This document is an overview of the features that are included in the Soonr Workplace Enterprise Plan. The Enterprise Plan is designed for the specific needs of IT departments in larger companies where control and management of cloud services is critical to business operations.
Soonr Workplace is Soonr’s service for secure sync, file sharing, and collaboration for businesses, and is currently offered in two standard plans. The tiered plans differ in scale and features as most commonly required by business customers as summarized in Table 1 below.
Table 1. Soonr Workplace Plans
PRO Enterprise
Base Seats 3 10
Base Connections 3 3
Base Storage (GB) 1000 5000
Unlimited File Size Support √ √
Desktop Sync √ √
Active Backup √ √
File & Folder Restore √ √
File Versioning √ √
Full Text Search √ √
Project Archiving √ √
Web and Mobile Document Rendering √ √
Public Links with Security Controls √ √
QR Linking (QR Codes for Public Links) √ √
Workplace Mobile Apps (iOS, Android, BB, Win Mobile) √ √ Integrated Mobile App Annotation (iOS, Android) √ √
Scan to PDF on Mobile Apps √ √
Integrated Mobile App Editing (iOS) √ √
Print & Fax √ √
Project Collaboration (Share & Team Links) √ √
SMS & E-mail Change Notification √ √
Smart Locking (Automatic Office File Locking) √ √
Company Branding √ √
Groups & Subgroups (Sharing & Policies) √ √
Microsoft Office 365 Integration √ √
Window System Service √ √
Project Owner Re-assignment √ √
Sub-Folder Sharing √ √
Advanced Project Sharing Permissions √ √
Active Directory Integration (User & Group Import) - √
Manage Projects (Super Admin) - √
Team Auditing (Account, Group, Active Directory) - √ User Access Auditing (User, Device, Agent, Admin) - √ Project Auditing (Project, File, Folder, Comments, Links) - √ Password Policies (Life-Cycle, Complexity, Thresholds) - √ Session Policies (Timeout, Cookie Controls) - √
IP Address White-listing - √
Public Link Allow Policy - √
Remote Computer Access Policy - √
Mobile Content Add/Create Policy - √
Mobile Content Edit Policy - √
Mobile Content Export Policy - √
Mobile Security Code Policy - √
Client and Web API’s for Custom Integration - √
Soonr Workplace has three main components:
Soonr Cloud Infrastructure and Services
Desktop Agents for Windows and Mac Computers
Integrated Mobile Apps for iOS, Android, Blackberry, and Windows smartphones and tablets
This document is intended for readers who have a basic understanding of each of these components and provides an overview of only the Enterprise specific features.
Super Admin Role
The Soonr Workplace Enterprise Plan provides a highly privileged role for the Admin which allows access and control of all Projects created by all Team Members, including private Projects and folders, regardless of any pre-configured share rights or permissions. This role allows IT, Security, and Compliance personnel to conduct audits or forensics on system use when such cases are warranted. Table 2 below lists the capability related permissions of each of the user types.
Table 2. Soonr Workplace Enterprise Plan User Permissions
Feature/Capability Super Admin *
Admin Member Connection Public Link View, edit, copy, delete, and undelete all user
Projects and Files * √
View, edit, and delete all user-created Public Links * √ View, edit, and delete all user shares & permissions* √
Create and view reports on user account activities * √ √ Create and view reports on user device access * √ √ Create and view reports on Project and File access * √ √ Establish user policies for passwords, sessions, and
device access * √ √
Create, edit, disable, and delete Admin, Members,
and Connections √ √
Adjust storage quota for Admins and Members √ √ Change password for Admins and Members √ √
Create and share Projects (requires own storage quota/allocation)
√ √ √
Create Connections √ √ √
Create Public Links √ √ √
View the user profiles of other users √ √ √ Create and edit Folders and Files within Projects
(does not require own storage quota) √ √ √ √ Collaborate on shared Projects, Folders, and Files √ √ √ √ Login to the service as a named account (managed by
the team Member or Admin) √ √ √ √
Install an Agent on a computer to Sync Projects to the Workplace Folder
√ √ √ √
Access to Team Projects from Soonr Workplace
Mobile Apps √ √ √ √
View and Download Files in PDF format √ √ √ √ √ View and Download Files in Original format √ √ √ √ √
Upload Files to a Project √ √ √ √ √
*Indicates an Enterprise-only feature
Active Directory Integration
The Soonr Workplace Enterprise Plan supports integration with Microsoft Active Directory (AD). This solution provides the following benefits:
• Soonr teams can be linked to company AD infrastructure elements.
• User accounts may be provisioned and maintained using account information from AD.
• User accounts share the account lockout policies from AD.
• Group and group relationships are imported and maintained by AD. • User authentication is performed though the integration link to AD. Figure 1 below shows Active Directory Configuration Settings in the Enterprise Plan.
Figure 1. Active Directory Configuration Settings
Team Auditing
The Soonr Workplace Enterprise Plan allows the Enterprise team Admin to generate and export audit records on account activity, groups and Active Directory events. Events can be filtered by user name and date range. Figure 2 below shows the Team Auditing event types and setting.
Figure 2. Team Auditing Event Types and Settings
User Access Auditing
The Soonr Workplace Enterprise Plan allows the Enterprise team Admin to generate and export audit records on device provisioning, logins, failed logins, IP mapping, and desktop agent connects. Events can be filtered by device, IP Address, user name, and date range. Figure 3 below shows the User Access Auditing Event types and setting.
Project Auditing
The Soonr Workplace Enterprise Plan allows the Enterprise team Admin to generate and export audit records on project management, file and folder changes, and file comments. Events can be filtered by project name, file name, user name, and date range. Figure 4 below shows the Project Auditing Event types and setting.
Figure 4. User Access Auditing Event Types and Settings
Password Policies
Password Policies allow a Soonr Enterprise team Admin to set global policies for password expiration (days), re-use cycle times, recent password interval (days), as well as password complexity and allowed failed login attempts. By default, no password policy is defined or enforced. For users imported into Soonr from Active Directory, these policies are not enforced and only AD policies are needed. Password Policy settings are shown in Figure 5 below.
Figure 5. Password Policy Settings
Session Policies
Session Policies allow a Soonr Enterprise Admin to specify global session timeout,
remember-me, and IP address display policies. By default, no session policy is configured or enforced. Session Policy settings are shown in Figure 6 below.
Figure 6. Session Policy Settings
IP Address Whitelisting
The IP Address White List is also commonly referred to as an Access Control List (ACL) in computer networking security terminology. This feature enables the Soonr Enterprise Admin to place restrictions on service login. Specifically, service login can be restricted based upon a combination of the mode of access (browser, mobile app, desktop agent) and the source IP address.
By default, no IP Address White List is configured or enabled, and therefore there is no service access restriction placed on either mode of access or source IP addresses (permit all). However, if the IP Address White List is configured and enabled, then service access is disabled from all modes of access and all source IP addresses (deny all), unless the
Address White List link as shown in Figure 6. Above will prompt the configuration dialog
screen below in Figure 7.
Figure 7. IP Address Whitelist Policy Settings
The white list is empty by default, but the screen above has been populated with a useful example. The first wildcard entry allows access from web browsers with any source IP address, but specifically excludes access from either mobile apps or desktop agents. By itself, this first entry would entirely prohibit access from mobile apps or desktop agents. However, the second entry specifically allows service access from mobile apps and desktop agents if such access originates from the specified source IP address. For example, if the allowed IP address entered above is a company's ISP-allocated public-side static IP address, then these two entries effectively restrict access from mobile apps and desktop agents so that it can occur only from behind the company firewall. Furthermore, if a
company has a policy of requiring mobile devices and remote desktop/laptop computers to use VPN access, then this approach would also support such remote access through the company VPN. In any case, the filter strategy above does allow browser-based access (using https) from any location.
Public Link Allow & File Unlock Override Policy
General Policies allow a Soonr Enterprise Admin to set global policies for allowing Public Links, and restricting unlock over-ride to only the Project owner. By default, public links are allowed. This policy setting is shown in Figure 8 below.
useful feature, some Admins might feel that higher security and better control are achieved by disabling Remote Access. This policy setting is shown in Figure 8 below.
Figure 8. Public Link, Unlock Override and Remote Access Policy Settings
Mobile Content Add/Create/Edit/Export Policy
Mobile Device Policies allow the Soonr Enterprise Admin to set global policies on allowing/disallowing the ability to create content, edit content, and export content to secondary or third party applications on mobile devices. By default, no restrictions on mobile device creation or editing are applied. This policy setting is shown in Figure 9 below. These policies can be use to prevent 3rd party applications from accessing any data in Soonr, meaning that visibility to that data is never lost and the potential for data leakage to unathorized services and users in minimized. Mobile Content Management Policy
settings are shown in Figure 9 below.
Mobile Security Code Policy
A Mobile Device Policy is available to allow the Admin to require a PIN passcode on mobile devices each time the Soonr Workplace mobile app is accessed by the user. Furthermore, an option is provided to set a failed passcode threshold, and to erase mobile device data upon passing that threshhold. This policy setting is shown in Figure 9 below.
Figure 9. Mobile Content Management and Device Policy Settings
Mobile Device Policies are designed to improve common device management tasks such as deleting all of the Soonr content on a stolen or lost smartphone or tablet. As an example of a remote-wipe policy, a Soonr Admin can check the Require Passcode policy, Enable Erase
Data policy, and set the Failed Passcode Threshold value to 5. In this example, if a device is stolen and the Soonr Mobile app is launched, it will block access to any Soonr data unless the correct pin code is entered. After 5 incorrect pin code entries, the Soonr Mobile app will clear all user data out of its cache and remain locked.
