SECURE MESSAGING PLATFORM

(1)

SECURE MESSAGING PLATFORM

WEB ADMIN CONSOLE ADMIN USER GUIDE

Introduction ... 2

Customer Management ... 3

Dashboard ... 3

User Account ... 5

General & Feature Settings... 7

Secure Message Disclaimers... 9

Security Policies ... 10

Registration Filters ... 12

DLP Content Filtering ... 13

Local Email Client Store ... 14

Notifications ... 15

API Secure Delivery ... 16

Admin User Access Levels ... 17

Troubleshooting ... 18

How do I delete a user? ... 18

How do I configure Email Aliases? ... 18

How do I change my Admin Password ... 18

(2)

Introduction

Organizations and resellers have full control over the administration and management of the Secure Messaging platform. When the Secure Messaging platform is configured, the organization designates a group administrator who is responsible for managing users and various security settings and feature access, as well as invitation to new user policies and filters. While the administrator has statistical and configuration access, they do not have access to the content of secure messages or file attachments.

The Web Admin Console also allows administrators to set user security authentication levels, and whether they want to enforce secure communications for all email traffic. The Web Admin Console includes an intuitive and straightforward dashboard that quickly displays important statistics. At a glance, administrators can review the total number of users, or the total amount of storage for their account, along with many other useful statistics including usage analysis.

The published API can be used to automatically provision user accounts or create new secure messages through another program, such as web service or existing email program such as an EMR or billing system for secure automated e-statements.

Administrators have the ability to:

 Set the proper security settings with three levels of user registration and authentication.

 Control user configuration options such as User Group, Email Aliases, and set permission filters for inviting new users.

 Set and manage a unique security option to store secure messages or file attachments locally (even if using MS Exchange®).

NOTE: To access the Web Admin Console, please obtain the credentials from your reseller in order to login from your web browser.

(3)

Customer Management

Dashboard

At the top of the Dashboard is an overview of the Secure Messaging platform. Statistics regarding the user base and storage are conveniently displayed. The user grid is a fully searchable and sortable grid that displays a range of useful information for each user, including when they registered, when they've last logged in, and what their User Group is. Below the table is the search field, as well as a drop down list of useful filters. The user grid can also be exported to Excel or Word.

NOTE: Some features might not be available depending on the configuration of the Secure Messaging platform and your admin user

profile. Contact your reseller for more information.

1. Use the top menu navigation to navigate between ‘Customer List’, ‘Customer Management’, ‘Admin Users’ management or ‘Server Settings’ management. If you are logged in as a customer, only the Customer Management menu will be displayed. 2. Use the sub-menu entries to manage the particular configuration of the Secure Messaging platform for one customer portal

implementation. If you manage more than one customer portal, use the drop down list to select between various customer portal implementations. Select the appropriate customer and click ‘Go’. Each customer has its own settings under this section that does not affect other customer’s on the same Secure Messaging platform (VPS). Click on the ‘Webmail’ button to trigger a new browser to the Secure Webmail login screen for this customer portal. Customers in Trial Mode should not use the system for confidential matters as it uses a default encryption key. Contact your reseller to ‘Certify Secure’ your portal.

(4)

3. The ‘Users’ summary shows now many Professional and Guest users are authorized with the portal (enabled users). Guest and disabled users are free of charge.

4. The ‘Storage’ summary shows how many secure messages and file attachments have been exchanged for this customer from initial set-up.

5. In order to get the most up-to-date statistics (refresh of the entire Dashboard), use the ‘Update Dashboard’ button, on the right hand side of the screen. Due to the large amount of statistical information available, the Dashboard updates every day in a batch process but does not auto-update automatically during the day.

6. To export the statistical data to MS Word or MS Excel, use the buttons located at the bottom of the grid. This action will open up a document to be read and managed in either MS Word or MS Excel.

7. Use the ‘Search’ feature to search for a particular user. Use the drop down to filter the user grid:

1. ‘Show all Users (no filter)’ displays all ‘enabled’ users. Disabled users are not displayed in this view. 2. ‘Professional Users’ displays all enabled Professional users.

3. ‘Guest Users’ displays all enabled Guest users.

4. ‘Registered Users (all)’ displays all users that have completed the registration process and are still ‘enabled’. 5. ‘User not Registered’ displays all users that have not completed the registration process. They have been invited,

but never registered to view their secure messages.

6. ‘Never logged in’ displays all users that never logged in to the Secure Webmail.

7. ‘Using Webmail only’ displays all users that did not install or use other programs to access their secure messages. 8. ‘Using MS Toolbar only’ displays all users that are exclusively using the Secure MS Outlook Toolbar and never

accessed the Secure Webmail.

9. ‘File Attachment Owners’ displays all users that have uploaded file attachments.

10. ‘Disabled Users’ displays all users that have been disabled and can no longer access their secure messages. 11. ‘Attempted Registration’ displays all users that started the registration process but never completed it to access

their secure messages.

8. Use the ‘Change Page’ feature to navigate between pages of users.

(5)

User Account

Every user is individually manageable from the Dashboard simply by clicking on their Email Address from the grid of users. Note that you may have to ‘Update Dashboard’ before you can access newer user accounts.

1. As an admin user, the Email Address of each user cannot be changed. It is used as a UUID throughout the platform. To add Email Aliases to a user, see section 9 below.

2. The user’s First and Last Name can be edited by the admin user. The default name displayed is as entered with the user registered.

3. Select the User Group assigned to this user. The changes are immediate. Every User Group has a User type assigned, Professional and Guest. For billing purposes, only Professional types (enabled) count.

4. Status: For auditability purposes, it is not allowed to delete a user. However, any user can be ‘disabled’. A disabled user cannot log in, and does not count towards a user for billing purposes. Furthermore, other users are prevented from sending secure messages to a disabled user. To disable a user, select Status ‘Disabled’ and click ‘Save and Close’. Disabled users can be re-enabled again at any time using the same Status option. This will re-enable their access to all their original settings, including all secure messages and file attachments.

Language: if the Multi-lingual Support module is

enabled, you can set the user preferred language. 5. Use the Blacklist Mode to enforce blacklisting of

keywords and regular expressions apply to this user. There are two options available to Professional users. For Guest users, this option is automatically set to ‘Secure Messages Only’ and cannot be changed.

 Secure Messages Only (MS Outlook & Webmail):

The blacklist will be applied to secure messages only, in both MS Outlook and the Secure Webmail. Any user including a blacklisted item in the body or subject line of a secure message will not be allowed to send the message, and will receive an error asking them to remove the keyword in order to send. Blacklisted items are defined under Security Policies in the Web Admin Console.

 Secure and Basic (MS Outlook Only): The blacklist will be applied to secure messages in both MS Outlook and the

Webmail client, as well as basic email messages in MS Outlook. Any user including a blacklisted item in the body or subject line of a message will not be allowed to send the message, and will receive an error asking them to remove the keyword in order to send. Blacklisted items are defined under Security Policies in the Web Admin Console. 6. Use the ‘Default Secure Mode’ to enforce sending a message secure based on keywords and regular expressions detected.

There are three options available to Professional users. For Guest users, this option is automatically set to ‘Never’ and cannot be changed.

 Never: User is never forced to send the message as a secure message, even if the message contains keywords from

(6)

 Based on keywords/algorithms: User is forced to send the message as a secure message if it contains keywords

from the DLP Enforce Secure list under Security Policies in the Web Admin Console.

 Always: User cannot create a basic email message. All new messages are composed as a secure message,

including replies and forwards to basic (unsecure) emails.

7. Preactivation Identity: used for advanced support cases where a user part of Exchange requires manual bindings to their SMTP Email Address. Manually specify the ‘Preactivation Identity’ from Microsoft Exchange to allow activation for unknown SMTP email address. This feature is used only for L3 support cases.

8. Once complete with your changes, use the ‘Save’ or ‘Save and Close’ buttons.

 To trigger the password reset on behalf of a user, use the ‘Reset Password’ button. A notification message will be sent to the user's basic email account with instructions on how to reset their password. Use this button if a user has requested that their password be reset, or if they report they have not received a reset password message. This button is only displayed for users who have completed the registration process.

 ‘Send Activation’: This button sends an Activation message to this user, allowing them to activate the Secure MS Outlook Toolbar. Use this button if a user requires that the Toolbar Activation message be sent again, or if they did not receive an Activation message. This button is only displayed for users who have completed the registration process.

 ‘Resend Invitation’: This button resends the Invitation message to this user. Use this option of the user requests a new Invitation message, or if they did not receive the original invitation message. This button is only displayed for users who have been invited, but have not started or completed the registration process.

 ‘Resend Registration’: This button resends the Registration Confirmation message to this user. Use this option if the user requests a new Registration Confirmation message, or if they did not receive the original message. This button is only displayed for users who have started the registration process, but have not entered their Confirmation Code to complete the registration process.

9. User Email Aliases: This option allows an administrator to set up email aliases on behalf of the user. Add all the user’s basic email aliases, or MS Exchange aliases with the ‘Add Email Alias’ button. The user will receive email alias confirmation messages, requiring them click a link to prove they own the email address. Until they complete this step, the email alias configuration will not be complete, and the alias will be listed as (P) for ‘Pending Confirmation’. For Guest users, this option is disabled. Email alias support requires a Professional user license.

(7)

General & Feature Settings

The General Settings page includes the ability to manage features, customize messages and manage legal disclaimers.

The feature settings section allows turning on or off feature across the entire Secure Messaging platform for the customer, regardless of the permissions applied to the User Groups. For example, even if Message Recall is enabled at the User Group, turning it off from this screen will make it so that no user, regardless of their User Group, has access to the Message Recall feature. These settings take precedence over the User Group settings set for the entire customer base under the same server. Please note that enabling certain features may incur additional fees.

1. Reference ID (free form): use this free-form field to associate a customer account with a billing number or unique identifier. This Reference ID is available from the Management API to link your customers.

Webmail Banner Link: when users click on the custom banner in the Secure Webmail, they will be directed to the specified

URL. Include the full URL e.g. starting with HTTP://. This is by default provisioned to the customer’s commercial website. 2. Secure Email Encryption: enabled by default, this is the core functionality for the platform to encrypt secure messages.

Secure Email PLUS: enables the basic secure messaging component of the platform such as message classification,

message tracking, etc. It includes all the features that are unique to the Secure Messaging platform.

For Your Eyes Only (F.Y.E.O.): this option turns on the For Your Eyes Only (F.Y.E.O.) feature for this customer. F.Y.E.O. is

an added security feature used to lock a secure message with a password that the recipients must enter in order to view the content of the secure message. Without the correct password, no one is able to view the content of the secure message.

(8)

Disabling F.Y.E.O. removes the feature from the Message Details when viewing and composing secure messages for all users on the same customer portal implementation. F.Y.E.O. can also be disabled at the user level, preventing certain User Groups from creating F.Y.E.O. messages, but not from receiving and viewing them. CAUTION: turning off F.Y.E.O. will prevent users from unlocking previously received secure messages marked F.Y.E.O. Do not turn off F.Y.E.O. if users will need to view previously received F.Y.E.O. secure messages.

3. Secure e-Statements: this option enables the API functionality for this customer, allowing integration directly with third party applications to send out secure messages automatically. For more information, please see the section regarding Client Services API. If your organization does not use the API functionality, it is recommended to leave this option ‘off’. Enabling this feature may incur transactional fees.

Decrypted API Delivery: enable the API functionality for archiving secure message decrypted to any third party repository.

4. Share Sent Items Read Rights: this option enables the sharing or read rights of all secure sent messages by the same domain as enabled under the Security Policies page. This feature must be enabled is secure messages are to be saved / stored in a third party repository such as EMR or ERP. It allows all users from the same domain to be able to read secure messages from colleagues.

Delete Records: enables an administrator to specify how long the records should be stored on the Secure Messaging

platform. Enabling this feature allows setting up a retention period (e.g. 7 years) after which all secure messages and associated file attachments are deleted from the server. By default this feature is disabled and retains records indefinitely. Note that this feature does not remove or expire messages that were previously downloaded into Outlook or an archive. It simply deletes the records from the central messaging servers. If disabled, records are never deleted.

5. Multi-lingual Support: enable this feature to turn on multi-lingual localization. Languages currently supported include English,

French, Spanish, Swedish, Dutch and Japanese. Functionality extended to Secure Webmail and Secure Webmail Lite. Browser detection presents the appropriate language based on local PC preferences, with the ability for user to specify preferred language at registration and through the ‘Tools > Preferences’ menu once logged in to the Secure Webmail. User preferences are remembered to offer seamless experience from any device.

Password Management: enable password rules under the Security Policies section of the Web Admin Console. 6. Secure Messaging DLP: the Secure Messaging platform is the first to introduce DLP features without requiring the

deployment of an expensive Gateway. This features enables keyword, regular expression and algorithm flagging (blacklisting, enforce secure), domain-based encryption, or enforce secure message if they contain a file attachment.

Message Recall: this option turns on Message Recall for the customer, and gives all users with correct permissions the ability

to recall a secure message that they have sent. Message Recall is only available by default to Professional users. Disable this option if you do not want anyone to be able to recall a secure message.

DLP Blacklist: enable blacklisting of keywords as defined in the Security Policies section of the Web Admin Console.

DLP Enforce Secure: enable Enforce Secure based on keywords & domains as defined in the Security Policies section of the

Web Admin Console.

7. Secure Large Files: this option enables various programs such as the Secure MS Outlook Toolbar to use an asynchronous upload for file attachments. This translate into the user being able to attach a large file (tested up to 25GB per message) without having to wait for the files to upload before being able to send the secure message. With this feature off, a maximum of 20MB is imposed per message, and all files are uploaded synchronously (e.g. user has to wait for the file to upload in Outlook before being able to continue with their work).

8. Secure e-Forms: this option enables the API functionality for Secure e-Forms (canned and custom forms). If your organization does not use the Secure e-Forms functionality, it is recommended to leave this option ‘off’.

Extra Encrypted Storage: this option enables billing for extra storage.

(9)

Secure Message Disclaimers

This section allows the administrator to customize messaging. It also allows the administrator to customize legal disclaimers for the customer that are appended to every secure message, and every secure message notification sent via basic email, without requiring the User to self-manage the disclaimers as email signatures in the mail program. It is transparent to the User and there is no room for error as insertion of those disclaimers is done at the server level.

1. Disclaimer Plain Text: This customizable text disclaimer is displayed at the bottom of every Notification Message and every secure message sent from the Secure Messaging platform, for this customer portal implementation. Use this feature to include a custom legal disclaimer in every secure message. It does not support HTML.

Disclaimer HTML: This customizable text disclaimer is displayed in HTML at the bottom of every Notification Message and

every secure message sent from the Secure Messaging platform. Use this feature to include a custom legal disclaimer in every message. It supports HTML.

2. Notification Footer: This customizable text is displayed at the bottom of every Notification Message sent from the Secure Messaging platform. Please enter your organization's contact information to comply with current anti-spam laws. It does not support HTML.

(10)

Security Policies

Use the Security Policies section to set various security settings related to user sessions and registration rules. Once configured, the customer implementation can self-provision itself by automatically assigning User Groups to specific users based on their email domain.

1. Default User Group: This option sets the default User Group for new users when they are invited (receive a secure message for the first time). Individual users can be upgraded to other User Groups at the Dashboard once registered. These default settings apply if there are no specific rules applied below in the ‘Registration Filters’ section.

2. Webmail Session Expiry: set the various secure session time for all users of the same portal:

 User Session Expiry Time (minutes): This option sets the amount of time of inactivity before a user’s session expires in the Secure Webmail. After the session expires, the user is redirected to the login screen where they must login again. Different privacy laws require different session expiry time. The default is set at 60 minutes.

(11)

(token) expires. Users have the indicated amount of time in minutes to complete process before the ‘forgot password link’ (token) expires, and they must restart the process. The default is set at 120 minutes.

 Registration Code Expiry Time: This option sets the amount of time before the Registration Code expires for Full

Registration. Users have the indicated amount of time in minutes to complete the ‘Registration’ process before registration code expires, and they must restart the process. The default is set at 360 minutes.

3. Open Access VS Controlled Access: Open Access allows Professional users to invite new users. The only restrictions are any email addresses or email domains that are blocked in the ‘Registration Filters’ section. Controlled Access limits users to invite only addresses or domains specifically set to ‘Allowed’ in the ‘Registration Filters’ section.

4. By Invitation Only: The ‘By Invitation Only’ sets whether users have the ability to register at the login page without an invitation from a Professional user type. With this option unchecked, the link ‘Register’ appears on the login page and anyone can register with the Secure Messaging platform (not recommended). With this option checked a user must be invited by a Professional user before he / she can register. The link ‘Have you been invited?’ appears on the login page. Users who have not been invited (but try to register anyway) will see a message informing them that they must be invited in order to register.

Allow Quick Registration: This option turns on the ‘Level 1 Security (Get the Invitation – Quick Registration)’, which

streamlines the registration process but is less secure. New users who receive an invitation to register will be sent to the ‘Quick Registration’ page, where they enter their credentials. Once they click submit, their registration is complete and they will be logged in automatically. Disabling this option turns on the ‘Level 2 Security (Confirm Email Address – Registration)’ where new users registering must complete an additional confirmation step to confirm that they are the owner of the email address. After entering and submitting their credentials, a confirmation code will be sent to their basic email account. This email will include a link which, when clicked, will complete the registration.

5. Allow Remember Me & Keep Me Logged In: This first option enables the ‘Remember Me’ feature. With this feature enabled, the system remembers the user’s email address at the Webmail and mobile app login screen. Users have the option to select this feature at the login screen. Disabling this feature will hide this option at the login screen making it unavailable for users. The ‘Allow Keep Me Logged In’ option enables the system to automatically login a user when they navigate to the Secure Webmail. This feature keeps the user logged in for 14 days. Users have the option to select this feature at the login screen. Disable this feature if you do not want to give users the option of staying logged in on a computer (more secure).

6. Show EULA On Registration: This option enables the EULA Terms and Conditions as part of the Registration process. With this feature enabled, a user must agree to the Terms and Conditions to complete the Registration. The link to review the customer Terms and Conditions is customizable at the User Group and is customized per VPS.

7. Disable Registration Confirmation Notification Message: This option disables the Registration Confirmation Notification message that is sent at the end of the registration process. Turn this option on you do not want your users to receive this message (recommended, on by default).

8. Password Management: offers support for administrator to set requirements for user password strength selection: Minimum Password Length / Maximum Password Length / Minimum Capital Characters / Minimum Numeric Characters / Minimum Symbols. This feature is enabled for all users of a customer instance. By default this feature is disabled not enforcing any restrictions on user password creation.

9. Challenge Response Authentication (CRA): The CRA feature turns on the ‘Level 3 Security (Challenge Response

Authentication – CRA)’ and allows for an additional layer of security on registration. When a user invites a new user, they must assign a code or password that the recipient user must enter when registering. This can be set to the new User's customer ID or PIN number assigned by your organization. With CRA enabled, all new users will require a CRA code by default to register. However, exemptions can be made for specific email addresses or email domains (such as internal domains, if your

organization's employees are not required to have a CRA code to register). This exemption is set at the ‘Registration Filters’.

The caption can be specified to ensure that the new user knows what to enter (for example ‘PIN Code’ or ‘Membership ID’). This will be displayed for both the inviter on send, and the new user at registration.

(12)

 Sender Help Link: This link is displayed for the sender when composing a secure message to a new user. This page

should provide custom information to your user instructing them on how to use the feature, and what code they must enter. This page can be set up within your organization's website to ensure the content can be easily updated.

 Recipient Help Link: This link is displayed for the recipient on the registration page, below the box where they must

enter their ‘CRA’ code. This page should provide custom information to new users instructing them on how to use the feature, and what code they must enter. This page can be set up within your organization's website to ensure the content can be easily updated.

Reference: http://help.secure-messaging.com/?page_id=725

Registration Filters

This option provides Whitelist and Blacklist filters for domains or individual users. Settings include a target User Group for the User domain if their access is set to ‘Allowed’. For example, all users from your organization should inherit the Professional User Group upon registration. This allows the system to self-provision itself and limit the amount of administrative work required.

1. Click ‘Add New Filter’, enter your organization’s domain (e.g. @corp-national.com) and assign the User Group to

‘Professional User’ to automatically assign newly invited staff with the proper User Group. If ‘Controlled Access’ is selected in User Registration Access, only ‘Allowed’ email addresses or email domains can register or be invited. If access is set to ‘Denied’, the email address or email domain is blocked from registering or being invited (black listed).

Administrators can set the specific blacklist or whitelist entries with the following settings: 1. Type: This option sets the Blacklist / Whitelist filter for an

entire domain, or an individual email address. 2. Domain & Individual: This option sets the specific

individual email address or email domain that is blacklisted or whitelisted. If ‘domain’ is selected, enter the email domain for this new filter. If ‘individual’ is selected, enter the email address for this new filter.

3. Access: This option sets whether this is a blacklisting or whitelisting action. ‘Allowed’ indicates a whitelisting, and is used to assign a specific User Group to an individual or entire email domain. ‘Denied’ indicates a blacklisting, where an individual or entire email domain can be blocked from registering and ever receiving secure messages. 4. User Group: This option sets the target User Group for

the whitelisting. The individual or domain will be

automatically set to this User Group when they are invited.

5. CRA Authentication: defines if the filter is exempt from having to enter a CRA code on registration. 6. API Secure Delivery: defines if the filter must archive all secure messages to a third party archiving system. 7. Share Sent Items Read Rights: defines if the filter users can share read permissions to other users’ sent items.

(13)

DLP Content Filtering

Use the DLP Content Filtering section to define the rules that apply to secure and non-secure messages. Blacklist keywords and algorithms (regular expressions / REGEX) and enforce messages to be sent secure based on keywords and algorithms (regular expressions). This section only defines the DLP rules used with the Outlook Toolbar. Refer to the Secure Messaging Gateway documentation for information on DLP configurations with the Gateway.

1. DLP Blacklisted Keywords / Algorithms Presets: Pre-defined algorithms for SSN numbers and Credit Card numbers can be selected.

2. DLP Blacklisted Keywords / Algorithms Custom: This option blacklists specified keywords or algorithms, preventing users from including them in outgoing messages. Any word or set of words/characters can be entered into the text area as a regular expression. In its most basic form, you can enter words separated by the ‘|’ character. For example: ‘tax|money’ will blacklist a message that contains either the keyword ‘tax’ or ‘money’. Please note that it is NOT case sensitive and spaces within a string requires a REGEX.

3. DLP Default Secure Keywords / Algorithms Presets: Pre-defined algorithms for SSN numbers and Credit Card numbers can be selected. Blacklisting takes precedence over these settings.

4. Default Secure Messages with File Attachments: There is also an option to require any message with file attachments to be sent secure. An exception for embedded images (e.g. email signatures) is also an option.

5. Default Secure Keywords / Algorithms Custom: This option forces a user to send the message as a secure message if it contains the specified keywords or algorithms. Any word or set of words / characters can be entered into the text area as a Regular Expression. In its most basic form, you can enter words separated by the ‘|’ character. For example: ‘tax|money’ will

(14)

trigger default secure for a message that contains either the keyword ‘tax’ or ‘money’. Please note that it is NOT case sensitive and spaces within a string requires a REGEX. Blacklisting takes precedence over these settings.

6. Domain List: use this area to specify specific email domains where all messages sent to those domains require to be sent secure.

For more information on creating custom regular expressions, please review the following website:

http://www.zytrax.com/tech/web/regex.htm

Local Email Client Store

Use these settings to increase security and prevent messages from being stored anywhere locally, or at its opposite, ensure that secure messages and file attachments are stored locally in the mail server.

1. Enable Local Store: This option allows local storing of secure messages locally (e.g. MS Outlook PST file) or in the mail server (e.g. MS Exchange or other), decrypted. With this option disabled, content is stored locally only for the duration of reading the secure message. When the user navigates away from the secure message, the Toolbar resets the secure message to the notification message (or message stub). All secure messages are rendered on viewing, and nothing is left stored on the local computer once the user navigates away from the message. Use this setting if you do not want recipients, or their Exchange servers, to store copies of messages locally. This setting can exclude POP3 and HTTP accounts.

NOTE: Turning this feature On / Off does not retroactively change the state of previously retrieved secure messages. The new

state is applied only for transactions from this point on.

2. Auto-Retrieve File Attachments: This option allows for automatic download and local storage of all file attachments sent and received. With this option enabled, when a user views a new secure message, any file attachments are automatically

downloaded and stored in MS Outlook. These file attachments are then stored in MS Exchange (if applicable), just like file attachments in basic (unsecure) messages. The ‘Maximum Attachment File Size’ option allows for a limit on the size of file attachments that are automatically downloaded and stored in MS Outlook. Only file attachments below this threshold are automatically downloaded; all file attachments larger are still available for viewing or manual download (pull from the Delivery Slip). Use this feature to ensure that very large attachments do not bog down MS Outlook or MS Exchange. ‘Enable Local Store’ must be enabled to use this feature.

NOTE: The attachment size limit is for the aggregate size of all file attachments in the secure message.

3. Auto-Retrieve Sent Items: This option automatically retrieves all sent items in MS Outlook. On send, the secure message content is automatically stored in MS Outlook, ensuring that all outgoing messages will be stored in MS Exchange, without requiring any additional action by the user. Use this option to ensure that all content sent from your organization is stored in MS Outlook and MS Exchange, and is available for archive. ‘Enable Local Store’ must be enabled to use this feature. 4. Webmail Sent Items Sync with Local Store: This option completes the cycle of ensuring that all your secure messages are

synced and stored with your local email server, such as MS Exchange. Users can send secure messages from the Secure Webmail and have those same secure messages automatically synced with their MS Outlook client sent items folder. The

(15)

Use this feature to ensure that all sent items are stored in Outlook, regardless of where they were sent from. ‘Enable Local Store’ must be enabled to use this feature.

Notifications

Use this section to set the Admin Support Email Address for the customer, as well as customize the default Invitation and welcome message new users receive via basic email upon being invited by a Professional User.

1. Admin Support Email Address: This option sets the Admin Email address for the customer. The Admin Email address will receive all errors reported. The Admin Email address cannot be set as an alias of another email address. The Admin Email Address is also used to send out all invitations to new users. Customer and or resellers should enter a custom email address that is monitored. This name attached to the Admin Support Email Address is displayed below. This name can be changed at the Dashboard, by clicking on the Admin Support Email Address. This must be a registered user & monitored by an admin.

(16)

2. Default Invite Message: This customizable text is displayed in the body of each basic email invitation message sent from customer instance. An invitation message is sent every time a secure message is sent to an email address that is not registered (new user) for both Professional and Guest users. HTML is supported for the Invitation Message.

WARNING: Keyword-based spam filters can identify your invites messages as spam based on its content. Be careful with the

wording you use.

3. Welcome Template Subject: This option sets whether the Welcome Message is sent as plain text, or HTML format. The Welcome Message is automatically inserted in the Secure Webmail for all new users once they complete the registration. The Welcome Template Subject is customizable and does not support HTML.

4. Welcome Template Body – HTML Version: This customizable text the content of the Welcome Message. This message can be used to convey important information to new users, or explain features and functionality.

API Secure Delivery

Unique to the Secure Messaging Platform, all secure messages for an entire organization can be sent via API to any third party Cloud Archive solution. It offers the ability to push the same decrypted secure messages to an unlimited number of destinations on different servers (archives).

1. Select Destination: initially this field is empty. As you create the first destination, it will become available in this drop down list. Once you have your first destination, a menu option ‘Create New’ will appear in the drop down list allowing you to create an unlimited amount of archiving destinations.

(17)

available and not recommended.

3. Archive Name: give this destination, or archive, a name that will appear in the drop down box above once created.

4. SMTP Server & Port: IP Address & Port of the archiving SMTP server. We must be able to connect to this server using TLS encryption.

5. Enable SSL: SSL is enabled and mandatory by default. Enter the username for the mailbox you want to archive to; this is typically an email address where all decrypted messages are sent to in an envelope format. Enter the password for the mailbox you want to archive to.

6. Enable for: determine what users the archiving applies for. Options include all Professional users on the portal, or email domain specific. If selecting domain specific, remember to set it up under the ‘Security Policies > Registration Filters’. All sent and received messages per user will be decrypted and sent to the archive.

7. Maximum Attachment File Size: select the maximum total attachment size per message. Some archives restrict it to 20MB. 8. API Secure Delivery Log: detailed logs are available with filters to show ‘All’ / ‘Completed’ / ‘Pending’ / ‘In Progress’ / ‘Failed’.

‘Pending’ and ‘Failed’ items will retry at the next 1-4 hour scheduled batch process until it is ‘Completed’.

Admin User Access Levels

The following levels of access are available for an Admin user:

End User Manager:

This user type has access to the Dashboard page only for their account portal. This is recommended for end customers, as it allows them to manage their users and see general statistics about their account.

Customer Manager:

This user type has access to the Dashboard, General Settings, Security Policies, and Notifications pages for their account. This is recommended for Resellers, as it allows them to manage the more complex settings on their customer’s behalf.

User Admin:

This user type has access to create new Admin users or manage existing Admin users only. This is recommended for Partner administrators, so that user access control is centralized.

Sales Admin:

This user type has access to the Dashboard for all of a VPS customer account portals. Users can switch between each account via a drop down box at the top. This is recommended for Partner level sales or support technicians, to give them Dashboard access for all accounts.

Server Admin:

This type has access to all pages listed above, plus the VPS Administrator pages. This is recommended for high level Partner administrators only, as changes on the Server Administrator pages will affect all customers.

(18)

Troubleshooting

How do I delete a user?

For auditability purposes, it is not allowed to delete a user. However, any user can be ‘disabled’ from the customer portal. A disabled user cannot log in, and does not count towards a user for billing purposes. Furthermore, other users are prevented from sending secure messages to a disabled user.

To disable a user, simply login to the Web Admin Console, go to Dashboard (if you've just logged in, you'll already be at the Dashboard) and click on the user. In the User Account window that appears, select Status ‘Disabled’. Click Save.

Disabled users can be re-enabled again at any time.

How do I configure Email Aliases?

In order to create email aliases for a user, please follow these instructions: 1. Login to the Web Admin Console.

2. Under Dashboard, find the user for which you want to add email aliases.

3. At the bottom of the User Account window is a section called ‘User Email Aliases’. In this section, add all of the SMTP email aliases (of the form name@name.com) that are configured for this user.

4. For each email alias added, an email message will be sent to the user, and they will need to open it and follow the instructions to confirm ownership of each email alias. It may be necessary to warn users in advance of these messages. This validation steps is mandatory and cannot be overridden by the administrator.

Once the user has confirmed the email aliases, the user will be able to receive secure messages sent to any of their email messages just as seamlessly as they do with basic email aliases.

How do I change my Admin Password

To change your password in the Web Admin Console, please follow these instructions: 1. Log into the Web Admin Console.

2. Click on your Username at the top right corner of the screen. 3. Click ‘Change Password’.

4. Enter your old and new Password. 5. Press the ‘Save & Close’ button. Your Password is now changed.

(19)

What is the difference between Journaling & Archiving?

Journaling refers to capturing information about an electronic message while it is in transit. The ‘journaled’ message may or may not be encrypted and users do not have access to their own ‘journaled’ message store. Archiving, on the other hand, is primarily dedicated for backing up basic and encrypted messages to an off-site location (cloud archive). Archiving does not occur while the electronic message is in transit and users may have access to their own archived (decrypted) messages through a separate interface.

The Secure Messaging platform supports both methods. Encrypted messages (notification messages) can be ‘journaled’ in transit when they arrive to the mail server. In order to have the decrypted messages and attachments put into the archive as well, the secure messages must be archived directly from the platform through automatic decrypting-APIs. Once decrypted, it is delivered to an SMTP relay through TLS where the archive will now have the encrypted (notification) ‘journaled’, and a separate entry with the decrypted (enveloped) secure message. For e-discovery purposes, this proves that a notification was delivered to the recipient, and exposes the content of the secure message in a separate entry.

Microsoft Exchange® Journaling intercepts outgoing or incoming messages, and journals them to a specific archiving address. W hen sending a secure (encrypted) message, the actual message content is sent encrypted through the Secure Messaging platform. Consequently, Microsoft Exchange® will only journal the message notifications that do not contain confidential data. In order to complete the archiving process, the Secure Messaging platform implements a direct method of decrypting and archiving to ensure that the secure message’s content is archived to the third-party archiving provider (Cloud or On Premise).

Description of functionality and workflow:

When a secure message is sent, the secure message archiving functionality creates a copy of the secure message as a basic (normal) decrypted email message (server side), with the full message content decrypted in the body and attachments. The archiving system adds the specified archiving mailbox as an “envelope recipient address”.

Then, the system connects to the third-party archiving SMTP server, authenticates via TLS using the mailbox user credentials, and sends this copy of the original secure message, but decrypted. The third-party archiving system will handle at this point the message and archive it. A TLS connection to the third-party archiving SMTP server is required to ensure that the secure message content is not sent ‘in-the-clear’ via public SMTP relay servers.

NOTE: It is important that the third-party archiving system does not relay the message to the original recipients, since this will send the

full message content decrypted.