2020 Summer Release

Advanced SettingsPermanent link for this heading

To access the advanced settings, click on Advanced Settings in the dashboard of the organization.

DashboardPermanent link for this heading

Depending on your edition and licensed apps following areas are available.

Overview

Shows the key information of the organization. By clicking “View” you can navigate to the properties of the organization.

  • Name of the Fabasoft Private Cloud
    To personalize your installation, you can enter your own name for your private cloud. The name is used in several product strings.
  • E-Mail Address (No Reply)
    This e-mail address is used for automatic e-mails, such as for sending new events.
  • E-Mail Address (Sender)
    This e-mail address is used for automatic e-mails that are sent in conjunction with a user account (e.g. Teamroom invitations).

App Configurations

If apps that are based on app configurations are licensed, the corresponding app configurations are displayed here. Navigate in the app configurations widget to create additional app configurations.

Target Domains for “Teamroom Transfer”

Shows domains that can be used as target for transferring or publishing Teamrooms. Navigate in the target domains widget to create additional domains.

OAuth Clients

OAuth clients are needed, for example, for the transfer Teamroom functionality. If you activate a target domain for transferring Teamrooms, an OAuth client is created automatically in the target domain. Navigate in the OAuth client widget, to create OAuth clients manually.

For OAuth clients defined in the organization, you can specify whether the use must be confirmed.

Categories

Categories can be assigned to objects to affect their behavior. Typically, categories are managed in the context of apps. However, you can provide categories, for example, for category-based permissions in the Teamroom (access protection: “Extended by category”).

Mindbreeze InSpire Services

Mindbreeze InSpire Services can be used to classify documents automatically. Navigate in the Mindbreeze InSpire Services to create additional services. If only one service is available, it is automatically the default service. If multiple services are available, a service can be set as default service by using the “Set as Default” context menu command. The default service is used if no service has been explicitly defined in the respective context.

You can define the following settings:

  • Name
    The name of the service.
  • Filter Service URL
    The URL to the Mindbreeze InSpire filter service (e.g. https://mbinspire.example.com:8443/filter/23401).
  • Authentication
    Defines the authentication type for the filter service.
  • Root and Intermediate Certificate Authorities
    Defines the root and intermediate certificate authorities for the validation of the SSL server certificates of the filter service.
  • Tenant
    The Mindbreeze InSpire prediction service is multi-tenant capable. If a tenant is defined, it will be used in Mindbreeze InSpire.
    Note: In the Mindbreeze Management Center, the Tenant ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbtenant}}
  • Project
    Within a tenant several projects can be managed. If a project is defined, it will be used in Mindbreeze InSpire.
    Note: In the Mindbreeze Management Center, the Project ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbproject}}
  • Scope
    Within a project several scopes can be managed. If a scope is defined, the corresponding model will be used in Mindbreeze InSpire. Otherwise, the default model is used.
    Note: In the Mindbreeze Management Center, the Scope ID Pattern property must have the following value: {{_FSCMINDBREEZE_1_1001_fscmbscope}}
  • Send Feedback to Mindbreeze InSpire Service
    Defines whether feedback about the correctness of the classification will be sent to the Mindbreeze InSpire service. This can improve the future classification.
  • Key Mapping
    If the keys defined in Mindbreeze InSpire do not correspond to the keys in the Fabasoft Cloud, a mapping can be defined. As key in the Fabasoft Cloud the reference of the respective property is used (e.g. COOTC_1_1001_objcategory for the Category property). In the case of user-defined forms the programming name of the property is used as key.

If necessary, contact Mindbreeze InSpire Support to make the specific settings.

Define Contact DataPermanent link for this heading

You can enter addresses, telephone numbers and e-mail addresses of your organization.

To define the contact data, perform the following steps:

  1. In the dashboard of the organization click Advanced Settings.
  2. Click the “Define Contact Data” action.
  3. Enter the desired data.
  4. Click “Save”.

Define LogoPermanent link for this heading

You can define a logo, a preview logo, a background image and a header background color for your organization. The logo will be displayed, for example, left above the actions. The preview logo is used when the organization is displayed for instance in a list. The background image is displayed directly on “Home”.

To define the logos, perform the following steps:

  1. In the dashboard of the organization click Advanced Settings.
  2. Click the “Define Logo” action.
  3. Upload the logos or select already existing logos. If a logo exceeds the maximum display size, it will be automatically displayed smaller.
    Note: The Logo is also displayed in the header if no own Header Logo has been defined.
  4. Upload a background image for the home area.
  5. If applicable, specify the background color for the header (as hexadecimal value, e.g.: #FF0000). The colors of the elements of the header are automatically adapted to the background color.
    Note: If you select a background color, the background color and the logo are also considered for the login pages. If you select no background color, the top bar is displayed grey because the most logos are designed for a light background.
  6. If you select the Use Logo and Background Color in E-Mails setting, the logo or header logo and the background color are also included in your organization's e-mails sent via the Cloud.
  7. Click “Save”.

Define PoliciesPermanent link for this heading

You can centrally define policies and default settings for the members of your organization. This is an efficient way to ensure a consistent user experience.

To define the policies, perform the following steps:

  1. In the dashboard of the organization, click Advanced Settings.
  2. Click the “Define Policies” action.
  3. Switch to the desired tab and define the policies. Further information can be found in the next chapters.
  4. Click “Save”.

“Actions” tabPermanent link for this heading

Define which organization members are authorized to execute the following actions:

  • Create Teamrooms
    Defines the members who are allowed to create Teamrooms.
  • Manage Home
    Defines the members who are allowed to manage their “Home”. Members who are allowed to manage the home area can place or remove objects on their home.
  • Transfer Teamrooms (Enterprise and higher)
    Defines the members who are allowed to transfer or publish Teamrooms.
  • Edit Forms and Categories
    Defines the members who are allowed to create, edit and release forms and categories.
  • Edit BPMN Process Diagrams
    Defines the members who are allowed to create, edit and release BPMN process diagrams.
  • Manage Inbox Rules
    Defines the members who are allowed to create and edit rules for inboxes.
  • Use Search Folders for Audit Logs (Enterprise and higher)
    Defines the members who are allowed to see audit logs.
  • Synchronization Mode
    Defines how the Cloud folder can be used by members to synchronize with the file system (“No Synchronization”, “Synchronized Folder”, “Synchronized Desktop or Synchronized Folder”).
    No synchronization: You can prevent the members can synchronize their data with the file system.
    Synchronized desktop: The members can synchronize their whole “Home”.
    Synchronized folder: The data in the synchronized folder of the members is synchronized.

Note:

  • These actions are generally not available for external members.
  • In the properties of the organization member, you will find the restrictions that apply to this member on the “Policies” tab. If “Executable by all members except” or “Executable by no one except” are defined in the organization, you can also change the settings for the user on this tab. If a policy is defined via a team, the settings cannot be changed at the user.

“Membership Administration” tabPermanent link for this heading

Define settings regarding the membership administration.

  • Add Members to the Organization
    Defines the members who are allowed to add new members to the organization. Only members whose email address matches one of the organization's email domains can be added.
  • Add External Members to the Organization
    Defines the members who are allowed to add new external members to the organization.
  • Remove Members from the Organization
    Defines the members who are allowed to terminate memberships of members.
  • Remove External Members from the Organization
    Defines the members who are allowed to terminate memberships of external members.
  • Manage Organizational Structure
    Defines the members who are allowed to manage the organizational structure.
  • Manage External Organizations
    Defines the members who are allowed to manage external organizations.
  • Manage Teams
    Defines the members who are allowed to manage teams.

“Content” tabPermanent link for this heading

Define settings regarding the allowed contents.

  • Blocked File Extensions
    Define a not allowed file extension per line. File with these file extensions cannot be uploaded.
  • Check Blocked File Extensions in ZIP Archives
    Defines whether file extensions are also checked in ZIP archives.
  • Maximum File Size (in MB)
    Files can only be uploaded if the file size does not exceed the specified value.
  • Maximum Number of Versions Kept
    When objects are changed a version is created. Here you can define how many versions are kept at maximum.
  • Signatures With Additional Password Verification (Compliant to FDA 21 CFR Part 11)
    Allows an additional password prompt when applying a signature that is defined in this policy.
  • Open or Download Content on the Device
    Can be used to determine for whom the open and download actions are available in the web browser client. In addition, Teamrooms and the assigned objects cannot be duplicated.
    For example, you can specify that nobody other than your organization members can use these actions.
  • Block Downloading of Content via Public Links
    If enabled, the “Download” button is not displayed for public links throughout the organization. Otherwise, it can be defined for the Teamroom or public link whether the “Download” button is displayed.
  • Allowed Members in Teamrooms
    By default, users, teams and organizations can be authorized in Teamrooms. You can restrict the allowed members teams and organizations.

“Teamroom” tabPermanent link for this heading

Define the default settings for new Teamrooms of the organization.

  • Access Protection
    Defines whether only the specified team is allowed to access the Teamroom or whether everyone can read the Teamroom but not search for it.
  • Restrict Shortcuts Within Teamroom
    Defines which type of shortcuts may be stored in the Teamroom. You can restrict the permitted shortcuts to objects that are assigned to the organization or to objects that are assigned to the Teamroom. In this way, you can prevent, for example, that shortcuts are stored to which the members of the Teamroom do not have access.
  • Restrict the Downloading or Opening of Content on the Device
    Allows team members to restrict who can open or download content at the device.
  • Roles That Are Allowed to Open or Download Content on the Device
    Defines which permissions a team member must have in order to open or download content at the device.
  • With Read Access Visible to All Members
    Defines whether all team members of the team are allowed to see the members with read access. If the setting is disabled, the team members with read access are only visible for members with "Full Control". Note that disabling this setting also restricts other use cases:
    • Only team members with “Full Control” have access to the “Team” action and can start processes.
    • Events can generally be deactivated for team members who are not allowed to see the team. Otherwise, only events will be displayed that do not allow conclusions to be drawn about team members with read access.
    • Team members with read access cannot use annotations, signatures, processes or comment on news feeds.
    • Team members with read access cannot be selected as participants in processes.
    • Team members with read access cannot create public links.
  • Display Notifications for Users Without Rights to View the Team
    Defines whether events for team members who are not allowed to see the team are generally disabled. Otherwise, only events are displayed that do not allow any conclusions to be drawn about team members with read access.
  • All Team Members May Add Members
    Defines whether all team members can add users to the team or only team members with “Full Control”. Members with change access may grant or revoke change access or read access to other members. Members with read access may grant or revoke read access to other members.
  • Restrict Team Members
    Defines the organizations, organizational units, teams and external organizations whose members may be added to the Teamroom. If the list does not contain any entries, members can be added without restriction.

“Processes” tabPermanent link for this heading

Define settings regarding processes.

  • Process Administrators
    A process administrator can monitor and control all processes in the organization.
  • Show Process Statistics for
    Defines for whom process statistics are displayed. A process administrator can view the statistics for all processes in the organization. A process owner can view the statistics for the processes for which he is responsible.
  • Process Statistics Calculation Interval
    Defines the interval for calculating the process statistics.
  • Schedule Process Statistics Calculation
    Defines when the next calculation of process statistics will take place.

“Authentication” tabPermanent link for this heading

Define settings regarding the authentication.

  • Authentication Methods That Do Not Require Two-Factor Authentication
    You can define that single sign-on and certificate authentication methods do not require a second factor. If you disable the second factor, your IT department must take appropriate measures to ensure that the authentication level is still maintained.
  • Permanent Login
    Defines the users who can use the permanent login.
  • Period of Validity for Permanent Login
    Defines the maximum time until a new explicit login is required.
  • Permitted Operating Systems for a Permanent Login
    Defines the operating systems on which permanent login is possible.
  • Certificate Authorities for Computer Certificates for Microsoft Windows, Apple macOS and Ubuntu
    For security reasons, a certificate is required to identify the devices used. Define all certificate authorities that are allowed to issue computer certificates for your organization.
    Following certificates are used for identification:
    • Microsoft Windows
      “Local Computer” > “Personal” > “Certificates”
      CN of the certificate: local host name and domain name
    • Apple macOS
      Default keychain
      CN of the certificate: local host name and domain name
    • Ubuntu
      Network authentication certificate (802.1x)
      CN of the certificate: local host name

Default SettingsPermanent link for this heading

On the “Basic Settings”, “Accessibility”, “Notifications”, “Workflow” and “Home” tabs, you can define default settings for your members. Additionally, you can define whether the settings are changeable by the members. Via the “Reset to Default Settings” button, you can restore the settings predefined by Fabasoft. You can also define the settings individually in the properties of the members.

Note:

  • If the organization from which a user is managed changes, the default settings of the new organization are applied to the user.
  • Changes to the default settings only affect new and not existing members.
    The “Apply Organizational Settings” context menu command is available for users, teams, organizational units, external organizations and organizations in order to take over changed default settings.

“Basic Settings” tabPermanent link for this heading

Define the basic settings for your members. Users can find the settings here: “account menu (user name)” > “Basic Settings” > “General” tab.

“Accessibility” tabPermanent link for this heading

Define the accessibility settings for your members. Users can find the settings here: “account menu (user name)” > “Basic Settings” > “Accessibility” tab.

“Notifications” tabPermanent link for this heading

Define the notification settings for your members. Users can find the settings here: “account menu (user name)” > “Advanced Settings” > “Notifications” > “Settings” button > “Settings” tab.

“Workflow” tabPermanent link for this heading

Define the workflow settings for your members. Users can find the settings here: “account menu (user name)” > “Advanced Settings” > “Workflow” > “Personal Settings” tab.

“Home” tabPermanent link for this heading

Define which items on “Home” should be available to members of the organization. In addition, you can define the size and order of the items.

You can define whether members are allowed to manage their home area themselves via the “Manage Home” policy (see chapter ‘“Actions” tab’).

Login Options: CertificatePermanent link for this heading

In order that members of your organization can log in via a client certificate, all certificate authorities that are allowed to issue client certificates for your organization, have to be stored in the corresponding field as CER files in PEM format.

Additionally, you have to store the superordinate root and intermediate certificate authorities for the issuing certificate authorities in the corresponding field as CER files in PEM format. Provide for each root, intermediate and issuing certificate authority the corresponding certificate revocation list URLs. You can define whether a two-factor authentication is necessary when using the certificate log-in.

The CN of the certificates and the DN of the issuer must not contain special characters.

To complete the certificate configuration for your organization, you have to add the common name of the corresponding client certificates to the members (see chapter “Define Authentication and Two-Factor Authentication”).

Note: You can also define certificate settings for external organizations. This way you can provide a client certificate log-in for your external members, too.

Login Options: RADIUSPermanent link for this heading

In order that your organization members can use a one-time password via a RADIUS server, the settings of the RADIUS server must be defined in your organization. In addition, you have to define the respective User ID Used for RADIUS Server for your organization members.

Organization settings

Enter the computer name and the shared secret of the RADIUS server. The connection can be established either via UDP (port 1812) or RadSec (port 2083).

RADIUS server settings

  • The IP addresses of the two Fabasoft Private Cloud Nodes must be enabled for communication with the RADIUS server and must be defined in the RADIUS configuration.
  • Your RADIUS server has to be accessible via one of the following ports.
    • TCP/2083 (RadSec)
    • UDP/1812

Note: You can also define RADIUS settings for external organizations. This way you can provide a RADIUS log-in for your external members, too.

Define SMTP SettingsPermanent link for this heading

You can define your own SMTP server for e-mails sent via the Fabasoft Cloud. Make sure that the defined SMTP server is officially authorized to send e-mails for the domains of the specified sender e-mail addresses (Sender Policy Framework).

Define Organization RolesPermanent link for this heading

Via organization roles you can define users who are responsible for managing the organization. For further information about the roles, see chapter “Organization Roles”.

Configure EncryptionPermanent link for this heading

In order to be able to encrypt Teamrooms using Fabasoft Secomo, the encryption functionality must be configured.

  • Key Server
    Define a key server that should be used for encryption. Keys created as part of the encryption process will be managed by that key server.
  • Use Client Certificates for Authentication
    Define if client certificate authentication should be used for key server access. If client certificate authentication is configured for users of your organization, that authentication mechanism can be enabled for key server access.

As part of the initial configuration, keys are generated by the key server for your organization. After completion, the encryption functionality will be enabled.

Configure Digital SignaturesPermanent link for this heading

To enable the digital signing of documents with own certificates, you must store the corresponding certificates in your organization (“Advanced Settings” > “Configure Digital Signatures” action). In addition, you can specify which organization members are allowed to sign digitally with the certificates.

Note:

  • If the use of X.509 certificates is restricted, one of the following usage types (“Key Usage”) is required: “Digital Signature” or “Non Repudiation”.
  • Certificates can be updated using the “Update” context menu command. Organization administrators and owners receive a notification on the welcome screen when the certificate is about to expire or has expired.
  • Certificates can be deleted using the “Delete” context menu command. Deleted certificates can no longer be used for signing, but already signed documents are not affected.