayed.
  • Allow Push Notifications for Events
    Defines whether push notifications are sent for events. If the affected object is assigned to another organization, Allow Push Notifications for Events must also be enabled in this organization for the push notification to be sent.
  • Allowed Members in Teamrooms
    By default, users, teams and organizations can be authorized in Teamrooms. You can restrict the allowed members teams and organizations.

“Teamroom” tabPermanent link for this heading

Define the default settings for new Teamrooms of the organization.

  • Access Protection
    Defines whether only the specified team is allowed to access the Teamroom or whether everyone can read the Teamroom but not search for it.
  • Restrict Shortcuts Within Teamroom
    Defines which type of shortcuts may be stored in the Teamroom. You can restrict the permitted shortcuts to objects that are assigned to the organization or to objects that are assigned to the Teamroom. In this way, you can prevent, for example, that shortcuts are stored to which the members of the Teamroom do not have access.
  • Restrict the Downloading or Opening of Content on the Device
    Allows team members to restrict who can open or download content at the device.
  • Roles That Are Allowed to Open or Download Content on the Device
    Defines which permissions a team member must have in order to open or download content at the device.
  • With Read Access Visible to All Members
    Defines whether all team members of the team are allowed to see the members with read access. If the setting is disabled, the team members with read access are only visible for members with "Full Control". Note that disabling this setting also restricts other use cases:
    • Only team members with “Full Control” have access to the “Team” action and can start processes.
    • Events can generally be deactivated for team members who are not allowed to see the team. Otherwise, only events will be displayed that do not allow conclusions to be drawn about team members with read access.
    • Team members with read access cannot use annotations, signatures, processes or comment on news feeds.
    • Team members with read access cannot be selected as participants in processes.
    • Team members with read access cannot create public links.
  • Display Notifications for Users Without Rights to View the Team
    Defines whether events for team members who are not allowed to see the team are generally disabled. Otherwise, only events are displayed that do not allow any conclusions to be drawn about team members with read access.
  • All Team Members May Add Members
    Defines whether all team members can add users to the team or only team members with “Full Control”. Members with change access may grant or revoke change access or read access to other members. Members with read access may grant or revoke read access to other members.
  • Restrict Team Members
    Defines the organizations, organizational units, teams and external organizations whose members may be added to the Teamroom. If the list does not contain any entries, members can be added without restriction.

“Processes” tabPermanent link for this heading

Define settings regarding processes.

  • Process Administrators
    A process administrator can monitor and control all processes in the organization.
  • Show Process Statistics for
    Defines for whom process statistics are displayed. A process administrator can view the statistics for all processes in the organization. A process owner can view the statistics for the processes for which he is responsible.
  • Process Statistics Calculation Interval
    Defines the interval for calculating the process statistics.
  • Schedule Process Statistics Calculation
    Defines when the next calculation of process statistics will take place.

“Authentication” tabPermanent link for this heading

Define settings regarding the authentication.

  • Settings for Login Session
    Defines the settings for the login sessions.
    • Validity Period
      Defines the maximum validity period of a login session. You can choose a value between 2 hours and 3 days. The default value is currently 16 hours.
    • Validity Period in Case of Inactivity
      Defines the maximum validity period of a login session when the user is inactive. You can choose a value between 15 minutes and 4 hours. The default value is currently 2 hours.
    • Value for SameSite Attribute of Session Cookie
      Defines the value of the SameSite attribute of the web browser cookie used for the login session. You can use the “Strict” or “Lax” value to reduce the risk of cross-site request forgery (CSRF). However, these values limit usability and may require users to log in more frequently. The default value is “Lax”.
      Note: The integration for Microsoft Teams and the task pane integration for Microsoft Office for the Web can only be used with the “None” value.
  • Trusted Networks
    Defines IPv4 addresses or address ranges (in CIDR notation, e.g. 198.51.100.0/24) of your trusted networks with which users communicate with the Internet. This allows, for example, extending the logon session binding from one IPv4 address to IPv4 ranges.
  • Authentication Methods That Do Not Require Two-Factor Authentication
    You can define that single sign-on and certificate authentication methods do not require a second factor. If you disable the second factor, your IT department must take appropriate measures to ensure that the authentication level is still maintained.
  • Permanent Login
    Defines the users who can use the permanent login.
  • Period of Validity for Permanent Login
    Defines the maximum time until a new explicit login is required.
  • Permitted Operating Systems for a Permanent Login
    Defines the operating systems on which permanent login is possible.
  • Certificate Authorities for Computer Certificates for Microsoft Windows, Apple macOS and Ubuntu
    On devices with Microsoft Windows, Apple macOS or Ubuntu, for security reasons, a permanent login is only possible if the devices can be identified by a computer certificate. This is to prevent users from permanently logging in on devices that are not under your organization's control (such as private or public devices). Specify all certification authorities that issue computer certificates to your organization by uploading the certificates from these certification authorities as a CER file in PEM format.
    If a user wants to perform a permanent login on a device, the system checks whether a computer certificate issued by one of the configured certification authorities can be found on the device. The following certificates are used:
    • Microsoft Windows
      “Local Computer” > “Personal” > “Certificates”
      CN of the certificate: local host name and domain name
    • Apple macOS
      Default keychain
      CN of the certificate: local host name and domain name
    • Ubuntu
      Network authentication certificate (802.1x)
      CN of the certificate: local host name

Default SettingsPermanent link for this heading

On the “Basic Settings”, “Accessibility”, “Notifications”, “Workflow” and “Home” tabs, you can define default settings for your members. Additionally, you can define whether the settings are changeable by the members. Via the “Reset to Default Settings” button, you can restore the settings predefined by Fabasoft. You can also define the settings individually in the properties of the members.

Note:

  • If the organization from which a user is managed changes, the default settings of the new organization are applied to the user.
  • Changes to the default settings only affect new and not existing members.
    The “Apply Organizational Settings” context menu command is available for users, teams, organizational units, external organizations and organizations in order to take over changed default settings.

“Basic Settings” tabPermanent link for this heading

Define the basic settings for your members. Users can find the settings here: “account menu (user name)” > “Basic Settings” > “General” tab.

In the Allow Users to Change Data Location field, you can also specify whether users should be able to change the data location. If not, users may only be able to change to the standard data location via the data location menu.

“Accessibility” tabPermanent link for this heading

Define the accessibility settings for your members. Users can find the settings here: “account menu (user name)” > “Basic Settings” > “Accessibility” tab.

“Notifications” tabPermanent link for this heading

Define the notification settings for your members. Users can find the settings here: “account menu (user name)” > “Advanced Settings” > “Notifications” > “Settings” button > “Settings” tab.

“Workflow” tabPermanent link for this heading

Define the workflow settings for your members. Users can find the settings here: “account menu (user name)” > “Advanced Settings” > “Workflow” > “Personal Settings” tab.

“Home” tabPermanent link for this heading

Define which items on “Home” should be available to members of the organization.

  • Available Elements on Home
    Defines which elements are available on Home. Additionally, the size and order of the elements can be defined.
  • Start With
    Defines an element available on Home that is initially displayed after login.
  • More Elements on Home
    Defines additional elements that should be available on Home.
  • Show Organization Management for Administrators on Home
    Define whether the organization management should be shown to administrators of the cloud organization on Home. If you disable this option, administrators can manage only selected settings using the “Settings” action of an app's personal dashboard.

You can define whether members are allowed to manage their home area themselves via the “Manage Home” policy (see chapter ‘“Actions” tab’).

“Fabasoft Cloud Client” tabPermanent link for this heading

Define the Fabasoft Cloud Client settings.

  • Fabasoft Cloud Client Link in the Software Center
    Allows organization members to install the Fabasoft Cloud Client via the web client from your Microsoft Software Center. You can find the corresponding link by navigating to the Fabasoft Cloud Client in the software center and clicking on the “Share” button at the top right.
    Note: The link to the Fabasoft Cloud Client in the software center must be updated after each update.
  • Provide Versions From the Software Center Only
    If the software center is not available on the workstation, the Fabasoft Cloud Client can alternatively be obtained from the cloud installation. To prevent this, the option can be enabled.

Login Options: Active Directory / SAML 2.0Permanent link for this heading

To enable members or external members of your organization to log in via Active Directory or SAML 2.0, you must configure the appropriate login servers.

Configuration of the Login Server

Follow the steps described in the white paper “Configuration of Single Sign-On”:

https://help.cloud.fabasoft.com/index.php?topic=doc/Configuration-of-Single-Sign-On/index.htm

Configuration in the Cloud Organization

To perform the configuration in the cloud organization, proceed as follows:

  1. Navigate to the advanced settings of your cloud organization.
  2. Click the “Login Options” > “Active Directory / SAML 2.0” action.
  3. Select the login method (Active Directory or SAML 2.0) and upload the metadata XML file of your login server.
    Note: If a login server is already configured, click “Add” first.
  4. In addition, you can specify whether two-factor authentication is required for the login method and whether users should be automatically created the first time they log in.
    Note: Automatic creation is only possible if the users use the URL for automatic login displayed on the next page.
  5. Click “Next”.
  6. Enter a short name for the login server.
  7. Specify the e-mail domains to be associated with this login server.
  8. You can make the displayed URL available to your users so that they can log in directly using the login server.
  9. Define whether the URL for direct login via the login server should also be used for sent links.
  10. Click "Next".

Note:

  • Repeat the steps to add additional login servers.
  • Existing login servers can also be edited or removed.
  • Organization administrators will receive a notification in the welcome screen and by e-mail when the metadata certificate expires within the next two weeks or has expired.
  • When a user is automatically created, the user becomes a member if the e-mail domain matches an e-mail domain of the organization. Otherwise, the user becomes an external member.

Login Options: CertificatePermanent link for this heading

In order that members of your organization can log in via a client certificate, all certificate authorities that are allowed to issue client certificates for your organization, have to be stored in the corresponding field as CER files in PEM format.

Additionally, you have to store the superordinate root and intermediate certificate authorities for the issuing certificate authorities in the corresponding field as CER files in PEM format. Provide for each root, intermediate and issuing certificate authority the corresponding certificate revocation list URLs. You can define whether a two-factor authentication is necessary when using the certificate log-in.

The CN of the certificates and the DN of the issuer must not contain special characters.

To complete the certificate configuration for your organization, you have to add the common name of the corresponding client certificates to the members (see chapter “Define Authentication and Two-Factor Authentication”).

Note: You can also define certificate settings for external organizations. This way you can provide a client certificate log-in for your external members, too.

Login Options: RADIUSPermanent link for this heading

In order that your organization members can use a one-time password via a RADIUS server, the settings of the RADIUS server must be defined in your organization. In addition, you have to define the respective User ID Used for RADIUS Server for your organization members.

Organization settings

Enter the computer name and the shared secret of the RADIUS server. The connection can be established either via UDP (port 1812) or RadSec (port 2083).

RADIUS server settings

  • The IP addresses of the two Fabasoft Private Cloud Nodes must be enabled for communication with the RADIUS server and must be defined in the RADIUS configuration.
  • Your RADIUS server has to be accessible via one of the following ports.
    • TCP/2083 (RadSec)
    • UDP/1812

Note: You can also define RADIUS settings for external organizations. This way you can provide a RADIUS log-in for your external members, too.

Define SMTP SettingsPermanent link for this heading

You can define your own SMTP server for e-mails sent via the Fabasoft Cloud. Make sure that the defined SMTP server is officially authorized to send e-mails for the domains of the specified sender e-mail addresses (Sender Policy Framework).

Define Organization RolesPermanent link for this heading

Via organization roles you can define users who are responsible for managing the organization. For further information about the roles, see chapter “Organization Roles”.

Configure EncryptionPermanent link for this heading

In order to be able to encrypt Teamrooms using Fabasoft Secomo, a key server that should be used for encryption has to be defined. Keys created as part of the encryption process will be managed by that key server.

As part of the initial configuration, keys are generated by the key server for your organization. After completion, the encryption functionality will be enabled.

Configure Digital SignaturesPermanent link for this heading

To enable the digital signing of documents with own certificates, you must store the corresponding certificates in your organization (“Advanced Settings” > “Configure Digital Signatures” action). In addition, you can specify which organization members are allowed to sign digitally with the certificates.

In addition to certificates, you can also define stamps. To do this, click the “Add Stamp” button in the Stamps field. Assign a name, define the organization members who are allowed to use the stamp and upload an image as stamp.

Note:

  • If the use of X.509 certificates is restricted, one of the following usage types (“Key Usage”) is required: “Digital Signature” or “Non Repudiation”.
  • Certificates can be updated using the “Update” context menu command. Organization administrators and owners receive a notification on the welcome screen when the certificate expires within the next two weeks or has expired.
  • Certificates can be deleted using the “Delete” context menu command. Deleted certificates can no longer be used for signing, but already signed documents are not affected.

Download PDF

Download PDF