Administration Concepts
S-Filer Portal administration is based on 2 levels of administration.
Master Administrator: Only the master administrator can create groups and communities.
S-Filer Portal users use S-Filer Portal to transfer files interactively. Users belong permanently to one or more groups. These groups can be based on the more permanent administrative divisions of a company such as Finance, Human Resources, and so on. Users can also be members of communities. These communities can be based on commercial or business requirements such as individual projects or comities.
S-Filer Portal users can be given administrative privileges:
Group administrators: As a group administrator, a user can manage the group membership as wells as options and permissions assigned to the group.
Community administrators: As a community administrator one can appoint users from different groups to be members in their community. A user can belong to zero, one or more communities. One or more community administrators manage the community.
This Manual
This Manual only covers the administrative functions that are only available to the Master Administrator. All administrative functions that can be performed by Users with administrative rights are covered in the User Manual.
Starting in administrator mode
This section describes how to get into S-Filer Portal in administrative mode in order to create, and administer Users, User Groups and Communities.
The following sections describe the functions available to the general user:
First Logon
The first time you logon after installing S-Filer Portal, only one user account is available for use. This is the Super user account. The default id is sfiler-master and the default password is sfiler.
Note: Although we recommend you create another master admin account with a different ID and a strong password, if you would rather keep this ID, you must change the password.
Logging On
To log on to S-Filer Portal, go to the S-Filer Portal web address (ex: https://www.okiok.com/sfiler) supplied by the system administrator responsible for the installation and configuration. A login page similar to the following will appear:
Logon as the master administrator using the id and password supplied. Select the domain that was created as part of the server creation process in the configuration interface. As a master administrator you will not be able to transfer files. S-Filer offers 3 different authentication processes. Other domains are not available yet. You will have to configure S-Filer Portal for users to have access.
Understanding the Home Page
After you have logged in to S-Filer Portal, you will see a home page that looks like this:
This page has seven sections, shown above in red.
- Section 1: This section lets you search for a community name, this is helpful when you have many communities or your community is not displayed on the home page.
- Section 2: Displays the Received Files and Sent Files, Displays the inbox, communities and Shares containing shared files and folders.
- Received Files and Sent Files contains the files you sent and files you received. Inbox contains your own files, communities contain files for each of the communities to which you belong followed by Shares. Click on any of these containers to see details.
- Section 3 This section shows the various files and folders available to you. Click on a file to download it to your computer (providing you have the necessary rights). Click Delete to erase any files or folders that you no longer wish to store in S-Filer Portal. Use the Search button (the button with the magnifying glass) to filter the file list according to the contents of the adjacent text box. The filter is applied to the texts in the from column and the File column.
- Section 4: Click the button in this section to upload files to the S-Filer Portal server, send files to users that are not part of an S-Filer community. You can also add new folders and move folders and files from this bar.
- Section 5: To view and update your S-Filer Portal account (i.e., your user profile), click My Profile. To generate activity reports as CSV files or PDF files, click Reports. Your Administrator may restrict your profile to simply view it and not be able to modify it.
- Section 6: This section lists the last few operations successfully completed. This section starts clean on every new session.
Administering your account
If this is your first logon, you should configure your account and make sure you include a valid email address to receive your temporary password in case you forget you administrator password.
Click My Profile to view and update your account details.
Updating your account details
To view and optionally update your user profile, click My Profile. The My Profile dialog box will open:
Here are the fields that you can change:
- Full Name: Normally, this is your "real" given name and family name. It will appear with your Login Name (i.e., the username you provide when you logon to S-Filer Portal) in the group lists and community lists.
- Email: The e-mail address that S-Filer Portal uses to send you a notice each time that you or someone in your community uploads, downloads, or deletes a file (providing that you have selected Email Notification, below). This is also the email S-Filer Portal will use to send you a new temporary password should you have forgotten your password.
- Email Notification: Select whether or not you wish to receive e-mail notifications.
- Language: Select the language to be used by S-Filer Portal.
- Inbox Alias: The label used to identify your Inbox. If you leave this field empty, the label Inbox will be used.
Changing your password
Your My Profile page has a Change Password link (unless your account is from an external user domain such as AD). Click the link to see the following:
- Current Password: In this field, enter your current S-Filer Portal password.
- New Password: Enter a new password.
- Retype New Password: Enter the same password that you entered in the New Password field.
Once you have changed your password, you cannot reuse the old password for a period of time. S-Filer Portal keeps a record of the passwords that you have used.
Logout
You can end your session with S-Filer Portal by clicking Logout, which appears at the top right of each page:
To protect your files, we suggest that you logout from S-Filer Portal whenever you leave your computer. If you do not use S-Filer Portal for a period of time (determined by an administrator), you will be logged off automatically.
Note: It is important that you DON'T close the windows by using the "X" button before logging out because any actions done during the session will be forgotten.
S-Filer Portal objects
S-Filer Portal is based on five major objects. The basic object is users. Users can be part of User Groups. Users can also be part of communities. This section gives you a brief overview of the different parameters associated to these objects.
The following section covers following concepts:
Users
S-Filer Portal is a complete, robust, Enterprise File Synchronization and Sharing (EFSS) and Managed File Transfer (MFT) solution designed to facilitate and secure all your information movement requirements including automated system to system file transfers, community based collaboration and person to person document sharing through synchronized folders. There are basically 2 types of users:
- Master administrators: The Master administrator is an administrator who can manage all groups and all communities. Unlike users with administrative privileges, the master administrator's account cannot be used to transfer files.
- Users: Users use S-Filer Portal to transfer files interactively. These users belong permanently to one or more groups. These groups can be based on the more permanent administrative divisions of a company such as Finance, Human Resources, and so on.
User Privileges
- S-Filer Portal users can be assigned administrative privileges:
- Group administrators: One or more group administrators manage each group.
- Community administrators: An administrator for each community can appoint users from these groups to membership in their community. A user can belong to zero, one or more communities. One or more community administrators manage the community.
User authentication
User can authenticate in three different ways:
- Natively: These users are created and exist only in the native S-Filer Portal database. They are not part or linked to the enterprise Directory. Master Administrators are native users. You would also create Native users for Business partners and other external users who are not part of the Enterprise Directory. These users are managed entirely from S-Filer Portal, including password reset.
- External Users: These users were taken from the corporate directory, which is an identity provider external to S-Filer Portal (for example: Active Directory, LDAP, Google, Microsoft and Salesforce). They will authenticate to S-Filer Portal from this directory using the authentication mechanism specific to each type of identity provider. This can be a manual authentication using their corporate ID (Active Directory and LDAP) or an automatic authentication using SAML (Microsoft) or OpenID Connect (Microsoft, Google and Salesforce). If the corporate ID is used, you cannot manage forgotten passwords in S-Filer Portal for these users.
- SSO: If configured, this option will permit users to authenticate automatically.
Multi-Factor authentification (MFA)
S-Filer Portal supports multi-factor authentication (MFA) using TOTP (Time-based One Time Password). There are system level and user group level configurations to determine the users for whom MFA is enforced. If the configuration makes MFA optional for a user, he may still decide to activate it on a voluntary basis.
The following sections describe how MFA works in S-Filer Portal:
System configuration
A system administrator can set the default MFA policy according to user type. This configuration can be accessed by opening the Policies option in the left-hand menu, then selecting the MFA option.
For each user type, a drop-down menu lets you choose the MFA policy. The choices are Optional or Enforced. If a user is not a member of a group that overrides the default MFA policy, the value defined in this screen will apply.
Note
Regular users include those whose role is Standard or Limited.
User groups configuration
The user group management screen lets you define a MFA policy that will replace the system policy for users in this group. As a user may be a member of several groups which may have different MFA policies, the following algorithm is used to determine the final MFA policy value for a user.
- If the user is a member of at least one group for which the MFA policy is Enforced, MFA will be enforced for this user (regardless of what is defined in the system policy).
- If the user is not a member of a group for which the MFA policy is Enforced and is a member of at least one group for which the policy is Optional, MFA will be optional for this user (regardless of what is defined in the system policy).
- If no user's group has defined a MFA policy, then the system policy will apply according to the user type.
See also
Please refer to the documentation for Administering a User group for more details on how to define a MFA policy for a user group.
Exceptions
There are some exceptions where MFA will never be requested when authenticating a user, regardless of whether the MFA policy for that user is Enforced and/or they have configured MFA in their profile.
- The user is defined as a service account.
- The user authenticates using a SSH key.
- The user authenticates using an access token.
- The user performs an authentication with an external identity provider and the response returned indicates that MFA was activated. For example, a user of a Microsoft AzureAD domain wants to authenticate in S-Filer Portal, which redirects him to the Microsoft authentication page. In this system, MFA is enabled, so the user must provide a second factor to authenticate. The response returned by Microsoft will tell S-Filer Portal that the user has authenticated with MFA. In this case, S-Filer Portal will not request MFA for this user.
User groups
A user group is a set of users (i.e., people who will use S-Filer Portal). The group grants its members certain rights with regard to S-Filer Portal. The following configurations are available for each group:
- Uploads permitted: This right, if enabled for a group, allows any member of the group to upload files. Otherwise, uploads are not permitted.
- Downloads permitted: This right, if enabled for a group, allows any member of the group to download files. Otherwise, downloads are not permitted.
- Sender group name: If it is defined, allows users of this group to upload a file for which the sender group name will appear in notification emails rather than the name of the user who uploaded the file.
- Password Policy: At the group level you can assign a Password Policy for that group. If no specific group password policy is assigned the System Default Password Policy is used.
- Override default MFA policy: This option lets you modify the multi-factor authentication policy for users of this group. This will override the default system policy (see section Multi-Factor authentification (MFA)).
- Quick send Allowed: This right, if enabled for a group, allows any member of the group to upload a file to an email address. Note: if the S-Filer Portal administrator has deactivated uploading to email addresses then enabling this right for a group has no effect.
- Quick send Password Policy: At the group level you can assign a Quick Send Password Policy for that group. By enabling this feature all members of the group will need to include a password when using Quick Send.
- Theme: At the group level, you can assign a theme. If no theme is specified the default theme will be used. If you specify a theme, it will be used at the login screen and emails URL will include the theme as well.
- IPs Allowed: In this option, you can specify a list of IP addresses. Each address must be in nnn.nnn.nnn.nnn format. Only users whose IP addresses appear in this list can interact with S-Filer Portal. You can also use a mask to specify a range of IP addresses. For example, a mask of 192.*.*.* allows any user whose IP address begins with 192 to access S-Filer Portal. Users whose IP addresses are not specified in the list cannot interact with S-Filer Portal.
A user (or more precisely, a user account) can belong to one group, several groups, or no group at all. If a user is not a member of any group, he or she cannot upload or download files. If a user is a member of one group, he has all the rights that were granted to the group. If a user is a member of two or more groups, his rights may be inclusive or exclusive, depending on the configuration of S-Filer Portal. For example, if a user is a member of one group that permits receiving files and another group that does not, then the user may not be able to receive files. To change the configuration, contact the S-Filer Portal Administrator or Integrator.
Communities
A community is a group of users who can exchange documents with each other. When you create a community, you assign one or more user groups to it. The members of these groups are then potential members of the community, but they do not automatically become members. After you create a community, you can select the members of the community from the users who are potential members.
- Security Profile: This option is used to select the Encryption algorithm and strength enforced for this community.
- Compression: This option is used to select whether to compress or not before sending.
- Transfer protocol: This option is used to select the default transfer protocol to be used by this community.
- Notification: This option determines whether user should get notified by email when a file is uploaded to the community.
- Display: This option determines whether user without download rights can still view filenames available.
- Default time to live: This option block is used to set default time to live properties that will affect transfers done to this community.
- Collaboration: This option if checked will keep different version of a file. To always replace the file, leave this option box unchecked. The Allow synchronization with client computers option, if enabled will permit files from this community to be synchronized on member's computers using the Sanctum client.
- Quotas: The Quota field will restrict the total amount of megabytes allowed for the community.
- Maximum file size: Will restrict the size in megabytes that a user is allowed to upload the community. If the quota is attained the user will receive an email informing them that they have exceeded the quota for the community.
- Time to Live: The default time to live for a community can be set by number of days, number of hours or number of downloads before the file is deleted.
Shares
A Share is similar to a community. A share can be created and administered by a user where as a community must be created by the Super-administrator. Once created, a community can be administered by an admin user.
Extensions
Extensions are modules programmed in Java by yourself or a third party who may be attached to certain events in the application. When these events occur, the code will be executed. The list of events depends on whether you place your extension on the entire application on a user group on a community or a particular user.
Extensions are optional. The S-Filer Portal Integrator must enable this option in order to see this objects.
Administering Users
The following sections introduce the following:
View existing users
As a master administrator you can manage all S-Filer Portal users. There are two types of users. Regular users who can transfer files and Master Administrators who can manage S-Filer objects, but cannot transfer files.
Figure 6 -- User and Administrator List
Click on the User or Administrator links and you will be presented with the list of all corresponding profiles.
Notice that each line contains the authentication type, that is Internal (Native to S-Filer) or AD.
Note: If the SSO option is activated, one might need to configure the browser using the administrative console.
Figure 7 -- User Management
Four options are available from this panel:
- Create a native user.
- Update an existing user.
- Manage user extensions
- Delete a user
Create Users
Selecting «Add», the following screen will be displayed:
Figure 8 -- Create User
Fill out all required fields.
- Username: The username used to login the user.
- Full Name: The user's "real" full name.
- Email: The user's email address. S-Filer Portal will send the user's password to this address.
- Language: Select the language that the user prefers.
- Role: as a group administrator you cannot change the user's role.
- Expiration date: You can set the expiration for a user account. If left blank the software will add by default 60 days to the expiration date when the user first logs in.
- Allow Email Notification: Enable or disable email notification for this user. Email notification can be used when a new file is uploaded to the user, for example.
- Account locked: This box will be checked if the users tries to login and had more than 3 failed attempts (the default is 3 failed attempts but this can be changed by a system administrator). As a group Administrator you can check this box to prevent a user from logging in.
- Current theme: It displays the current theme for the user and if no specific theme is used it will default to the Default theme.
- Default community: You can set the community in which a user will point to when they login. If not set the focus will be on the user's Inbox.
- Inbox Alias: Optionally, you can create an alias (e.g., "My Documents") for the user's personal Inbox. This alias will be used in place of "Inbox" on the user's home page.
- Reference ID: A general field you can use, is not used during transfers.
- Non-Editable by user: Enable or disable if a user can modify their profile. If unchecked the user can modify their profile. If checked the user will be able to see their profile but not modify it.
- Upload Allowed to inbox: This field can be used to limit the size of the inbox to prevent users from using S-Filer Portal to keep copies of personal items like photos...
- User quota (in MB): This parameter is used to limit the size of shares created by this user.
- Service account: This option is used for users performing automated tasks where we do not want to have to change password or provide multi-factor authentication (MFA) in a script. The S-Filer CLI (Command-Line-Interface) has a function that generates an encrypted password to use in a script.
- Prevent user from changing his password: If this option is enabled the user will not be able to modify their password.
- Require password change on next logon: This option is on by default and will require that the user change their password on their first logon.
- SSH key: When doing transfers in SFTP this will be the public key to be used for SSH authentication. When using the SSH key no password is required for authentication
Modify Users
Selecting a user will open a form very similar to the «Create user form» except it has one more field, «Locked account»
Again here, simply update the desired field.
Manage extensions for a user
Refer to the «Assign extension» section.
Delete Users
To delete one or more users, simply select the users (1) and click on the Delete button (2).
Note: Once deleted, all corresponding files will be deleted thus the user cannot be recovered.
Administering a User group
S-Filer Portal organizes enterprise users into user groups, which are usually based on functional teams. These groups use S-Filer Portal to gather and store files, which they can then make available to one or more communities.
The following sections introduce the different actions:
- View existing User groups
- Add a user group
- Change the properties of a user group
- Manage Group Members
- Manage Extensions available to a group
- Remove one or more groups
View existing User groups
You can be assigned administrative privileges in any user group to which you belong. You can be granted this right either by the S-Filer Portal administrator or by a delegated administrator of that group. If you are a user group administrator, your home page will display something like this:
As an administrator, there are four things that you can do:
- Add a new user group
- Modify an existing group
- Manage Extensions available to a group.
- Remove one or more groups
Add a user group
To add a new user group, click the + Create Group button.
Here are the fields that you can configure:
- Name: Enter a name
- Description: Text that describes the group.
- Download Allowed: Grant or revoke the right of the group's members to download files.
- Upload Allowed: Grant or revoke the right of the group's members to download files.
- Theme: You can now associate a GUI theme to a group. This adds the possibility of changing the GUI Theme dynamically based on user settings. If you specify a theme, it will be used at the login screen and emails URL will include the theme as well.
- Sender group name: If it is defined, allows users of this group to upload a file for which the sender group name will appear in notification emails rather than the name of the user who uploaded the file.
- Password Policy: At the group level you can assign a Password Policy for that group. If no specific group password policy is assigned the System Default Password Policy is used.
- Override default MFA policy: This option lets you modify the multi-factor authentication policy for users of this group. This will override the default system policy (see section Multi-Factor authentification (MFA)).
- Quick Send Allowed: Grant or revoke the right of the group's members to upload files to an email address.
- Quick Send Password Policy: At the group level you can assign a Password Policy to use with the Quick Send Allowed. This will make using a password mandatory, if no password policy is assigned you are able to use the Quick Send Allowed with out a password.
- IPs Allowed: A list of IP address from which the group's members can connect to S-Filer Portal. If the list is empty, users can connect from any IP address. You can use an asterisk to specify a range of IP addresses. For example, enter 192.168.*.* to permit the group's members to connect from any IP address that begins with 192.168.
Change the properties of a user group
To see the properties of a user group, click on its name in the list of user groups. The User Group Details dialog box will open
You can change the following properties:
- Description: Text that describes the group.
- Download Allowed: Grant or revoke the right of the group's members to download files.
- Upload Allowed: Grant or revoke the right of the group's members to download files.
- Theme: You can now associate a GUI theme to a group. This adds the possibility of changing the GUI Theme dynamically based on user settings. If you specify a theme, it will be used at the login screen and emails URL will include the theme as well.
- Sender group name: If it is defined, allows users of this group to upload a file for which the sender group name will appear in notification emails rather than the name of the user who uploaded the file. You must check the Allows you to use a group as a file sender and replace the sender's name in the mail notification option to be able to set a value in this field.
- Password Policy: At the group level you can assign a Password Policy for that group. If no specific group password policy is assigned the System Default Password Policy is used.
- Override default MFA policy: This option lets you modify the multi-factor authentication policy for users of this group. This will override the default system policy (see section Multi-Factor authentification (MFA)).
- Quick Send Allowed: Grant or revoke the right of the group's members to upload files to an email address.
- Quick Send Password Policy: At the group level you can assign a Password Policy to use with the Quick Send Allowed. This will make using a password mandatory, if no password policy is assigned you are able to use the Quick Send Allowed with out a password.
- IPs Allowed: A list of IP address from which the group's members can connect to S-Filer Portal. If the list is empty, users can connect from any IP address. You can use an asterisk to specify a range of IP addresses. For example, enter 192.168.*.* to permit the group's members to connect from any IP address that begins with 192.168.
Manage Group Members
As an administrator of a user group, you can add S-Filer Portal users to your group, and you can also remove them from your group.
Use the + button to select to add a new user to add the group.
- You can use the search group to select the group in our case Marketing.
- In the search result we click on Marketing to select it
- Click on + Add to add the user to the Marketing group.
Only a master administrator can delete a user from the application.
Important
If you remove users from a group, this can cause them to lose their membership in a community, and thereby lose access rights that they need for their work. Make sure you understand the consequences of removing a user from a group before you act.
Automatically assign users to communities
You have the option to configure a community within a user group to be assigned automatically to users. This ensures that users who are part of the group will also be automatically assigned to the specified community. To enable this feature, follow the steps below:
- Navigate to the list of communities in the user group settings.
- Locate the desired community that you want to link for automatic assignment.
- Check the Automatic Assignation option next to the community you wish to link.
- Click on Save
Once this configuration is in place, any users assigned to the user group will be automatically assigned to the selected community. It's important to note that users can be assigned to a group from various panels and processes, and in all cases, the automatic assignment will be applied.
Note
Please be aware that users assigned to a community through the automatic assignment functionality cannot be manually unassigned from the community. For example, within the community configuration panel, you will not have the option to remove users who were automatically assigned. Similarly, in the user configuration panel, you cannot remove the assignment to the community.
Manage Extensions available to a group.
Refer to Assign Extension for more details on managing extensions.
Remove one or more groups
Simply select one or more groups and click the Delete button.
- Select the group or groups you want to remove
- Click on Delete
- Click on Delete to confirm the delete
Administering a Community
S-Filer Portal organizes enterprise users into communities. What we call "communities" are cross-functional teams that exist outside the functional groups and divisions of your enterprise. These communities use S-Filer Portal to organize their resources according to their own preferences and their own ways of working. In this way, S-Filer Portal promotes information-sharing throughout the enterprise.
This section covers the following:
- Community List
- Add a Community
- Change the properties of a community
- Grant or revoke membership in a community
- Understanding Email Notification
- Generate Reports
- Manage Community extension
- Delete one or more communities
Community List
You can become a delegated administrator of any community to which you belong. You can be granted this right either by the S-Filer Portal administrator or by a delegated administrator of that community. If you are a community administrator, your communities page will display something like this:
Click Communities Management to view the list of Communities that you administer:
As an administrator, there are six things that you can do:
- Add a new community
- Change the properties ("Community Details") of a community.
- Generate reports about the file-transfer activities of the community.
- Manage Extensions
- Delete one or more communities
Add a Community
- Name: Short and significant name for this community.
- Description: Text that describes the community.
- Security Profile: The type of encryption used for file transfers.
- Compression Profile: The type of compression used for file transfers.
- Transport Profile: The protocol used to transport data.
- Email Notification: Notifications used by this community, see Understanding Email Notification
- Transfer Option: If enabled, community members can only send files to the entire community. If disabled, community members can also send files to individual members.
- Display Option: If disabled, community members who do not have download rights can nonetheless view the list of files.
- Collaboration: This option if checked will keep different version of a file. To always replace the file, leave this option box unchecked. The Allow synchronization with client computers option, if enabled will permit files from this community to be synchronized on member's computers using the Sanctum client.
- Quotas: The Quota field will restrict the total amount of megabytes allowed for the community.
- Maximum file size: will restrict the size in megabytes that a user is allowed to upload the community. If the quota is attained the user will receive an email informing them that they have exceeded the quota for the community.
- Default time to live: Controls the default time to live period for uploads to this community. Once this period or number of download has been reached, the file will be automatically deleted. The default time to live is now displayed on the community Manager page. This information is useful because if the application admin has permitted
- Days : The number of days to retain a file
- Hours : The number of hours to retain a file
- Maximum download count : The maximum number of times a file can be downloaded
Change the properties of a community
To see the properties of a community, click on its name in the list of communities. The Community Details dialog box will open:
See preceding section, for a description of all community properties.
Grant or revoke membership in a community
As a delegated administrator of a community, you can add S-Filer / Portal users to your community, and you can also remove them from your community.
Use the + button to select to add a new user to the community.
- You can use the search users to select the user in our case jlarose.
- In the search result we click on Jlarose to select it
- Click on Add to add the user to the Marketing community.
Understanding Email Notification
For a community member to receive email notification the feature must be enabled both in the community profile and in the user profile.
Once email notification is enabled, S-Filer Portal sends email notifications according to the rules summarized in the table below.
Action | Target | Notification |
---|---|---|
Upload to | Community folder | All community members |
One or several community members | Those community members who received the file | |
Your own My Documents folder | None | |
Download from | Community folder | The community member who uploaded the file |
My Documents folder, where another member uploaded the file | The community member who uploaded the file | |
My Documents folder, where you uploaded the file | None | |
Delete from | Community folder (only a community admin can take this action) | All community members |
My Documents folder, where another member uploaded the file | None | |
My Documents folder, where you None uploaded the file | None |
Generate Reports
The Community History Report dialog box allows you to generate reports of the file-transfer activities of all community members. The reports show file-transfer actions, the date and time of the actions, and the names, size and properties of the transferred files.
To generate reports, click the Report icon (2.) in the Communities dialog box. The Community History Report dialog box will open:
Field | Description |
---|---|
Start Date | The first date that will be included in the report. Default: the first day of the current month. |
End Date | The last date that will be included in the report. Default: the last day of the current month. |
Action Type | Select any of the following:
|
Report Type | Two report formats are available:
|
Manage Community extension
Refer to Assign extension.
Delete one or more communities
You can delete communities by simply selecting one or more community and clicking the delete button. Note, this also deletes all parameter and data files for this community.
- Select the community or communities you want to remove
- Click on Delete
- Click on OK to confirm the delete
Administering Audit Trails
S-Filer Portal logs all activities as configured by administrators. Several Audit trail options are available.
Configure Audit Events
Click « Audit configuration » in the left menu, this will bring the following screen.
The different types of events are grouped by category. For example, the category "File Transfer" includes "File upload" "File download", "File destroyed ". To access the events in a category, simply click on the "+" symbol. Conversely, to close the class, you must click on the symbol "-". If the category is open, you can select or not each type. If you click on the category checkbox, this selects or deselects all events in the category.
The category checkbox can show 3 states depending on whether all items are selected, only some are selected or none are, as shown in the screen below.
Press "Save" to apply all changes. It should be noted that saving the settings applies instantly, de-selected events will no longer be traced.
Export Audit Events
To export audit events, click Audit Report. The following screen will appear and you can select which event types or dates you want to export:
This screen is similar to the setup screen described above for the selection of the types of events.
Note that you can select to event types that may not be selected for being audited.
As with other reports S-Filer Portal, recordings can be exported as a printable PDF file or as a CSV file to be imported and reprocessed in a spreadsheet (Excel or OpenOffice Calc).
Administering Extensions
Extensions are modules programmed in Java by yourself or a third party who may be attached to certain events in the application. When these events occur, the code will be executed. The list of events depends on whether you place your extension on the entire application on a user group on a community or a particular user.
Extensions are optional. The configurator must enable this option in order to see this object
- View Installed Extensions
- Add an extension
- Modify extension properties
- Remove one or more extensions
- Extension Usage
- Assign extension
- Modify extension
View Installed Extensions
Select Extension and click on Add Extension to get a list of current extensions available.
As a Master Administrator you can:
- Add an extension
- Modify an extension parameter
- Remove an extension
The four letters (A G C U) on the right refer to the extension's execution zone.
- A = Application
- G = User Group
- C = Community
- U = User
In the screen shown above, we see that the extension called "ICAP Filter" can be used at the community level.
As for the order of execution, the events assigned at the application level will be executed first followed by events assigned to the user groups, those assigned on communities. Events specific to a user will be executed last.
Add an extension
In order to add an extension, it must be visible by the S-Filer Portal console. Refer to Custom modules (extensions to learn how to create an extension and make it available to S-Filer Portal.
When you select an extension in the list, one sees its name, description and the java class. You must then select from which object this extension can be launched.
Modify extension properties
You can re-configure from which object an extension is available.
Note: If you remove an extension from one object, all references to this extension will be removed from the object.
Remove one or more extensions
To remove an extension, simply select the checkbox and press Delete.
Extension Usage
The previous section showed how to assign an extension to an object (Application, User Group, Community and User). This section explains how to use these extensions in each of these objects.
You have noticed that the 3 screens displaying the list of users, user groups and the list of communities offer the option to click on the icon for each of the components of this list: This icon allows you to manage the extensions assigned to the objects from that particular list. You will therefore understand that you can assign an extension to a group of users, a community and even to a specific user. When you click this button, a window similar to this one will be presented:
From this screen, one can see that 2 extensions are available at the application level. Both are active.
The following actions are available:
- Assign an extension
- Modify an extension
- Apply a Filter on the list
- Remove an extension from this object.
Assign extension
Figure 34 -- Assign an Extension
- Available Extension: Lists all extensions available
- Active: Active or Not
- Processing order: the default value of 100 is fine if you have only one extension. If you have several extensions you may need to modify the processing order for them to execute in the correct order.
- Execution Events: Events for which the extension will be invoked.
Modify extension
You can edit the following fields:
- Active: Active or Not
- Processing order: the default value of 100 is fine if you have only one extension. If you have several extensions you may need to modify the processing order for them to execute in the correct order.
- Execution Events: Events for which the extension will be invoked.
Apply a filter on the list
Applying a filter is very useful to determine which extension will be invoked on a specific event. From this screen, one can also see in what order these extension will be invoked.
Remove an extension from an object
To remove an extension from an object, simply select the checkbox and press Delete.
Custom Modules (Extensions)
S-Filer Portal lets you customize the system to meet your needs. Three types of modules can be used, each is presented in the following pages.
Extensions
Extensions are modules programmed in Java for yourself or a third party who may be assigned to certain events in the application. When these events occur, the code will be executed. The list of events depends on whether you place your extension on the entire application on a user group on a community or a particular user.
To build extensions, you must have a fairly good knowledge of Java programming language and you need a development environment like Eclipse.
Programming principle of an extension:
To create an extension you must include in the classpath of your development environment the following .jar files, found in the lib directory on the server S-Filer Portal:
- sfiler-model.jar
- sfiler-extension.jar
There are 2 important rules: Your extension package name must start with « com.sfiler.extension. » and your class must be a sub-class of « com.okiok.sfiler.extension.v2.Extension ». See example below:
package com.sfiler.extension.sample;
import java.util.Map;
import com.okiok.sfiler.commons.model.ExtensionEvent;
import com.okiok.sfiler.commons.model.db.SFilerUser;
import com.okiok.sfiler.extension.v2.Extension;
import com.okiok.sfiler.extension.v2.ExtensionException;
public class SampleExtension extends Extension {
/**
* This method is invoked when an error is encountered and returns a
* Boolean value indicating if the following extensions should be executed.
* If true is returned, all following extension will not be executed.
* @param event The event that triggered the extension
* @param currentUser The user that triggered the event
* @param parameters The parameters for the event
* @param error The error that occurred during execution of extensions
* @return True if processing should be stopped without executing other extensions and the file deleted
* @throws ExtensionException To report en error while processing the event
*/
@Override
public boolean customizeError(ExtensionEvent event, SFilerUser currentUser, Map<String, Object> parameters, Throwable error) throws ExtensionException {
return false;
}
/**
* This method
* @param event The event that triggered the extension
* @param currentUser The user that triggered the event
* @param parameters The parameters for the event
* @throws ExtensionException To report en error while processing the event
*/
public void execute(ExtensionEvent event, SFilerUser currentUser, Map<String, Object> parameters) throws ExtensionException {
System.out.println(getDescription());
}
/**
* Returns the description of the extension for display
* @return The description of the extension
*/
public String getDescription() {
return "Sample Extension";
}
/**
* Returns the name of the extension for display
* @return The name of this extension
*/
public String getName() {
return "Sample Extension Description";
}
}
WebServices
S-Filer Portal offers a web service API that enables you to administer the system without using the web interface. The webservice layer is invisible using this API, you call the methods without worrying about the communication layer. The API is in the file Sfiler-wsclient.jar
Configuration
To use the web service API, you must have an administrator account on the server and you must know the address of the S-Filer Portal web services server. If for example your S-Filer Portal server is installed on a machine called "acme" then the address will probably look like this:
http(s)://acme:8088/sfiler/services/SFilerWS
The JAR files required to use the web server API are:
- ws-client-<version>.jar
- ws-api-<version>.jar
- commons-<version>.jar
- model-<version>.jar
- axis-1.4.jar
- jaxrpc-api-1.1.jar
- axis-wsdl4j-1.5.1.jar
- commons-discovery-0.4.jar
Example
In order to be able to call the API admin methods, you must have an authentication token. You can obtain this token by calling the « login » method. See example below.
public void testWS() throws Exception{
SFilerWSClient client = new SFilerWSClient("http://acme:8088/sfiler/services/SFilerWS");
String authToken = client.login(1, "sfiler-master", "sfiler");
User toAdd = new User();
toAdd.setName("demo");
toAdd.setDescription("Demo User");
toAdd.setEmail("demo@acme.com");
toAdd.setPassword("demodemo");
Integer userId = client.addUser(authToken, toAdd);
}
Administering Notifications Themes
A notification theme is a customizable framework that defines the visual and functional aspects of notifications sent to users. It includes elements such as the overall design, layout, and content format of the notifications, ensuring consistency and alignment with the organization's branding and communication standards. Examples of notifications include:
- File available in community
- File will be deleted
- Lost password
- and many more
By following the next steps, users can effectively manage and customize their notification themes and email templates to ensure consistent and professional communication with their audience.
Configuring Notification Themes and Email Templates
The notification theme configuration interface is designed to provide users with a streamlined and efficient way to manage their notification themes and associated email templates. This section will guide you through the three primary panels that make up the configuration process:
- View notification themes
- Add a notification theme
- Remove a notification theme
- Modify a notification theme
- Modify a notification theme template
View notification themes
In the left hand navigation tree, click on Notifications. This will display a list of notification themes.
This panel displays a comprehensive list of existing notification themes. Each entry includes the theme name, a brief description, and the user interface theme it is associated with. Users can quickly identify which theme is set as the default and which ones are currently active.
Add a notification theme
- In the left-hand navigation tree, click on Notification Themes. This will display the list of existing notification themes in the main section of the application.
- Click the + Add Notification Theme button located at the top of the notification themes list. This will open a new form for creating a notification theme. Enter Theme Details:
- Name: Enter a unique and descriptive name for the new notification theme.
- Source theme: Select an existing notification theme to use as the basis for creating your new theme. All email templates from the source theme will be cloned to the new theme. If this is your first time using this feature, "Base theme" will be your only available option.
- After filling in all the required details, click the Save button to add the new notification theme to the list. Your screen will change automatically to the details page of the notification theme.
Remove a notification theme
Important Considerations Before Deletion
- Base Theme: The Base Theme cannot be deleted as it serves as the foundational template for all other themes.
- Default Theme: A default theme cannot be deleted. If you need to delete the current default theme, first set another theme as the default.
- Referenced Themes: Any theme referenced in a user group cannot be deleted. Ensure the theme is not in use before attempting deletion.
In the left-hand navigation tree, click on Notification Themes. This will display a list of existing notification themes in the main section of the application.
In the list of notification themes, check the box next to each theme you want to delete.
Click the Delete button located at the top of the notification themes list. A confirmation dialog will appear. Confirm the deletion by clicking Delete in the dialog.
See also
Modify a notification theme
- In the left-hand navigation tree, click on Notification Themes. This will display the list of existing notification themes in the main section of the application.
- From the list of notification themes, click on the name of the theme you want to open. This will take you to the detailed view of the selected theme. Edit Notification Theme Details:
- Name: Enter the new name for the notification theme if you wish to update it.
- Description: Provide or update the description of the notification theme to reflect its purpose or any specific details.
- User Interface Theme: Enter the name of the GUI theme as it appears in the folder: path/to/sfiler/sfiler-gateway/gateway/webapps/sfiler-gui-ajax/themes/
- Default: If you want this theme to be the default notification theme, check the Default box. Only one theme can be the default. in order to be the default, it must also be Active
- Active: To activate this notification theme, check the Active box.
- After making the necessary updates, click the Save button located at the top right corner to save the changes to the notification theme.
Modify a notification theme template
- In the left-hand navigation tree, click on Notification Themes. This will display the list of existing notification themes in the main section of the application.
- Click on the theme of your choice.
- In the detailed view, scroll down to the list of email templates associated with the notification theme. Locate the template you want to edit and click the edit icon (represented by a pencil icon) next to the template name and under each language. This will open the template editor.
Editing the notification template
- In the template editor, you can modify the content of the email template. The templates are written in HTML, so you can use HTML tags to structure and format the content.
- To add images, use the tool action button representing an image. This ensures the image is converted to a base64 format before being inserted into the template.
- Use the Show/Hide preview button to show or hide the preview section. This allows you to see how the changes will look in the final email and make adjustments as necessary.
- The preview pane provides a real-time view of the template, helping you ensure that the content appears as intended.
- Click the Show in Layout button to see the currently viewed template injected into the template called "Framework." This allows you to see the email template in the full context of the overall layout, giving you a comprehensive view of how the final email will appear.
Note
If you are editing the Framework template, this button Show in Layout is disabled.
- Once you are satisfied with the changes, click the Save button located in the editor to save the updated template.
Send a Test Email
Before finalizing your changes, you can use the Send a Test Email button to see how the email will look in an actual inbox.
- If the field to the left of the button is left empty, the test email will be sent to the email address of the logged-in user.
- If you enter an email address in the field, the test email will be sent to that specified email address instead.
This is useful for verifying the appearance and functionality of the email template with different recipients and email applications.
Administrative command line interface (CLI)
A new program was added to the S-Filer Portal distribution to allow administrators to perform administrative tasks on the solutions via command line. Before, these tasks could only be done by using the web services or the web interface. This new command line interface allows much easier scripting and automation in contexts where web services were hard to use.
Running the administrative command line interface on windows
You need to execute cli-admin.jar which should be located under the installation folder of the admin cli. It must be followed by arguments as presented in the help by executing it this way:
> sfiler-admin.exe --h
Running the administrative command line interface on linux
You need to execute sfiler-admin.jar which should be located under the installation folder of the admin cli. It must be followed by arguments as presented in the help by executing it this way:
> java --jar cli-admin.jar -h
List of error codes
Name | Code | Description |
---|---|---|
FILE_NOT_FOUND | 500 | The specified file does not exist (download, delete, etc.) |
FILE_CORRUPTED_OR_LOCKED | 501 | When attempting to download a file that hasn't been completely uploaded or processed by extensions |
FILE_EXPIRED | 502 | The specified file has exceeded its time to live |
COMMUNITY_NOT_FOUND | 510 | The specified community doesn't exist |
TICKET_NOT_FOUND | 511 | The internal reference to the file (ticket) cannot be found, usually when working a file that is being deleted |
BASE_NODE_IS_NOT_FOLDER | 512 | Trying to list or upload files in a file instead of a folder |
MOVE_DESTINATION_INVALID | 513 | When moving a file to a file instead of a folder, or to a nested folder or a folder in another community |
MOVE_SOURCE_INVALID | 514 | Attempting to move a community or inbox directly instead of a subfolder or file |
MOVE_DESTINATION_NAME_ALREADY_EXISTS | 515 | There is already a file or folder with the specified name that prevents the move from completing |
RESUME_OFFSET_TOO_LARGE | 516 | Attempting to resume a file upload past the received portion of the file |
COMMUNITY_NOT_MANAGED | 517 | The specified community is not a share (cannot invite people to share) |
TICKET_NOT_ANONYMOUS | 518 | Attempting to download a file using the anonymous functionality, but the file wasn't uploaded as an anonymous file |
SYSTEM_LICENSE_INVALID | 700 | The license is invalid |
AUTHENTICATION_UNKNOWN | 1000 | An unexpected error occurred during authentication |
AUTHENTICATION_PASSWORD_MISMATCH | 1001 | The password sent was wrong |
AUTHENTICATION_PASSWORD_EXPIRED | 1002 | The password is expired, the user needs to change it |
AUTHENTICATION_ACCOUNT_LOCKED | 1003 | The account is locked |
AUTHENTICATION_ACCOUNT_EXPIRED | 1004 | The account is expired |
AUTHENTICATION_USERGROUP_IP_VALIDATION _FAILED | 1005 | The account attempted to authenticate from an IP that is not allowed |
AUTHENTICATION_ACCOUNT_NOT_FOUND | 1006 | The specified username wasn't found |
AUTHENTICATION_DOMAIN_NOT_FOUND | 1007 | The specified authentication domain wasn't found |
AUTHENTICATION_AUTO_ENROLLMENT | 1008 | The account was authenticated successfully, but the user doesn't exist yet in S-Filer, so he needs to auto-enroll |
AUTHENTICATION_ACCOUNT_TEMPO_LOCKED | 1009 | The account was temporarily locked due to too many wrong password tries |
AUTHENTICATION_OK_BUT_LICENCE_NOT_ACCEPT | 1010 | The account was authenticated successfully, but the user has not accepted the license (terms of use) yet |
AUTHENTICATION_OK_BUT_ACKNOLEDGMENT _NEEDED | 1011 | The account was authenticated successfully, but he needs to acknowledge he has read the notice |
AUTHENTICATION_ACCOUNT_INACTIVE | 1012 | The account is not active anymore, this indicates that an adopted account is not present in the original source anymore |
AUTHENTICATION_AMBIGUOUS | 1013 | The auto-detect option for the domain detected multiple possible accounts |
AUTHENTICATION_SSO_NOT_KERBEROS | 1014 | The SSO token sent by the browser for AD SSO is not a Kerberos token, it is probably an NTLM token |
ROAMING_DOWNLOAD_FAILED | 2001 | Cannot recover the keys necessary to devrypt the desired file |
ROAMING_UPLOAD_FAILED | 2002 | Cannot recover the community or user keys necessary to encrypt the file |
TOKEN_INVALID | 3000 | The authentication token sent is invalid (cannot be parsed) |
TOKEN_EXPIRED | 3001 | The authentication token sent is expired |
TOKEN_NOT_YET_VALID | 3002 | The authentication token sent isn't valid yet |
TOKEN_INVALID_SIGNATURE | 3003 | The signature on the authentication token cannot be verified |
INVALID_REMOTE_IP | 3004 | The remote IP specified in the authentication token doesn't match the remote IP from which the request was received |
UNAUTHORIZED | 4000 | The user is not authorized to perform the action |
CANNOT_REMOVE_MANAGED_GROUP_ FROM_MANAGED_COMMUNITY | 4001 | Shares have an associated group that cannot be removed from the community (share) |
PERSISTENCE_UNKNOWN | 5000 | Unexpected internal error while storing data in the datqabase |
PERSISTENCE_ALREADY_EXIST | 5001 | Attempting to create a (user, group, community, file, etc.) with a name that already exists |
MAIL_ALREADY_EXIST | 5002 | Unused anymore |
MAIL_INVALID_NOT_USED_BY_ANY_USER | 5003 | Unused anymore |
MAIL_USED_BY_MANY_USERS | 5004 | Unused anymore |
MAIL_DOES_NOT_MATCH_USER | 5005 | The email address does not match the account when attempting to reset a password |
PERSISTENCE_CONNECTION_LOST | 5006 | The connection to the database has been lost |
PERSISTENCE_NON_UNIQUE_RESULT | 5007 | Multiple results were obtained when attempting to retrieve an object by name, this usually indicates database corruption |
PERSISTENCE_NOT_FOUND | 5008 | An object (user, group, community, etc.) was not found |
INVALID_NAME_FORMAT | 5010 | The specified name (user, group, community) contains invalid characters |
INVALID_DOMAIN | 5011 | The authentication domain specified is invalid |
INVALID_FIELD_LENGTH | 5012 | A submitted information (message, description, etc.) is too long to be held in the database |
INVALID_MAIL_FORMAT | 5013 | An email address does not respect the expected form: user@example.com |
INVALID_APPLICATION | 5014 | Internal error indicating that a component (gateway, GUI, etc.) has tried to retrieve a configuration using an invalid instance name |
INVALID_APPLICATION_VERSION | 5015 | A component has a version that is incompatible with the server |
INVALID_DATE_FORMAT | 5020 | A submitted date was not in the expected format |
PERSISTENCE_DELETE_USER_HIMSELF | 5016 | An administrator attempted to delete his own account |
NO_PERMISSION | 5017 | The user is not authorized to perform the action |
INVALID_INPUT_FIELD | 5018 | A submitted input field is invalid |
CANNOT_RENAME_EXTERNAL_USER | 5019 | An adopted user cannot be renamed since the name comes from the adoption source |
EXTENSION_EVENT_NOT_AVAILABLE | 5050 | The specified extension event is incompatible with this extension |
EXTENSION_MAPPING_UPDATE_ERROR | 5051 | An unexpected error occurred while saving the extension data for a specific event |
PASSWORD_INVALID | 6000 | New password not specified when changing a password |
PASSWORD_FORMAT_INVALID | 6001 | The new passord does not respect the password rules |
PASSWORD_MISMATCH | 6002 | The password does not match the account password |
PASSWORD_CHANGE_NOT_ALLOW_FOR_NOW | 6003 | The user attempted to change his password too quickly after changing it (there is a minimum amount of time to prevent users rolling over the password history) |
PASSWORD_IN_HISTORY | 6004 | The given password is already in the password history |
PASSWORD_NOT_SENT | 6005 | The anonymous file requires a password to be downloaded |
PASSWORD_CHANGE_NOT_ALLOWED_IN_EXT _DOMAIN | 6006 | Cannot change the password of a user in an adopted domain (AD or LDAP) |
INVALID_PUBLIC_KEY | 7000 | The specified public key (for SFTP public key login) is invalid |
CONFIGURATION_UNKNOWN | 8000 | There is an unexpected error while retrieving the configuration of a component |
CONFIGURATION_INVALID_PROCESS | 8001 | When starting a batch job, an invalid job identifier was specified |
COMMUNICATION_FAILED | 9000 | Failed to connect to LDAP |
UNKNOWN | 10000 | There was an unexpected error, this is the most generic error and does not provide any context |
TRANSFER_UNKNOWN | 20000 | There was an unexpected error while uploading or downloading a file |
TRANSFER_INVALID_EXPIRATION_DATE | 20001 | The specified expiration date of a file is invalid |
TRANSFER_QUOTA_EXCEEDED | 20002 | A file quota was exceeded when uploading a file |