SmartCloud Notes - (Lotus) documentation

SmartCloud Notes
Administering SmartCloud Notes:
Service-only Environment
March 2015
SmartCloud Notes
Administering SmartCloud Notes:
Service-only Environment
March 2015
Note
Before using this information and the product it supports, read the information in Chapter 8, “Notices,” on page 167.
Contents
Chapter 1. Overview of SmartCloud
Notes . . . . . . . . . . . . . . . . 1
What's new in SmartCloud Notes . . . . . . . 1
What's new for SmartCloud Notes administrators 2
Administrators can restore deleted user
accounts . . . . . . . . . . . . . . 2
What's new for SmartCloud Notes users . . . . 2
Invitee status viewable by meeting chair on
Notes Traveler devices . . . . . . . . . 2
More Windows devices are supported for
Traveler . . . . . . . . . . . . . . 2
Notes Traveler 9.0.1.1 features are available . . 2
Notes Traveler 9.0.1.2 features are available . . 3
Setup improvements for the Notes Traveler
Android client . . . . . . . . . . . . 4
Enhancements to supported email encoding
standards for inbound internet mail . . . . 4
Accessibility . . . . . . . . . . . . . . 4
Using SmartCloud Notes in a service-only
environment . . . . . . . . . . . . . . 5
SmartCloud Notes clients . . . . . . . . . . 6
Web client . . . . . . . . . . . . . . 6
Traveler devices . . . . . . . . . . . . 7
Notes client. . . . . . . . . . . . . . 7
IMAP client. . . . . . . . . . . . . . 8
BlackBerry devices with a Hosted BlackBerry
Services subscription. . . . . . . . . . . 8
Feature differences between Notes and Domino and
the SmartCloud Notes service . . . . . . . . 9
Frequently asked questions about administering the
service . . . . . . . . . . . . . . . . 9
Information resources . . . . . . . . . . . 10
Chapter 2. Planning to deploy the
service. . . . . . . . . . . . . . . 13
Planning security and the network . .
Network capacity for the web client .
Network capacity for the Notes client
Planning mail routing and mail settings .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
13
14
14
15
Chapter 3. Preparing for the service . . 17
Preparing the firewall . . . . . . . . . . .
Configuring the firewall for inbound connections
Configuring the firewall for outbound
connections . . . . . . . . . . . . .
Preparing to use company SMTP servers for Internet
mail routing . . . . . . . . . . . . . .
Preparing to use a company SMTP server to
route inbound Internet mail . . . . . . . .
Preparing to use a company SMTP server to
route outbound Internet mail . . . . . . .
Example: Routing mail from a service user to
an external user using a company SMTP host .
Example: Routing mail from a service user to
an external user using a service SMTP host . .
17
17
17
19
19
20
21
22
Chapter 4. Configuring the service . . . 25
Logging on as the first company administrator . .
Configuring your account settings . . . . . . .
Configuring Internet domains . . . . . . . .
Verifying ownership of a domain . . . . . .
Configuring the MX record for a domain . . .
Configuring additional Internet domains for the
service to use . . . . . . . . . . . . .
Customizing settings . . . . . . . . . . .
Enabling the accessible experience for the web
client . . . . . . . . . . . . . . .
Configuring logins . . . . . . . . . . .
Resetting service login passwords . . . . .
Setting service login password expiration . .
Managing Notes IDs . . . . . . . . .
Setting up federated identity management . .
Restricting the IP address range . . . . .
Enabling application passwords . . . . .
Authentication methods by client . . . . .
Password rules by authentication method . .
Configuring the name finder . . . . . . .
Standard and Advanced Name Finder options
Basic name finder illustration . . . . . .
Basic Quick Search Only name finder
illustration. . . . . . . . . . . . .
Standard name finder illustration . . . . .
Configuring mail settings . . . . . . . . .
Changing the size limit for incoming messages
Prevent automatic forwarding of messages . .
Specifying how Notes links display in the web
client . . . . . . . . . . . . . .
Configuring how long mail remains in the
Trash folder . . . . . . . . . . . .
Deleting older email and meetings. . . . .
Enabling the ActiveX control for Internet
Explorer users . . . . . . . . . . .
Specifying an SMTP server to route mail to
the Internet . . . . . . . . . . . .
Preparing to use custom mail file templates . .
Handling execution security alerts caused by
custom templates . . . . . . . . . .
Configuring mail file templates . . . . . . .
Using extension forms files to customize the look
of the web client. . . . . . . . . . . .
Extension forms file requirements . . . . .
Preparing customized mail file ACLs . . . . .
Configuring email filters and reporting . . . .
Configuring email filters for inbound Internet
mail . . . . . . . . . . . . . . .
Enabling Junk Mail Reports . . . . . . .
Customizing the text in Junk Mail Reports . .
Customizing the Remove Sender from Junk
List action for Notes users . . . . . . .
Enabling the Report as Spam feature . . . .
Reporting spam without the Report as Spam
feature . . . . . . . . . . . . . .
25
26
27
27
28
29
29
29
30
30
31
31
36
42
43
45
45
47
49
51
52
54
55
55
55
56
56
57
59
60
61
63
63
64
66
68
69
70
73
74
76
79
82
iii
Enabling busytime details in calendars . . . .
Configuring instant messaging . . . . . . .
Configuring the web client to connect to an
on-premises Sametime community. . . . .
Manually configuring Notes clients to connect
to the service instant messaging community .
Instant messaging features . . . . . . .
Setting password expiration for Notes IDs . . .
Enabling password synchronization . . . . .
Logging activity in journal files. . . . . . .
Downloading journal files . . . . . . .
Format of the Notes mail journal file . . . .
Format of the Notes client session journal file
Configuring IMAP access . . . . . . . . .
IMAP client limitations . . . . . . . .
Chapter 5. Onboarding users
85
87
89
90
92
93
94
95
97
98
99
. . . . 101
Deciding whether to use the Notes client . . . .
Preparing for onboarding . . . . . . . . .
Preparing for the web client . . . . . . .
Preparing for Notes Traveler devices . . . .
Notes Traveler device settings . . . . . .
Preparing for Notes clients . . . . . . . .
How the Client Configuration tool configures
the Notes client . . . . . . . . . . .
Downloading Notes client software and other
entitled software . . . . . . . . . .
Connecting to cloud Activities through the
Notes client sidebar . . . . . . . . .
Preparing for IMAP clients . . . . . . . .
Preparing to use BlackBerry devices . . . . .
Settings enforced for BlackBerry smartphones
Preparing communications and training . . .
Mail file quota . . . . . . . . . . . .
Mail file delegation . . . . . . . . . .
Adding a SmartCloud Notes subscription to a user
account . . . . . . . . . . . . . . .
Forming a distinguished name . . . . . .
Checking user provisioning status . . . . . .
Helping users get started . . . . . . . . .
Providing account information to users. . . .
Getting started with the web client . . . . .
Getting started with the Notes Traveler devices
Adding a Notes Traveler subscription to a
user account. . . . . . . . . . . .
Removing user accounts from on-premises
Notes Traveler servers . . . . . . . .
Getting started with the Notes client . . . .
Getting started with IMAP clients . . . . .
Getting started with BlackBerry devices . . .
Accepting the Research In Motion terms of
use . . . . . . . . . . . . . . .
Adding a BlackBerry subscription to a user
account . . . . . . . . . . . . .
Removing user accounts from an on-premises
BlackBerry Enterprise Server . . . . . .
iv
82
83
101
102
104
106
107
108
111
112
113
114
114
116
117
118
118
119
121
122
124
125
126
127
128
129
130
131
132
132
Activating a user's BlackBerry smartphone
133
Ensuring that mail encryption is available for
BlackBerry smartphone users . . . . . . 135
Providing documentation to your BlackBerry
smartphone users . . . . . . . . . . 136
Chapter 6. Administering user
accounts . . . . . . . . . . . . . 137
Viewing assigned mail file templates . . . . .
Language versions of the standard mail file
template . . . . . . . . . . . . . .
Changing user mail file templates . . . . . .
Assigning extension forms files to users . . . .
Setting a default extension forms file . . . .
Explicitly assigning an extension forms file to
many current users . . . . . . . . . .
Explicitly assigning an extension forms file to
individual current users . . . . . . . . .
Resetting service login passwords . . . . . .
Resetting passwords for Notes IDs . . . . . .
Changing a user name . . . . . . . . . .
Removing a SmartCloud Notes subscription from a
user account. . . . . . . . . . . . . .
Suspending a user account . . . . . . . . .
Deleting a user account . . . . . . . . . .
Restoring a deleted user account . . . . . . .
Permanently deleting a user account . . . . .
Removing the SmartCloud Notes data for a deleted
user account or subscription . . . . . . . .
Managing groups . . . . . . . . . . . .
Viewing subscriptions . . . . . . . . . .
Viewing assigned subscriptions . . . . . .
Managing IBM Notes Traveler devices . . . . .
Managing BlackBerry smartphones . . . . . .
Reactivating a user's BlackBerry smartphone
Wiping a user's BlackBerry smartphone if it is
lost or stolen . . . . . . . . . . . .
Setting a device password on a user's
BlackBerry smartphone . . . . . . . . .
Removing a BlackBerry subscription from a user
account . . . . . . . . . . . . . .
Frequently asked questions about BlackBerry
smartphone administration . . . . . . . .
137
138
139
140
140
141
142
143
144
145
147
149
149
151
151
153
154
155
155
156
158
158
160
161
162
162
Chapter 7. Troubleshooting the
service . . . . . . . . . . . . . . 165
Finding troubleshooting tips in the Support Portal 165
Contacting Support . . . . . . . . . . . 165
Chapter 8. Notices . . . . . . . . . 167
Trademarks . . . . . . .
Privacy policy considerations .
.
.
.
.
.
.
.
.
.
.
.
.
. 168
. 169
132
Index . . . . . . . . . . . . . . . 171
133
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Chapter 1. Overview of SmartCloud Notes
IBM SmartCloud® Notes® is a multi-tenant cloud mail service. When you use the
service, administrators at IBM® set up and maintain IBM Domino® mail servers for
you in the cloud on external IBM servers. The service offers you the benefits of
Domino mail server security features and architecture without the mail server
maintenance overhead.
Using the following clients, users connect to the SmartCloud Notes service over the
Internet to access their mail:
v Web client through a browser interface available at http://www.ibmcloud.com/
social;
v Notes;
v Mobile devices.
Any combination of these clients can be used.
At least one person at a company is designated as a company administrator. A
company administrator has a user account with the Administrator role and is
responsible for configuring the service and administering user accounts.
The SmartCloud Notes service provides various options that are designed to help
you deploy the service in a way that best satisfies your business needs.
v You can deploy the service with the assistance of an IBM Software Services for
Collaboration representative or a certified IBM Business Partner. Whether you
choose this option depends on factors such as the type of SmartCloud Notes
environment you deploy and your in-house IT expertise and priorities.
v You can choose from a list of standard mail file templates that are available
within the service by default, or develop a custom template for your company.
You can develop a custom template in-house or contract with an IBM or a
third-party representative to develop the template. Approval of a custom
template requires a short service engagement with IBM Software Services for
Collaboration.
v A Notes Traveler subscription is available automatically. This subscription
enables users to access the service through supported mobile handheld devices.
Note that the ultra-light mode of the web client supports the use of some mobile
devices for no additional purchase.
v If you purchase a SmartCloud Notes for Hosted BlackBerry® Services
subscription, users can access the service through BlackBerry® smartphones. To
use BlackBerry® 10 devices, use Notes Traveler instead.
v If you purchase the Connections Archive Essentials subscription, the content of
user email can be captured and retained for later legal discovery. For more
information about this service, see the Using Connections Archive Essentials
documentation.
What's new in SmartCloud Notes
The following features and enhancements are new in IBM SmartCloud Notes.
1
What's new for SmartCloud Notes administrators
The following features are new for IBM SmartCloud Notes administrators.
Administrators can restore deleted user accounts
Administrators have 30 days to restore user accounts after deleting them. The
accounts are restored with complete functionality, including mail file access.
Related tasks:
“Deleting a user account” on page 149
When you delete a user's account, the user no longer has access to any cloud
services. If you change your mind about the deletion, you have up to 30 days to
restore the account to full functionality.
“Restoring a deleted user account” on page 151
After you delete a user account, you have up to 30 days to restore it if you change
your mind. Restoring the account returns it to full functionality, including full mail
file access.
What's new for SmartCloud Notes users
The following features are new for IBM SmartCloud Notes users.
Invitee status viewable by meeting chair on Notes Traveler
devices
Invitee status display is now supported on Apple, BlackBerry 10, Windows Phone,
Windows Tablet, and Android devices. The meeting chair can view the status of
each invitee's response to the current version of the meeting. Possible statuses are
accepted, tentative, declined, and no response. Additionally, the Android client can
show a status of delegated.
More Windows devices are supported for Traveler
IBM SmartCloud Notes Traveler users can now use Windows Phone and Windows
Tablet (Windows Pro and Windows RT) devices with the service. There is no need
to install client software on these devices to use them with the service.
For device requirements, see the SmartCloud Notes client requirements.
Related information:
SmartCloud Notes client requirements
Using Notes Traveler documentation
Notes Traveler 9.0.1.1 features are available
The IBM Notes Traveler 9.0.1.1 client provides the following new features:
Calendar improvements for Android clients
Local calendar information displays in IBM Notes Traveler calendar
You can now add the information from your local device calendars into
your IBM Notes Calendar view.
Create calendar events from mail messages
You can now create a calendar event while viewing mail, using the
overflow menu. Calendar events created from mail messages will form
with the invitees populated with the message recipients, and the event
details information pre-filled with the content of the mail.
2
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Interface improvements for Android clients
Action bar
The action bar is a mobile feature that identifies your location within IBM
Notes Traveler, as well as provides action icons and navigation modes.
Navigation drawer for mail
The navigation drawer is a panel that slides in from the left of the screen
to display IBM Notes Traveler's main navigation options. For mail, the
navigation drawer displays your user account and mail folders (inbox,
outbox, sent, and personal). The navigation drawer is only available from
the parent list view of a mail folder.
Android Contacts application
IBM Notes Traveler on Android now provides its own dedicated Contacts
application, rather than utilizing the device Contacts application.
New mail item list layout with thumbnail photos
The mail item list has been redesigned to make it easier to consume the
sender, subject, and message body where applicable. If the screen is wide
enough, a person thumbnail image displays using the sender's mail
address to search for available photos, either from local contacts, IBM
Notes Traveler contacts, or from the new Sametime® Integration feature.
New mail list selection mode
A new selection mode overlays a 'Contextual Action Bar' over the existing
action bar, showing the number of selected items. It also provides batch
operations on the selected items, such as: Move to Folder, Discard, Mark as
Read, or Mark as Unread. Only the actions which are applicable to all
selected items displays.
Gesture actions for mail and contacts
To quickly act on mail items in a list or take action on a contact, you can
now swipe the item from right to left to display a list of action buttons
without having to open the mail or contact itself. Available on phones with
Android 3.0 (Honeycomb) and above.
Add to Contacts from mail
When viewing a mail item, you can now add the sender to your contacts.
Mail list person actions
You can now tap a user photo from a mail message and see a list of
possible actions to take with that person. The actions available depend on
the information available for the person. If there is a mail address
associated with the person, you can perform the following actions:
v View the person's IBM Connections Profile (only if IBM Connections
mobile is installed)
v Chat with the person (only if IBM Sametime mobile chat is installed and
connected)
v Mail the person (opens the Android mail selection dialog).
If there is at least one phone number associated with the person, and your
device is a phone, you can also call and text the person directly.
These options are only available where a person photo displays: mail,
calendar and contacts.
Notes Traveler 9.0.1.2 features are available
The IBM Notes Traveler 9.0.1.2 client provides the following new features.
Chapter 1. Overview of SmartCloud Notes
3
New reply options for mail messages in Android devices
When replying to a mail message on Android devices, you can now choose to
reply with or without message history and attachments.
Add Notes Traveler contact from a phone number
On Android phones that support the option, you can now choose to make a new
Notes Traveler contact from a phone number.
Setup improvements for the Notes Traveler Android client
When setting up a new IBM Notes Traveler Android 9.0.1.3 client, you are no
longer required to type in your datacenter URL to connect to the service. You are
now automatically connected to the correct data center based on your login
identity.
Enhancements to supported email encoding standards for
inbound internet mail
IBM SmartCloud Notes web and IBM Notes Traveler clients now support the RFC
2231 standard for inbound Internet email.
This standard provides email improvements, including the correct display of
attachment file names that are specified in character sets other than US-ASCII.
The service supports the new standard for incoming messages that are encoded to
support RFC 2231. The RFC 2231 encoding is retained when a recipient replies to
or forwards a message. The service does not use the new encoding in new
outbound messages.
Accessibility
IBM SmartCloud Notes Administration, the interface that is used to administer
SmartCloud Notes, is accessible.
The version of this documentation that is in the Knowledge Center is accessible.
All OS level keystrokes for accessibility are recognized. For the best accessibility
experience, use a version of Mozilla Firefox supported by the service and the latest
version of the JAWS screen reader.
See the IBM Human Ability and Accessibility Center for more information about
the commitment that IBM has to accessibility.
Related tasks:
“Enabling the accessible experience for the web client” on page 29
You can submit a request to enable the accessible experience for the web client for
everyone in your organization. Mail, Calendar, Contacts, and Preferences features
provided with this experience are all accessible.
Related information:
System Requirements
Knowledge Center documentation
4
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Using SmartCloud Notes in a service-only environment
When you deploy IBM SmartCloud Notes as a service-only environment, there is
no integration with on-premises IBM Domino mail servers at a company site. IBM
administrators administer and maintain the mail servers, and company
administrators perform user management tasks through an administration interface
accessed through http://www.ibmcloud.com/social.
The following illustration depicts Herb Medway and Allie Singh, employees of the
fictional company ZetaBank, accessing their mail servers in the service,
Mail1/ZetaBank and Mail2/ZetaBank. It also depicts their company administrator
accessing the service.
An IBM representative can configure your SmartCloud Notes account settings, or
you can do this yourself. Configuring account settings involves supplying the
following information to the service: an Internet domain that is owned by your
company and used for Internet mail, a name for your organization, and a base
name for your mail servers. After your account is set up, you can add additional
Internet domains for use with service, if you own more than one domain. After
your company's account settings are configured, an IBM Customer Service
Representative creates accounts for your existing users to move them to the
service.
Chapter 1. Overview of SmartCloud Notes
5
After your existing users have moved to the service, company administrators
perform user management tasks such as the following ones through the web
Administration interface on the Connections Cloud website at
http://www.ibmcloud.com/social:
v Adding and deleting users
v Adding and managing mail list groups
v Resetting passwords
v Selecting mail file templates
v Configuring mail settings to limit incoming message size or remove older
messages
v Managing mobile devices
v Managing instant messaging
SmartCloud Notes clients
IBM SmartCloud Notes clients provide mail, personal Information Management
features such as calendars, contacts, and to do lists, and with some clients,
integrated collaboration features, such as embedded chat.
Web client
The IBM SmartCloud Notes web client provides access to mail servers through a
browser.
The web client is a hosted mail client; there is no client for users to install. Users
simply log on to http://www.ibmcloud.com/social using their service login email
address and password. The service authenticates the client and then the client is
redirected to the mail file in the service. User can access the web client in either of
these ways:
v On a computer -- after logging on, users click Mail.
v On a mobile device -- users point the browser on the device to the service, and
then log on to the ultra-light mode.
Users need a subscription for either SmartCloud Notes or SmartCloud Notes Entry
to use the web client. Each subscription provides a full mail client with mail,
calendar, and contacts, as well as to do and notebook applications. Each
subscription provides access to the service through either full or ultra-light mode.
v Full mode -- The full mode offers the widest range of features including mail,
contacts, calendar and scheduling, as well as notebook and to do tasks.
v Ultra-light mode -- The ultra-light mode is available at no extra cost on a mobile
device, and on a personal computer. There is no additional setup or client install
on the mobile device required. Users simply point their device browser to
https://www.collabserv.com to access their mail. The ultra-light mode supports
Android, as well as Apple iPhone, iPod Touch, and iPad devices. See the client
requirements for details on the supported levels of device operating systems.
Decide which web client subscription best fits your needs. The SmartCloud Notes
Entry subscription includes many of the same features that are available with the
standard SmartCloud Notes subscription, but with the following limitations:
v Users are provisioned with a new mail file. There is no data migration of an
existing mail file.
v Users cannot access mail using either the Notes client or an IMAP client.
v Users cannot access mail using Blackberry smartphones.
6
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
v User mail files have a 1 GB quota.
For a list of browsers supported for use with the web client, see the client
requirements.
Related tasks:
“Preparing for the web client” on page 104
Before you provision users who will access IBM SmartCloud Notes using the web
client, prepare for the web client.
Related information:
SmartCloud Notes client requirements
Using the web client
Traveler devices
A Notes Traveler subscription supports Apple, Android, Windows Phone and
Windows Tablets, Windows Mobile, and BlackBerry® 10 devices.
See the device requirements for details on the supported levels of device operating
systems. To get started, users perform simple steps to install and configure Notes
Traveler on their devices using the installation and configuration information in the
SmartCloud Notes product documentation for their specific device.
Related tasks:
“Preparing for Notes Traveler devices” on page 106
Before enabling users to use IBM Notes Traveler mobile devices with the service,
prepare your environment and the devices.
Related information:
Notes Traveler device requirements
Using Notes Traveler
Notes client
Use of the IBM Notes to connect to the service is optional. A IBM SmartCloud
Notes subscription entitles you to the Notes client license.
Users who access mail by using a Notes client can take advantage of the many
collaboration features that are available through the client. As with the web client,
the Notes client provides mail, calendar, and contacts, as well as to do and
notebook applications. You can manage your Inbox using full-text search,
delegation, mail filtering and sorting, conversation views, and flags.
The following features and applications are also available to you when you use the
Notes client.
v Activities - Beginning with Notes 8.5.2, if your organization has a collaboration
subscription, then the sidebar is automatically configured to access Activities in
the service without further authentication.
v IBM Sametime - Use the embedded Sametime client to manage instant
messaging contacts and initiate chats.
v RSS feeds - Subscribe to RSS feeds that display in the sidebar.
Keep the following in mind if your users will use the Notes client:
Chapter 1. Overview of SmartCloud Notes
7
v SmartCloud Notes supports only the standard configuration of Notes, and not
the basic configuration.
v You should decide which supported version of the client to use in your
environment. See the SmartCloud Notes client requirements for information on
supported versions.
Related tasks:
“Preparing for Notes clients” on page 108
Use of the IBM Notes client to connect to the service is optional. If you want your
users to use the Notes client, understand the steps to prepare.
Related information:
SmartCloud Notes client requirements
Using Notes
IMAP client
If you enable IMAP access, users can configure third-party email clients to access
mail in the service.
The following IMAP clients are supported:
v Apple email
v Microsoft Outlook 2003, 2007
v Thunderbird
There is no additional charge or subscription required to use IMAP clients.
Related tasks:
“Preparing for IMAP clients” on page 114
If you plan to use IMAP clients, complete these tasks to prepare.
BlackBerry devices with a Hosted BlackBerry Services
subscription
If your company has an IBM SmartCloud Notes for Hosted BlackBerry® Services
subscription, users can use BlackBerry® smartphones to access mail and personal
information management features.
IBM administrators set up and maintain BlackBerry Enterprise Servers for you on
sites that they manage. The Blackberry subscription provides the following
features:
v Mail, Calendar, Task, To Do, and Contact applications
v Corporate directory lookup
v Smartphone management through http://www.ibmcloud.com/social.
This subscription does not support BlackBerry® 10 devices. Those devices are
supported by IBM Notes Traveler.
Related tasks:
“Preparing to use BlackBerry devices” on page 114
If you plan to use BlackBerry devices that are supported by a Hosted BlackBerry
Services subscription, complete these tasks to prepare.
8
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Feature differences between Notes and Domino and the SmartCloud
Notes service
Some features in IBM Notes, IBM iNotes®, and IBM Domino are unavailable or
have limitations within the IBM SmartCloud Notes service.
For an explanation of the differences, see the following article in the IBM
Connections Cloud wiki: Feature differences between Notes and Domino and the
SmartCloud Notes service.
Frequently asked questions about administering the service
The following table provides answers to questions frequently asked about the tasks
that company administrators perform in a IBM SmartCloud Notes environment.
Table 1. Frequently asked questions about administering SmartCloud Notes
Question
Answer
Do company administrators have access to
user mail files?
By default, administrators do not have
access to user mail files. However, new users
can be provisioned with mail files that have
customized access control lists (ACLs). In
addition, the mail delegation feature can be
used to delegate management of a mail file
to an administrator or to a group of
administrators. For more information, see
“Preparing customized mail file ACLs” on
page 68 and “Mail file delegation” on page
118.
Do mail files have a size limit?
Currently a size limit (quota) of 25 GB is
enforced on the mail files of users who were
provisioned before November 22, 2014; the
mail file size limit of users who are
provisioned after this date is 50 GB. An
exception is the mail files of SmartCloud
Notes Entry users, whose mail files have a 1
GB limit.
For more information, see “Mail file quota”
on page 118.
What options are available for managing
mail file size?
Company administrators can manage the
size of mail files by setting limits on the size
of incoming messages. Additionally, they can
specify how long mail remains in mail files
by enabling automatic mail deletion for
older mail. For more information, see
“Configuring mail settings” on page 55.
Can we use a customized mail file template? Yes, company administrators can apply a
customized template to user mail files. This
is done through SmartCloud Notes
Administration. The template must meet
specific design requirements. A
representative of IBM Software Services for
Collaboration must approve it as part of a
short consulting services engagement. For
more information, see “Preparing to use
custom mail file templates” on page 61.
Chapter 1. Overview of SmartCloud Notes
9
Table 1. Frequently asked questions about administering SmartCloud Notes (continued)
Question
Answer
Can users create local replicas of their mail
files?
IBM Notes users can create local replicas of
their mail files and schedule replication
between the local replicas and the server
replicas. Local replicas are useful in a
service-only environment to provide offline
access to mail files.
For more information about creating local
replicas, see Getting started with replication
in the Notes documentation.
Are company administrators responsible for
mail database maintenance?
No, compacting and other mail database
maintenance tasks are handled within the
service for you.
How does a company administrator change
a Notes user's hierarchical name?
In a service-only environment, company
administrators change the Notes hierarchical
name, as well as the service login name, by
editing the service user account.
For more information, see “Changing a user
name” on page 145.
How do I reset a user's password?
There are two passwords. One is the service
login password that is used to log on to the
IBM Connections Cloud website at
http://www.ibmcloud.com/social. Another is
the Notes ID password used to log in to
mail servers through Notes. Reset the service
login password through the service user
account. Reset the Notes ID password
through the SmartCloud Notes
Administration. For more information, see
“Resetting service login passwords” on page
30 and “Resetting passwords for Notes IDs”
on page 31
Information resources
The following information resources are available for IBM SmartCloud Notes. Be
sure to use these resources to keep up-to-date on technical content, known issues,
and product news.
Table 2. Information resources for SmartCloud Notes
Resource
Description
IBM Connections Cloud wiki
The wiki provides the following information:
v Known issues and troubleshooting
information
v Getting started information
v Technical articles by IBM employees and
other community members
v Links to other resources such as
courseware and multi-media content
10
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Table 2. Information resources for SmartCloud Notes (continued)
Resource
Description
SmartCloud Notes known issues
This wiki article links to a comprehensive list
of SmartCloud Notes technotes on the
Support site. These technotes describe known
issues and workarounds. The article also
links to technotes about the Notes client.
SmartCloud Notes Fix List
This page shows a chronological list of fixes
made to the SmartCloud Notes service.
SmartCloud Notes Support newsletter
This newsletter highlights important
technotes and new technical articles and
courseware. To receive automatic notification
when a new edition of this newsletter is
available, add SmartCloud Notes to your
My Notifications subscription
and include the “Product information and
publications” document type in your
subscription.
My Notifications from SmartCloud Notes
Support
My Notifications enables you to receive daily
or weekly announcements through e-mail,
custom Web pages and RSS feeds. These
customizable communications can contain
important news, new or updated support
content, such as publications, hints and tips,
technical notes, product flashes (alerts).
Support page
Click Support > Technical Support from this
page for information about how to contact
SmartCloud Notes Support.
Chapter 1. Overview of SmartCloud Notes
11
12
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Chapter 2. Planning to deploy the service
To plan for the IBM SmartCloud Notes service, understand the features it offers,
the deployment options that are available, and the planning considerations.
Planning security and the network
Answer the questions described in this topic to decide about security and network
connections.
About this task
Table 3. Security and network planning questions
Question
Considerations
What process does your company use to
make network changes?
Your company might have a review and
approval process for making the network
changes required by the service. Ensure that
you understand the process and allow time
to implement the required changes.
Does your network have sufficient
bandwidth and Internet connectivity?
Clients connecting to mail files in the
service increases network traffic to the
Internet. It is important to assess whether
your current network has sufficient
bandwidth and Internet connectivity to
handle the increased traffic. You may need
to work with your Internet Service Provider
to increase network bandwidth before you
provision users for the service.
For information, see the topics “Network
capacity for the web client” on page 14 and
“Network capacity for the Notes client” on
page 14.
Will you use federated identity management? Federated identity management allows
users who are logged on to a company
system to connect to the service with the
web client without logging on again. To
enable federated identity management,
register your organization as a trusted
identity provider in the IBM Connections
Cloud service. Before you register,
implement and test a federated identity
management system that uses Security
Assertion Markup Language (SAML). While
you are implementing your system, you
make some choices and prepare several
artifacts.
For more information on this option and
other login options, see “Configuring
logins” on page 30.
13
Table 3. Security and network planning questions (continued)
Question
Considerations
What firewall changes are required?
Your firewall must allow outbound
connections to specific ports and destination
host names within the service. The settings
required depend on the clients that are used
with the service. For more information, see
“Configuring the firewall for outbound
connections” on page 17.
Do you use a forward proxy to control user
access to the Internet?
If so, you must allow network traffic to pass
transparently through the proxy over port
1352 (NRPC), if you use Notes clients, as
well as port 443 (HTTPS) for browser
clients.
Network capacity for the web client
Before using the web client, have an understanding of the approximate network
capacity that your Internet Service Provider will need to provide to support
connections from the web clients to the service.
Use the following formula as a general guideline only:
number_of_clients x 2.5 Kbps
where number_of_clients is the expected number of web clients and 2.5 Kbps is the
average network kilobits per second required for each client to connect to the
service.
This formula assumes an average level of client activity based on IBM Domino
mail benchmarks for server-based mail files. Your actual network capacity
requirements will depend on the client usage patterns in your environment.
Network capacity for the Notes client
Before configuring Notes clients to connect to the service, have an understanding
of the approximate network capacity that your Internet Service Provider must
provide to support those connections.
Use the following formula as a general guideline only:
number_of_clients x 3.1 Kbps
where number_of_clients is the number of Notes clients used and 3.1 Kbps is the
average network kilobits per second required for each client.
This formula assumes an average level of client activity based on IBM Domino
mail benchmarks for server-based mail files. Your actual network capacity
requirements will depend on the client usage patterns in your environment.
14
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Planning mail routing and mail settings
Answer the questions in this topic to help you make decisions about Internet mail
routing and mail settings.
Table 4. Mail routing and mail settings questions
Question
Considerations
What Internet domains do you own and use As part of service configuration, you verify
for Internet email addresses?
ownership of your company Internet
domains. Verification involves creating a
CNAME record in your domain DNS record.
If you do not have access to the DNS record,
you should allow time for your Internet
Service Provider (ISP) to create the required
CNAME record for you. For more
information, see “Configuring Internet
domains” on page 27.
Do you use domain aliases so that users can The service does not support domain aliases
receive email addressed to more than one
in a service-only environment. A user in the
Internet domain?
service can have only one Internet email
address.
When users send mail to external users on
the Internet, do you want to use an
on-premises SMTP server to route the mail?
By default, the service handles routing
outbound mail that users address to the
Internet. You can use a company-controlled
SMTP server to route the mail, instead.
When you use your own server, you can
perform actions such as filtering and
auditing before routing the mail. For more
information, see the topic “Preparing to use
a company SMTP server to route outbound
Internet mail” on page 20.
When external users on the Internet address
mail to your users, do you want to use an
on-premises SMTP server to route the mail
service?
By default, an SMTP server in the service
handles routing inbound mail from the
Internet that is addressed to your users. You
can instead use a company-controlled SMTP
server to accept the mail and route it to user
mail servers in the service. For more
information, see the topic “Preparing to use
a company SMTP server to route inbound
Internet mail” on page 19
If the service handles routing inbound
Internet mail, do you want apply filters to
the inbound mail?
You can create filters to allow or block
Internet email sent from specific domains or
addresses. For more information, see
“Configuring email filters for inbound
Internet mail” on page 70
Do you want to use any of the optional mail You can limit the size of incoming messages,
settings the service provides?
prevent auto-forwarding of external
messages, customize the display of Notes
document links in web client mail, configure
mail retention in the trash folder, and
control the deletion of older email. For more
information, see “Configuring mail settings”
on page 55
Chapter 2. Planning to deploy the service
15
16
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Chapter 3. Preparing for the service
After you have planned for a service-only environment, perform the steps in this
section to prepare your environment.
Related tasks:
Chapter 2, “Planning to deploy the service,” on page 13
To plan for the IBM SmartCloud Notes service, understand the features it offers,
the deployment options that are available, and the planning considerations.
Preparing the firewall
Configure the corporate firewall to allow connections to and from the service.
About this task
When configuring the firewall, specify the host names as described to minimize the
risk of network attacks from the Internet. The risk of attack increases if you relax
the host name rules.
Configuring the firewall for inbound connections
Configure firewall settings that allow the service to connect to a company SMTP
host server. These settings are required only if you plan to use a company server to
route mail that service users address to the Internet.
About this task
Table 5. Firewall settings to allow the service to connect to an SMTP host server
Protocol
Port
Source
Target
SMTP
25
The IBM SmartCloud
Notes addresses
generated by the
outer firewall of the
service.
Optional SMTP host
that routes mail to
the Internet. The host
is specified in
SmartCloud Notes
Administration at
Account Settings >
Email Management
> Manage Routing
to External Internet
Domains.
Contact your IBM
Customer Service
Representative for
this information.
Configuring the firewall for outbound connections
Configure the firewall to allow outbound connections to the service.
About this task
The following table describes the firewall settings required to allow connections
from on-premises servers and clients to specific hosts in the service. You can
substitute *.collabserv.com for the host names to represent all hosts in the service.
If your current firewall settings reference the original service domain name,
lotuslive.com, retain those settings and add the settings described in the table.
17
In addition to allowing connections over HTTPS port 443, you can allow
connections over HTTP 80. If you do, connections over HTTP are redirected to
HTTPS.
Table 6. Firewall settings for outbound connections
Port
Host name
NRPC
1352
North American data center:
notes.na.collabserv.com
Asia Pacific data center:
notes.ap.collabserv.com
European data center:
notes.ce.collabserv.com
Domino servers
IBM Notes
clients
HTTPS
443
North American data center:
notes.na.collabserv.com
mail.notes.na.collabserv.com
Asia Pacific data center:
notes.ap.collabserv.com
mail.notes.ap.collabserv.com
European data center:
notes.ce.collabserv.com
mail.notes.ce.collabserv.com
IBM
SmartCloud
Notes web
HTTPS
443
North American data center:
admin.notes.na.collabserv.com
Asia Pacific data center:
admin.notes.ap.collabserv.com
European data center:
admin.notes.ce.collabserv.com
Web browser
access to
SmartCloud
Notes
Administration
HTTPS
443
North American data center:
traveler.notes.na.collabserv.com
apps.na.collabserv.com
Asia Pacific data center :
traveler.notes.ap.collabserv.com
apps.ap.collabserv.com
European data center:
traveler.notes.ce.collabserv.com
apps.ce.collabserv.com
IBM Notes
Traveler
devices
accessing the
service via
WiFi
IMAP
993
North American data center:
imap.notes.na.collabserv.com
Asia Pacific data center:
imap.notes.ap.collabserv.com
European data center:
imap.notes.ce.collabserv.com
IMAP clients
(receiving mail)
IMAP
465
North American data center:
submit.notes.na.collabserv.com
Asia Pacific data center:
submit.notes.ap.collabserv.com
European data center:
submit.notes.ce.collabserv.com
IMAP clients
(sending mail)
North American data center:
im.na.collabserv.com
Asia Pacific data center:
im.ap.collabserv.com
European data center:
im.ce.collabserv.com
IBM Notes
clients that
connect to the
instant
messaging
community in
the service
VP (Virtual 1533
Places used for
instant
messaging)
18
Applicable
server or client
Protocol
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Table 6. Firewall settings for outbound connections (continued)
Protocol
Port
Applicable
server or client
Host name
VP (Virtual 1533
Places used for
instant
messaging)
North American data center:
webchat.na.collabserv.com
Asia Pacific data center:
webchat.ap.collabserv.com
European data center:
webchat.ce.collabserv.com
IBM
SmartCloud
Notes web
clients that
connect to the
instant
messaging
community in
the service
SMTP
North American data center:
smtp.notes.na.collabserv.com
Asia Pacific data center:
smtp.notes.ap.collabserv.com
European data center:
smtp.notes.ce.collabserv.com
SMTP servers
that route
Internet mail to
service users
North American data center:
ftp.notes.na.collabserv.com
Asia Pacific data center:
ftp.notes.ap.collabserv.com
European data center:
ftp.notes.ce.collabserv.com
Temporary
requirement for
clients that
transfer mail
files to the
service over
FTP
25
FTP
990
PASV (FTP) 60000 - 61000
Hybrid
environments
only
FTP
990
PASV (FTP) 60000 - 61000
North American data center:
ftp.na.collabserv.com
Asia Pacific data center:
ftp.ap.collabserv.com
European data center:
ftp.ce.collabserv.com
Client that
downloads
journal files
Preparing to use company SMTP servers for Internet mail routing
By default, the service handles inbound and outbound Internet mail routing. You
can prepare for company SMTP servers to route Internet mail, instead.
About this task
You can prepare company SMTP servers to route outbound Internet mail only, to
route inbound Internet mail only, or to route both outbound and inbound Internet
mail.
Preparing to use a company SMTP server to route inbound
Internet mail
By default, when external users send mail to service users over the Internet, an
SMTP server in the service handles routing the mail to the service users. You can
use a company SMTP server to route this mail, instead.
Chapter 3. Preparing for the service
19
About this task
If you use a company SMTP server to route Internet mail to your users, you are
responsible for filtering the mail for viruses and SPAM.
Do not perform this procedure if you want the service to route Internet mail to
your users.
Procedure
1. Configure the company SMTP server to accept mail for each Internet domain
that contains service users.
2. Configure mail addressed to service users to be routed to one of the following
SMTP hosts in the service:
v If you use the United States data center: smtp.notes.na.collabserv.com
v If you use the Asia Pacific data center: smtp.notes.ap.collabserv.com
3. Configure the corporate firewall to allow outbound connections over port 25 to
the SMTP host that you specified in the previous step.
What to do next
When you configure the service, skip the procedure that describes configuring the
domain MX record to deliver mail to the service. That procedure is not necessary
when you continue to use a company SMTP server for inbound Internet routing.
Related tasks:
“Configuring the MX record for a domain” on page 28
After you verify ownership of the domain, configure your domain MX record to
deliver mail to the service.
Preparing to use a company SMTP server to route outbound
Internet mail
You can configure a company SMTP host server to route mail that service users
send to external users.
About this task
Skip this procedure if you want the service to handle routing the mail that is sent
to external users. In this case (default behavior), the service filters the messages for
virus and spam before routing them to the Internet.
By using a company SMTP host server for external routing, you can act on
messages before routing them, for example, filter or audit messages. When you use
this feature, the service filters messages for viruses and spam and then routes them
directly to your designated SMTP host server. Messages addressed to any domain
that is not an internal, service-verified domain are routed to the SMTP host server.
The service uses Transport Layer Security (TLS) to route mail to the SMTP host
server if the host server uses TLS. The connection is made using STARTTLS over
SSL TCP/IP port 25.
Procedure
1. Configure your SMTP host server to accept mail from one of the following
SMTP host servers in the service:
v If you use the United States data center: smtp.notes.na.collabserv.com
20
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
v If you use the Asia Pacific data center: smtp.notes.ap.collabserv.com
v If you use the European data center: smtp.notes.ce.collabserv.com
For more information on this step if you use a Domino SMTP server, see the
topic about enabling a server to receive mail sent over SMTP routing in the
Domino documentation.
2. Configure the corporate firewall to allow inbound connections over port 25
from the service SMTP host server specified in the previous step. For more
information, see the topic “Configuring the firewall for inbound connections”
on page 17.
3. If specifying a maximum message size, configure your SMTP host server to
accept messages up to 100 MB in size, the maximum message size allowed by
the service. For more information on this step if you use a Domino SMTP
server, see the topic about restricting mail routing based on message size in the
Domino documentation.
4. Configure your SMTP host server to relay mail to external Internet domains.
For more information on this step if you use a Domino SMTP server, see the
topic about setting inbound relay controls in the Domino documentation.
5. Configure your SMTP host server to route mail to the Internet. For more
information on this step if you use a Domino SMTP server, see the topic about
setting up SMTP routing to external Internet domains in the Domino
documentation.
What to do next
When you complete the service configuration, perform the procedure “Specifying
an SMTP server to route mail to the Internet” on page 60.
Related concepts:
“Example: Routing mail from a service user to an external user
SMTP host”
This example illustrates how mail is routed from a service user
on the Internet when a company SMTP server routes the mail.
“Example: Routing mail from a service user to an external user
SMTP host” on page 22
This example illustrates how mail is routed from a service user
on the Internet when the service manages the routing.
Related information:
using a company
to an external user
using a service
to an external user
Domino documentation
Example: Routing mail from a service user to an external user
using a company SMTP host
This example illustrates how mail is routed from a service user to an external user
on the Internet when a company SMTP server routes the mail.
In this example:
v The external user is in the zetabank.com domain.
v The external SMTP server is smtp.zetabank.com.
v The on-premises SMTP server is smtp.renovations.com.
v The service user is in the renovations.com domain.
v The service user’s mail server is Mail1/Renovations.
Chapter 3. Preparing for the service
21
When the service user addresses mail to the external user in the zetabank.com
domain, the following steps are taken to route the mail.
1. The service user’s mail server, Mail1/Renovations, routes the mail to an SMTP
server in the service.
2. The SMTP server in the service routes the mail to a mail hygiene server in the
service.
3. The mail hygiene server in the service scans the mail for viruses and spam and
then routes the mail to the on-premises SMTP server, smtp.renovations.com.
4. The on-premises SMTP server, smtp.renovations.com, filters and audits the
mail, and then routes the mail to the external SMTP server, smtp.zetabank.com.
.
Company-controlled SMTP server routing mail from a service user to an external user
Example: Routing mail from a service user to an external user
using a service SMTP host
This example illustrates how mail is routed from a service user to an external user
on the Internet when the service manages the routing.
22
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
In this example:
v The external user is in the zetabank.com domain.
v The external SMTP server is smtp.zetabank.com.
v The service user is in the renovations.com Internet domain.
v The service user’s mail server is Mail1/Renovations.
When the service user sends mail to the external user in the zetabank.com domain,
the following steps occur to route the mail.
1. The service user’s mail server, Mail1/Renovations, routes the mail to an SMTP
server in the service.
2. The SMTP server in the service routes the mail to a mail hygiene server in the
service.
3. The mail hygiene server scans the mail for viruses and spam and then routes
the mail to the external SMTP server, smtp.zetabank.com, over the Internet.
.
Service routing mail from a service user to an external user
Chapter 3. Preparing for the service
23
24
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Chapter 4. Configuring the service
After you have prepared your environment for the service, perform the steps in
this section to configure the service.
Related tasks:
Chapter 3, “Preparing for the service,” on page 17
After you have planned for a service-only environment, perform the steps in this
section to prepare your environment.
Logging on as the first company administrator
An IBM Customer Service Representative creates the IBM SmartCloud Notes
account for your company. This step creates a company administrator account
under a name and email address provided by your company. IBM sends an email
to the address confirming your purchase. To activate the account for your
company, follow the URL link in this email and log on to the IBM Connections
Cloud website as the company administrator.
About this task
Perform the following steps to activate the account for your company and log on
as the first company administrator.
Procedure
1. Open the email that was sent to the company administrator email address
confirming your purchase.
2. Click the URL link in the email, to open the Registration page.
3. Perform the following steps on the Registration page:
a. Create and confirm a service logon password.
b.
c.
d.
e.
Important: The email address that is shown is the logon name for the
company administrator account. Be sure to remember it and the new
password.
Select a country, language, and time zone.
Read the terms of use and privacy practices information, and if you agree to
them, click I accept the Terms of Use.
Click Submit.
Log on using the company administrator email logon and new password.
Results
You are now logged on to your home page. To log on in the future, go to
http://www.ibmcloud.com/social.
What to do next
Configure the SmartCloud Notes service, if IBM is not configuring it for you.
25
Configuring your account settings
To set up the service for your company, a company administrator or your IBM
Customer Service Representative configures your company account settings.
Before you begin
Make sure that IBM has created the SmartCloud Notes account for your company
and that you have activated it by logging on to the service as the first company
administrator.
About this task
Perform the following steps if you are a company administrator and want to
configure account settings.
Procedure
1. Log on to http://www.ibmcloud.com/social as a company administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes and then click Account Settings.
4. Make sure the Hybrid Environment option is not selected, and then click Set
Up My Account.
5. In the next window, click Continue to confirm that you do not want to
integrate the service with on-premises IBM Domino servers.
Note: If you are unsure, click Back. After you press Continue, changing your
account type requires the assistance of your IBM Customer Service
Representative.
6. Click Begin Setup.
7. In the “Tell us your Internet domain name” window, provide a valid Internet
domain name that your company owns and uses for Internet mail, for
example, renovations.com, then click Next.
8. In the “Choose your organization name” window, provide a name for your
organization that is at least six characters. The name becomes part of your
Notes user names and is usually your company name. Use a short
organization name for ease of use, for example, Renovations rather than
Renovations Incorporated. Click Next.
9. In the “Choose your mail server base name” window, provide a base with
which to begin the names of your mail servers. A number is added to the base
so that your servers are numbered sequentially, for example,
Mail1/SCN/Renovations, Mail2/SCN/Renovations. Do not specify a number
as part of the base. Click Next.
10. Verify your selections and, when you are satisfied with them, click Activate
My Account.
What to do next
When you are done configuring account settings, complete the tasks in the order
shown. Service users can receive mail addressed to this domain only after the tasks
are completed.
v “Verifying ownership of a domain” on page 27
v “Configuring the MX record for a domain” on page 28
26
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Configuring Internet domains
To enable users to receive mail addressed to an Internet domain, first verify
ownership of the domain, and then configure an MX record for the domain.
Verifying ownership of a domain
Internet domain name verification is a standard industry practice among domain
hosting services to confirm domain name ownership and to prevent abuse of user
accounts. You need to verify only the domain names that correspond to Internet
addresses of users that you are provisioning.
About this task
There are different methods to verify domain names. The service uses a CNAME
record for this purpose by requiring you to create a CNAME record to prove
ownership. Your domain hosting service should provide instructions for creating a
CNAME record; however, if they do not, contact them directly.
A CNAME record is an entry in the Domain Name System that is used to define a
host name alias for an Internet domain. To prove ownership of a domain, you sign
in to your domain hosting service and use the DNS Management settings to create
a temporary CNAME record for the domain. Then the service uses the alias in the
CNAME record to query your domain. A successful query proves that you were
able to create the CNAME record and therefore that you own the domain.
If you do not have the authority to create a CNAME record for your domain, extra
time may be required to contact your domain hosting service and have them create
the record for you.
Verifying a root domain also verifies any subdomains of it that are listed. For
example, verifying renovations.com verifies west.renovations.com if listed in the
Internet Domain Verification window. After you verify a root domain, no other
company can use it or any subdomain of it.
You can perform this procedure even if you are in the process of switching domain
hosting services.
Perform the following steps to verify ownership. Users cannot receive mail
addressed to this domain until ownership is verified.
For additional information, see the exercise about verifying ownership of your
domain in the IBM SmartCloud Notes in a service-only environment on-line
training course.
Procedure
1. Log on to http://www.ibmcloud.com/social using the email address and
password of a user with the Administrator role.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes and then click Account Settings.
4. In the navigation pane, click Internet Domain Verification.
5. In the Internet Domain Verification window, click Verify Ownership next to the
domain to verify.
Chapter 4. Configuring the service
27
6. Sign in to your domain hosting service and use the DNS management settings
to create a new CNAME record. Use the information that is shown in the
Internet Domain Verification window to create the CNAME record.
v Put the unique key that is shown into the first field of the CNAME record.
The name of this field varies by vendor, but it is sometimes named prefix or
alias.
v Put collabserv.com into the second field of the CNAME record. This field is
sometimes named destination or target host.
7. After you create the CNAME record, click Begin Verification to begin
verification of the domain.
The unique key continues to be shown in the Internet Domain Verification
window until verification completes successfully.
Results
To verify domain ownership, the service uses the alias in the CNAME record to
query your domain. For example, if the CNAME key is domino-1jkkiaojd-rules
and your domain name is renovations.com, the service queries
domino-1jkkiaojd-rules.renovations.com.
If verification is not successful, check that the unique key shown exactly matches
the one added to the CNAME record. If the values are different, do not restart
verification. Rather, update the CNAME record with the correct key and simply
wait again for verification to complete.
Domain verification can take up to 48 hours, although usually it takes much less
time. If after 48 hours domain verification has not completed, click Restart
Verification. Restarting verification generates a new unique key and you must
then replace the old key with the new key in the CNAME record. Only restart
verification if 48 hours have passed since you clicked Begin Verification.
After a domain is verified, you can remove the CNAME record you created.
What to do next
Next, complete the task Configuring the MX record for the domain.
Configuring the MX record for a domain
After you verify ownership of the domain, configure your domain MX record to
deliver mail to the service.
About this task
A Mail eXchange (MX) record identifies an SMTP host to which mail for a domain
is sent. To enable your service users to receive email addressed to the verified
domain, edit or create an MX record. Configure the MX record to point to the IBM
SmartCloud Notes SMTP host name. If this domain is new, create an MX record for
it.
Contact your domain provider for information about the steps required to create or
edit MX records. When you configure the MX record, specify one of the following
SMTP host names, depending on the data center that you use.
v If you use the United States data center, specify smtp.notes.na.collabserv.com.
v If you use the Asia Pacific data center, specify smtp.notes.ap.collabserv.com.
28
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
v If you use the European data center, specify smtp.notes.ce.collabserv.com.
Delete any MX records used previously for the domain.
What to do next
Next, Customize settings.
Configuring additional Internet domains for the service to use
When you configured your company account settings, you provided the name of
one domain to use for routing Internet mail to your users. If you own additional
Internet domains, you can configure the service to use them too.
Procedure
1. Log on to http://www.ibmcloud.com/social using the email address and
password of a user with the Administrator role.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings and then click Internet Domains.
5. Click Add Internet Domain, type the domain name, for example,
renovations2.com, and click Save.
Note: If necessary, you can edit or delete a domain you added previously.
What to do next
Next, verify ownership of the domain.
Customizing settings
After you configure account settings and Internet domains, optionally customize
settings in the service to suit your needs.
Enabling the accessible experience for the web client
You can submit a request to enable the accessible experience for the web client for
everyone in your organization. Mail, Calendar, Contacts, and Preferences features
provided with this experience are all accessible.
About this task
Accessibility features help users who have a disability, such as restricted mobility
or limited vision, to use information technology products successfully.
Another accessible experience for the web client is the desktop ultra-light mode.
For more information on this mode, see the topic about web client accessibility
features in the user documentation.
Both accessible experiences are supported on a computer using Mozilla Firefox 24+
ESR or higher.
See the IBM Human Ability and Accessibility Center for more information about
the commitment that IBM has to accessibility.
Chapter 4. Configuring the service
29
Procedure
To enable the accessible experience for the web client for all users in your
organization, contact Support.
Related information:
Web client accessibility features
Support
Configuring logins
Reset passwords, manage password expiration periods, set up federated identity
management, restrict logins to an IP range, and enable application passwords.
Resetting service login passwords
Users can reset their own service login passwords once within a 24 hour period by
clicking Forgot password?. An administrator or administrator assistant can reset
service login passwords for any user at any time.
About this task
Reset passwords when userd forget their passwords, or when the password might
be compromised. Users that log in by clicking Use My Organization's Login are
using a federated identity and can reset their passwords only by following their
company's process.
If administrators enable password synchronization, when users change their
service login passwords, they can also use the new passwords to log in to the IBM
Notes client.
Follow these steps to reset any user's password:
Procedure
1. Click Administration > Manage Organization.
2. Click User Accounts.
3. Select the arrow next to the user that needs the password changed.
4. Select Reset password and enter the new password. This password is a
temporary password that the user enters the next time that they log in. At that
time, the user is asked to create a password.
You can also reset the password by editing the user account. Click the
appropriate user name in User Accounts and enter a new password in the
Account Login tab.
5. Notify the user of the password change. The user is not automatically notified
that the password was reset. Make sure to communicate this change to the user,
along with the new password if needed.
What to do next
Administrators can enable security settings to enforce password expiration through
System Settings > Security. When s user logs in with an expired password, the
user is prompted to reset that password.
30
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Setting service login password expiration
By default, service login passwords do not expire. Enforcing a password expiration
period helps ensure that passwords are changed frequently. Administrators can set
a password expiration interval for all users.
Procedure
1. Click Administration > Manage Organization
2. Click Security.
3. Click Edit Settings in the Password Settings section. Select the number of days
before a password expires, how the password can be reset, and add password
reset support for your users.
Managing Notes IDs
You can reset Notes ID passwords, set Notes ID password expiration, and
synchronize Notes ID passwords with service login passwords.
Resetting passwords for Notes IDs:
Reset the password on an IBM Notes ID file to change the current password.
Typically you do this because a user has forgotten the current password.
About this task
This procedure applies only to passwords associated with Notes ID files used with
Notes clients, and not to service login passwords.
Procedure
1. Log on to http://www.ibmcloud.com/social using the e-mail address and
password of a SmartCloud Notes user with the Administrator role.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Users.
5. In the Search box, type the beginning characters of any of the following user
values to display the user's name:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on ma
include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
Chapter 4. Configuring the service
31
6. Click the user's name in the search results.
7. Under Available actions for this user, click Reset IBM Notes Password.
8. Enter a new password, and then click Save Changes. The password must be at
least eight characters in length.
9. Provide the new password to the user in a way that complies with your
company security policies.
Results
After you complete this procedure, the user can log on to a SmartCloud Notes
server from an IBM Notes client using the new password. After logging on with
the new password, the user is prompted to change the password.
Note: If the Wrong Password prompt is displayed, tell the user to re-enter the new
password that you provided. If that step does not solve the problem, tell the user
to delete the local ID file and then re-enter the password.
The user has five days from the time you reset a password to use the password to
log on to a SmartCloud Notes mail server and download the new password to the
Notes client. If the 5-day limit is exceeded, the user sees the following message
and you must reset the password again:
Contact your company administrator to have your Notes ID password reset.
Related concepts:
“Notes IDs and passwords” on page 35
When users connect to their mail servers in the cloud with IBM Notes clients and
Notes IDs, they are authenticated using Notes Remote Procedure Call (NRPC)
authentication.
Related tasks:
“Resetting service login passwords” on page 30
Users can reset their own service login passwords once within a 24 hour period by
clicking Forgot password?. An administrator or administrator assistant can reset
service login passwords for any user at any time.
“Setting password expiration for Notes IDs”
For users who access the service with the IBM Notes client, you can specify when
Notes ID passwords expire. This password expiration does not apply to web users
because they log in using their web login password rather than a Notes ID
password.
“Enabling password synchronization” on page 33
When users change their service login passwords, password synchronization
enables the users to use the new passwords when they log in to the IBM Notes
client.
Setting password expiration for Notes IDs:
For users who access the service with the IBM Notes client, you can specify when
Notes ID passwords expire. This password expiration does not apply to web users
because they log in using their web login password rather than a Notes ID
password.
Before you begin
For information on how this feature interacts with the password synchronization
feature, see “Enabling password synchronization” on page 33.
32
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
About this task
If users click File > Security > User Security, the Password must be changed by
field does not show the password expiration date.
Perform the following procedure to set password expiration for Notes IDs.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes and then click Account Settings.
4. Click Password Management
5. Click Enable password expiration for IBM Notes clients.
6. Enter the number of days a password can be used before it expires. The
minimum value for this setting is 30 days; the maximum is 3650 days.
Results
v When password expiration is first enabled, the passwords of all current users
expire on a random basis after the expiration period, regardless of when the
passwords were last changed. For example, if the expiration period is 90 days,
all current users are prompted to change their passwords on a random basis
when first authenticating after the 90-day expiration period.
v The passwords of new users also expire on a random basis after the expiration
period.
v Users who are logged in when this setting becomes effective are not prompted
to change the password during the current login session.
v Users might experience a lag time of a few seconds between the time they
change their password and authentication. This lag occurs while the updated ID
is synchronizing with the vault. If the synchronization does not complete,
authentication can fail. In that case, users can wait a few minutes, and then try
again. If the synchronization continues to fail and the user cannot access the
client, reset the Notes ID using SmartCloud Notes Administration.
What to do next
You might want to communicate the following information to your users:
v There is no warning that informs them that their password is about to expire.
v How often they will be prompted to reset their passwords.
v What to do if authentication fails after they change their passwords.
Related tasks:
“Resetting passwords for Notes IDs” on page 31
Reset the password on an IBM Notes ID file to change the current password.
Typically you do this because a user has forgotten the current password.
Enabling password synchronization:
When users change their service login passwords, password synchronization
enables the users to use the new passwords when they log in to the IBM Notes
client.
Chapter 4. Configuring the service
33
About this task
Password synchronization benefits users who are active users of both the web and
Notes clients by allowing them to use one password for both clients.
After you enable password synchronization, when users change their service login
passwords, the new passwords are added to the Notes ID files in the ID vault.
Users can then use the new passwords the next time they log in to the service from
the Notes client.
Password synchronization occurs whenever users change their service login
passwords. Users can change the service login passwords at any time through
Connections Cloud My Account Settings. They also change the passwords:
v After they log in to the service for the first time with temporary passwords;
v After they log in to the service after an administrator resets their service login
passwords;
v After they log in to the service when service login password expiration is
enabled and their passwords expire.
Before you enable password synchronization, be aware of the following
information:
v The feature does not apply to users who log in to the service with a federated
identity that your organization defines.
v Synchronization occurs in one direction: from the service login password to the
Notes ID password. Changing the Notes ID password does not change the
service login password.
v When service login passwords change, Notes client users are not required to use
the new passwords. Their old passwords remain valid until they use the new
passwords to log in to the service from the Notes client. Because the continued
use of the old password prevents ID synchronization with the ID vault, as a best
practice, recommend to users that they use the new passwords on the Notes
client.
v Synchronization occurs after Notes clients are connected to the service.
v Notes client users can change their Notes ID passwords, either by choice or
because you enable the Password Expiration setting in SmartCloud Notes
Administration and their passwords expire. When Notes users change the Notes
ID passwords, the service login passwords do not change automatically.
However, users can use Connections Cloud My Account Settings to change the
service login passwords to match the new Notes ID passwords.
v If you enable password expiration for Notes IDs, a Notes ID password might
expire before a user logs in to Notes with a new service login password. In this
case, the user can log in to the Notes client with the old Notes ID password but
the user is prompted to change the password when opening mail or another
application. At this point the user can provide the new service login password.
To enable password synchronization, complete the following procedure.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes and then click Account Settings.
4. Click Password Management.
34
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
5. In the Password Synchronization section of the page, select Enable password
synchronization.
6. Click Save.
Results
When users change their service login passwords, they can use the new passwords
to log in to the Notes client.
If users change the Notes ID password, the service login password does not
change automatically.
What to do next
Notify users that the feature is enabled. Recommend that when they change the
service login passwords that they use the new passwords to log in to the Notes
client.
Related tasks:
“Resetting service login passwords” on page 30
Users can reset their own service login passwords once within a 24 hour period by
clicking Forgot password?. An administrator or administrator assistant can reset
service login passwords for any user at any time.
“Setting service login password expiration” on page 31
By default, service login passwords do not expire. Enforcing a password expiration
period helps ensure that passwords are changed frequently. Administrators can set
a password expiration interval for all users.
Related information:
Federated identity management
Notes IDs and passwords:
When users connect to their mail servers in the cloud with IBM Notes clients and
Notes IDs, they are authenticated using Notes Remote Procedure Call (NRPC)
authentication.
In service-only environments, and in hybrid environments that do not use
on-premises security policy settings to configure password requirements, Notes ID
passwords must be at least eight characters. Passwords must also have a password
quality of 8, on a quality scale of 0 (weakest) to 16 (strongest). Password quality
refers to the required character complexity of passwords. In hybrid environments,
you can use on-premises security policy settings to control password requirements.
By default, Notes ID passwords do not expire and keeping this default behavior is
recommended. Nevertheless, you can configure a password expiration interval of
from 30 to 3650 days through the SmartCloud Notes Administration interface.
If users forget their Notes ID passwords, company administrators can use the
SmartCloud Notes Administration interface to reset the passwords to temporary
values. The users use the temporary passwords to log in to the service from a
Notes client and then are prompted to change the passwords.
Chapter 4. Configuring the service
35
The Notes shared login feature is supported in hybrid environments. This feature
allows users to log in to Microsoft Windows and then use the Notes client without
providing a Notes ID password. A benefit of this feature is there are no Notes ID
passwords to use or remember.
The Notes client can connect automatically to the cloud service instant messaging
community and to cloud service Activities through the client sidebar. (Access to
service Activities requires a collaboration subscription). After users log on to the
service mail server from the Notes client, a single-sign on capability enables them
to access these cloud services during the session without providing their cloud
service account login credentials. A Notes client can be configured to connect to
both on-premises and cloud instant messaging servers or Activities servers through
the sidebar. In this case, users must provide their cloud service login credentials to
access the cloud servers.
Related tasks:
“Resetting passwords for Notes IDs” on page 31
Reset the password on an IBM Notes ID file to change the current password.
Typically you do this because a user has forgotten the current password.
“Setting password expiration for Notes IDs” on page 32
For users who access the service with the IBM Notes client, you can specify when
Notes ID passwords expire. This password expiration does not apply to web users
because they log in using their web login password rather than a Notes ID
password.
Setting up federated identity management
When you set up federated identity management, users log on to the service using
your on-premises authentication mechanism.
About this task
Federated identity management provides the following benefits:
v It allows your company to control the type of authentication and authentication
options. For example, you might restrict access to specific networks, use VPN
connections, define custom password strength or password expiration periods,
use smartcards, or require two-factor authentication.
v Users can use their familiar, on-premises credentials to access the cloud service.
v While users are logged on to the on-premises identity provider, they can access a
cloud service without being re-prompted for credentials.
After you implement federated identity management, you must accommodate
users of mobile apps. If all of your mobile users have one or more IBM mobile
apps such as Connections, Chat, Meetings, or most versions of IBM Notes Traveler,
you have the following options:
v Set up an additional, separate federated identity management endpoint for the
IBM mobile apps. For more information about this, see the Flow models section of
“SAML federated identity concepts” on page 37.
v Use the partial authentication type when setting up federated identity
management, which allows you to specify a group of users to whom federated
identity management does not apply. In this case, you would specify your
mobile device users. For more information about the partial authentication type,
see the Authentication types section of “SAML federated identity concepts” on
page 37.
v Use application passwords. For information about application passwords, see
“Enabling application passwords” on page 43.
36
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
All other mobile apps must use application passwords when federated identity
management is implemented.
Notes Traveler version 9.0.1.3 or greater for Android is an exception to the rule. It
can connect to the same federated identity management system that non-mobile
apps use.
Note: Users to whom federated identity management applies cannot connect to the
service with IMAP clients or FTP clients.
SAML federated identity concepts:
Learn about the federated identity process as implemented in the cloud service, the
flow models that are supported, and the authentication types.
Overview of the process using SAML
Cloud services rely on SAML to provide the SSO services. In this implementation,
your organization is the identity provider, and the cloud service is the service
provider. You can use either SAML 1.1 or SAML 2.0.
As the identity provider, your organization authenticates users. The authentication
can be by a login with a user name and password, or by some other method. For
mobile apps, the authentication must be by a login with user name and password.
When a user gains access to your intranet and attempts to use a cloud service, a
SAML assertion is sent from your organization to the SAML endpoint in the cloud
service. The SAML assertion securely identifies the user. The cloud service uses the
SAML assertion to decide whether the user can access it.
Flow models
Two flow models exist in federated identity management. One model is the
identity provider initiated model (IdP-initiated), and the other is the service
provider initiated model (SP-initiated). Mobile apps use the SP-initiated model.
Normally, the SP-initiated flow model is not available in SAML 1.1 because SAML
1.1 does not support Identity Provider Discovery Profile. However, the cloud
services use a hybrid version of SP-initiated that allows both SAML 1.1 and SAML
2.0. As a result, Identity Provider Discovery Profile is not required by cloud
services, and is not implemented.
The cloud services implement the Browser/POST profile that is used in SAML 1.1
and is compatible with the Web Browser SSO profile in SAML 2.0. Other profiles
are not supported at this time.
The following outlines describe the two flows:
IdP-initiated
1. The user gains access to your intranet via your organization's
authentication mechanism.
2. The user navigates to a web page on your intranet that contains a link
to a cloud product such as Connections Cloud or SmartCloud Notes
web.
3. The user clicks the link.
Chapter 4. Configuring the service
37
4. The SSO process is initiated. A SAML assertion is sent to the cloud
endpoint via HTTP POST. If the user has a valid account, access is
granted.
5. The user interacts with the cloud product.
SP-initiated hybrid
1. The user navigates to the cloud service login page.
2. The user clicks Use My Organization's Login.
3. The user enters the email address that is associated with the user’s
account.
4. The cloud service looks up the email address and then redirects the
user to your organization’s authentication mechanism.
5. The flow continues from Step 4 of the IdP-initiated model.
The SP-initiated hybrid flow model also applies to mobile apps. Before using a
mobile app, the user must do a one-time setup of the mobile app to use a cloud
server. The setup process is different for each mobile app; instructions are included
in the documentation of each app.
The following outline describes the flow for mobile apps:
SP-initiated hybrid for mobile apps
1. A mobile app initiates a connection to a cloud service.
2. The cloud server looks up the email address and then responds with
the mobile login URL of your organization’s mobile authentication
mechanism.
3. The mobile client issues a basic authentication request to the mobile
login URL with the user's email address and password.
4. If the basic authentication is successful, a SAML assertion is returned to
the mobile app.
5. The mobile app sends the SAML assertion to the cloud endpoint via
HTTP POST. If the user has a valid account, access is granted.
6. The mobile user interacts with the cloud product.
Authentication types
Four types of federated identity management are available: Federated, Modified,
Partial, and Non-federated. By default, all users in your organization are assigned
the Non-federated type unless you enable one of the other types.
Federated
Users must authenticate with your organization before they can access
cloud services. Users do not have a user name or password in the cloud
user account. If they go to the service login page, they must click Use My
Organization's Login. The Federated type applies to all users in your
organization.
The Federated type is convenient for your users who normally work from
the office. They can log on to your system and use cloud services without
needing a separate user name and password combination. However, if any
of your users work from home or work while traveling, your directory
servers must be accessible from the Internet. Also, because your users
cannot log in with a name and password that is defined in the service,
services such as chat and IMAP are not available.
38
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
If you choose the Federated type, you must implement the SP-initiated
flow model.
Modified
Users have the option of authenticating with your organization before
accessing the cloud-based services, or using a name and password defined
in the service to log on. The Modified type applies to all users in your
organization.
The Modified type allows your users to access cloud services from the
Internet, but you do not need to make your directory servers accessible
from the Internet. Your users can use the single sign-on services when they
are in the office, and the cloud service login when they are outside the
office.
Partial
Each user in your organization is assigned one of the previously listed
types: Non-federated, Federated, or Modified. If you do not specify a type
for a particular user, the user is assigned the Non-federated type.
Use the Partial type if you have one group of users who normally work in
the office, and another group of users who normally work from home or
who travel frequently. For example, the office workers can be assigned the
Federated type, and the traveling sales team can be assigned the Modified
type.
You can also use the Partial type to group users by the services that are
available to them. Users with the Federated type do not have access to chat
or POP/IMAP, but users of the Modified type do have access to chat and
POP/IMAP.
If you choose the Partial type, you must implement the SP-initiated flow
model to support users with the Federated type.
Non-federated
The login for the cloud service is independent of, and separate from, your
organization's login procedure. Users must log on using the name and
password defined in the service to use the cloud-based services.
The Non-federated type is the default type, and is the simplest and easiest
type to set up because it requires no action on your part.
After one of the federation types is implemented, you can change to one of the
other types by contacting your customer services representative. The customer
services representative will advise you on the process. If you are using the Partial
type, you can change individual users from one type to another without the need
to contact your customer services representative.
Preparing for federated identity management:
The difficulty of getting your system ready for federated identity management
depends on both the state of your system, and on your knowledge and experience
with SAML, SSO, LDAP, and related technologies.
Before contacting your IBM customer service representative to enable federated
identity management, review the following checklist:
v Choose the version of SAML that you want to use. You can use either SAML 1.1
or SAML 2.0.
Chapter 4. Configuring the service
39
v Choose the type of federation that you want to employ: Federated, Modified, or
Partial. See the topic SAML federated identity concepts for more information.
v Review the IdP-initiated flow model and the SP-initiated hybrid flow model. See
the topic SAML federated identity concepts for more information.
v Implement SAML on your web server. You can use Tivoli® Federated Identity
Manger, OpenSAML, Active Directory Federation, or some other federated
identity manager.
v If you are setting up federated identity for users of mobile apps, create a second
endpoint that accepts basic authorization. The mobile apps work with the
SP-initiated flow model only.
v Retrieve or create the private/public key pair that will be used in digital
signatures.
v Integrate your directory server with your SAML service. Administration is easier
if all of your users are on the same directory server.
v Implement and test the SAML Browser/POST profile in either SAML 1.1 or
SAML 2.0.
v Create a dummy service provider and conduct an IdP-initiated single sign-on
test to make sure that everything is working correctly.
v Create a SAML metadata file to transmit your identity provider metadata to the
IBM customer service representative. If you are using SAML 1.1, you have the
option of transmitting most of the information in an email or by some other
means that you negotiate with the IBM customer service representative.
However, in this case you must transmit the public key inside a Java™ keystore.
Enabling federated identity management:
When your system is ready for testing with the cloud system, contact an IBM
customer services representative.
Before you begin
Before you start the enablement process, review the following list:
1. Implement and test a federated identity management system that uses SAML.
Make sure that your system is configured to send the user’s email address as
the subject in a SAML assertion.
2. Test your system to make sure that it is configured for the type and flow model
that you have chosen. See the topic SAML federated identity concepts for more
information.
3. Complete the checklist in the topic Preparing for federated identity management
Procedure
To enable federated identity management:
Send an email to cloudcsg@us.ibm.com. In the email, request to have federated
identity management enabled for your organization. An IBM customer services
representative will contact you with instructions and provide details of the process.
What to do next
After federated identity management is enabled, notify users of IBM mobile apps
such as Traveler, Chat, or Meetings that they must generate application passwords.
Users enter the application password instead of their regular login passwords
40
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
when logging in with a mobile app. In the notification, include the following link,
which has instructions for generating application passwords: https://
apps.na.collabserv.com/help/topic/com.ibm.cloud.welcome.doc/
logins_application_passwords.html
Configuring the Sametime rich client for SAML and downloading:
Your users can chat using the IBM Sametime Connect rich client.
About this task
If your organization uses a standard login, your users can use any standalone
Sametime Connect client at version 8.5.1 or later. They can also use the embedded
version in Notes 9.0 or later.
If your users log in with your organization's authentication credentials and use
SAML token authentication for federated identity management, you can create a
pre-configured installation package for Sametime Connect or for Notes. SAML
support in Sametime and in Notes uses the Form based user/password login type.
Alternatively, Users can download the SAML-enabled Sametime client that is
available in SmartCloud and configure it themselves. Instructions to do this are in
the user help https://apps.na.collabserv.com/help/topic/com.ibm.cloud.chat.doc/
imb_download_saml.html. However, users will need SAML IDP information from
you to complete the configuration.
Procedure
To create a pre-configured installation package:
1. Locate the plugin_customization.ini file.
The file is in one of the following locations, depending on the operating
system:
Windows
Inside the deploy folder of the package root.
RedHat Linux
Inside the RedHat .rpm package at one of the following locations:
For Sametime Connect: \opt\ibm\Sametime\framework\rcp\deploy
For Notes: \opt\ibm\notes\framework\rcp\deploy
MacOS
Inside sametime-*.pkg\Contents\deploy.
2. Add the following configuration lines in the plugin_customization.ini file,
based on your company's Sametime community and SAML IDP information.
Note: To fit the width of this page, some records are shown on more than one
line. In the plugin_customization.ini file, each record is a single line.
# ";" is used to separate multiple communities
com.ibm.collaboration.realtime.community/saml_communities=<Sametime
# IDP server url
com.ibm.collaboration.realtime.community/<Sametime community server
<SAML authentication login URL>
# login type of IDP server
com.ibm.collaboration.realtime.community/<Sametime community server
# html tag id or tag name of the user name field in IDP web page.
com.ibm.collaboration.realtime.community/<Sametime community server
community server host name>
host name>.idp=
host name>.idp.type=form
host name>.idp.form.username.tag=
Chapter 4. Configuring the service
41
<form_username_field_id> | <form_username_field_name>
# html tag id or tag name of the user password field in IDP web page.
com.ibm.collaboration.realtime.community/<Sametime community server host name>.idp.form.password.tag=
<form_password_field_id> | <form_password_field_name>
# html tag id or tag name of the submit field in IDP web page.
com.ibm.collaboration.realtime.community/<Sametime community server host name>.idp.form.submit.tag=
<form_submit_field_id> | <form_submit_field_name>
# Optional. The default value is "false". If "true", all on-premises communities are deleted
com.ibm.collaboration.realtime.community/<Sametime community server host name>.primary=false
# Optional. The default value is "false". if "true", the SmartCloud community can be
# removed from the communities preference page
com.ibm.collaboration.realtime.community/<Sametime community server host name>.editable=false
Sample:
Note: To fit the width of this page, some records are shown on more than one
line. In the plugin_customization.ini file, each record is a single line.
com.ibm.collaboration.realtime.community/saml_communities=im.na.collabserv.com
com.ibm.collaboration.realtime.community/
im.na.collabserv.com.idp=https://www.example.com/FIM/sps/SAML20/logininitial?
PartnerId=https://apps.na.collabserv.com/sps/sp/saml/v2_0&
TARGET=https://apps.na.collabserv.com&PROTOCOL=POST
com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.type=form
com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.form.username.tag=Intranet_ID
com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.form.password.tag=password
com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.form.submit.tag=ibm-submit
3. Replace the existing plugin_customization.ini file in the Sametime installation
package or in the Notes installation package with the file that you updated.
4. Distribute the updated Sametime installation package or Notes installation
package to your users. The SAML configuration information is automatically
populated when your users install the client.
Note: The installation package that you distribute to Mac users must be
digitally signed by IBM. Before distributing the installation package to Mac
users, email your modified plugin_customization.ini file to
support@collabserv.com. A signed installation package will be created and
returned to you.
Restricting the IP address range
To ensure that users log in from an approved network connection, administrators
can define an approved range of IP addresses.
About this task
By restricting the IP addresses that have access to your organization, you provide a
level of protection against user's credentials being stolen or phished. If IP ranges
are restricted to your network, an attacker would need to authenticate to the server
from within your network to access any stolen credentials.
If your company uses SMTP, POP or iMAP protocols, restrictions are not applied.
Also, restrictions are not applied to SmartCloud Notes Notes Remote Procedure
Calls (NRPC).
Procedure
1. Click Administration > Manage Organization
2. Click Security.
3. Click Add Range in the IP Address Ranges section to enter the beginning and
ending IP addresses. You must specify the IP address at which you are
currently logged in.
42
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Results
Enabling IP address restrictions might block mobile user access to your
organization. For example, Blackberry users must authenticate through a
Blackberry Enterprise Server (BES) which authenticates both the mobile device and
the user. Because the IP address for the authenticated user is that of the BES server,
IP address restrictions can block access, depending on the range specified. Use
VPN tools on the mobile device to route traffic to your organization using your
network
What to do next
You can use IP address restrictions as a secondary authentication mechanism in
combination with SAML single sign-on authentication.
Enabling application passwords
Application passwords can be used to provide a secure login for applications that
do not support forms-based authentication. For example, they can be used to
access applications that require passwords on a mobile device or for organizations
that use federated identity and service login passwords are not used. When you
enable application passwords, you also have the option of requiring the use of
application passwords, and of allowing mobile users to bypass IP restrictions.
About this task
If you require an application password, then the service login password is disabled
for the application, and users must log in using the application password. For
example, users would be required to use the application password to log in to the
service on a mobile device or in a browser. However, they could still use the
service login password to log in to the service web site and for other applications.
If you do not require an application password, then users can continue to log in
from a browser, for example, using their service login password.
If you allow mobile users to bypass IP restrictions, application passwords provide
an additional layer of password strength. This is due in part to their length (16
characters) and because they are generated using a strong random number
generator. If a mobile device is lost or stolen, you can then disable the IP restriction
bypass which prevents access to the application outside your organization's
designated IP range.
Note: If you enable application passwords and select the Ignore IP range
restrictions for applications setting to allow users to bypass IP restrictions, the
setting does not apply to Windows Phone or Windows Tablet users. If you restrict
login to a specific IP range, Windows Phone and Windows Tablet users must log in
from network locations within the range.
You can also disable the use of application passwords at any time. Then, if users
have created an application password, the application cannot be accessed because
the password is no longer effective.
Tip: Users can also prevent access to the application by revoking their application
password, which they can do at any time.
Organizations that do not use federated identity can disable the use of the
standard service password for mobile applications.
Chapter 4. Configuring the service
43
Procedure
1.
2.
3.
4.
Select Administration > Manage Organization.
In the navigation pane, under System Settings, click Security.
Under Password Settings, click Edit Settings.
Select Allow users to generate application passwords.
5. Select any of the following options that apply, and then click Save Changes.
Table 7. Application Password Options
Option
Result
Expiration
Select a password expiration interval or
select No expiration if you do not want
application passwords to expire.
Ignore IP range restrictions for applications Users will be able to access applications
from outside the organization's designated
IP range. However, they cannot access it
using the service login, they must use an
application password instead. For more
information about specifying IP address
ranges, refer to “Restricting the IP address
range” on page 42
Require applications to use application
passwords to access this site
This option restricts the supported
authentication flow to application
passwords. It prevents users from logging to
this site using their service login password.
This option does not display for
organizations that use federated identity.
Results
After you enable this feature, users can create and manage application passwords
in My Account Settings in the service. General information about how users
manage their application passwords is listed here.
v If enabled, users can generate an application password for the IBM Notes
Traveler.
v Application passwords can be shared across mobile products, including IBM
Traveler, IBM Sametime, and Connections Cloud.
v If you did not select the option Require applications to use application
passwords to access this site, then using an application password is optional for
users. However, if you have IP range restrictions enabled, they will not be able
to log in using their service password unless they are within the IP range.
v Application passwords are generated by the service when requested by users.
The generated passwords displays to the user only once, and cannot be
recovered.
v Users can revoke and generate a new application password at any time. There is
no limit to the number that can be generated.
v Passwords are generated using cryptographically strong random number
generator. They are 16 characters long, and not case sensitive. Users should enter
the password once into their device and allow the device to save the password.
v If there are ten failed login attempts, the account is locked for three minutes.
44
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
What to do next
If you selected Applications must use the generated password to access this site,
or if you allowed users to bypass the specified IP range, instruct them to generate
application passwords. For information on how users generate application
passwords see Application passwords for mobile access.
Authentication methods by client
The following table lists the authentication methods supported for each type of
IBM SmartCloud Notesclient.
Table 8. Authentication methods by SmartCloud Notes client
Authentication method
Supported clients
Cloud service account identity and
password
v SmartCloud Notes web
v IMAP clients
v IBM Notes Traveler devices
v FTP client that is used to connect to the
integration server to download journal
files or to upload change files to manage
user accounts
SAML Federated Identity
v SmartCloud Notes web
v Notes Traveler Android 9.0.1.3 and higher
client
Cloud service account identity with
application password
Notes Traveler devices
NRPC
IBM Notes
Research in Motion data center
authentication
BlackBerry® devices that access the service
through Hosted BlackBerry subscriptions
Password rules by authentication method
The following table summarizes the password rules and settings for each
supported IBM SmartCloud Notes client.
Chapter 4. Configuring the service
45
Table 9. Password rules and settings by authentication method
Authentication
method
Cloud service
account identity and
password
Password rules
Password expiration1 Password changes
v At least eight
characters
v Disabled by
default
v At least four
alphabetic
characters
v Administrators can
enable a password
expiration interval
of 30, 60, 90, 180,
or 365 days.
v At least one
non-alphabetic
character
v By administrator
v By user
v No spaces
v No more than two
consecutive
characters
v No match of any
of the eight
previous
passwords
v Cannot contain
user name or email
address
SAML Federated
Identity
Controlled by
company
16 characters
Cloud service
account identity and (non-case sensitive)
application password
NRPC
Controlled by
company
Controlled by
company
v Disabled by
default
v Password changes
not allowed
v Administrators can v Administrators or
enable
users can revoke
passwords and
users then generate
new ones
In service-only
v Disabled by
v By administrator
environments, and in
default
v By user
hybrid environments
v Administrators can
that do not use
enable through
policy security
SmartCloud
settings to configure
NotesAdministration
password
requirements, IBM
Notes ID passwords
must be at least eight
characters and have a
password quality of
8, on a password
quality scale of 0
(weakest) to 16
(strongest).
1
While it may seem that requiring passwords to expire provides more security,
most security experts believe the opposite is true. Password expiration often leads
to the use of simpler, more easily-guessed passwords, and to users writing down
passwords to remember them. A better policy is to use more complex password
phrases that do not expire, whenever possible. In addition to providing better
46
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
security, this policy also reduces the number of help desk calls generated from
users who forget their ever-changing passwords.
Configuring the name finder
Complete this procedure to configure how users find names in a directory.
Before you begin
Read the topic “Standard and Advanced Name Finder options” on page 49for
details about and a comparison of the Standard and Advanced name finder
options.
About this task
The name finder settings control how users find names in a directory. For example,
the settings are used when users find names by clicking the To link in a new mail
message or the Required link in a new meeting invitation.
Name Finder settings are not related to type ahead addressing, the feature that
automatically finds matches to names that users type in address fields.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings.
5. Click Name Finder.
6. Select options, as described in the following table:
Option
Description
Basic
The name finder lists all names in a
directory, in alphabetical order by surname.
Users type the first few characters of the
surname they are looking for, and the cursor
moves to the first matching name. From
there, users can use the scroll bar to find the
name.
This setting is the default and it applies to
Notes users and web client users.
Chapter 4. Configuring the service
47
Option
Description
Basic Quick Search Only
The name finder shows no names in a
directory, initially. Users type the first few
characters of a given name or surname and
click Search. The name finder then shows
directory entries whose surnames or given
names begin with the characters searched
for.
For example, a search for Jack can return
the names Jackie Roberts or Tony Jackson
but not Tony Blackjack.
This setting provides more flexibility for
finding names in large directories.
This setting applies to Notes users and web
client users.
Standard
Users search for names and search results
show directory entries that match. Unlike
the Basic and Basic Quick Search Only
options, users can sort the search results and
see details about the user entries that are
returned in search results.
This search capability applies to web client
users only.
Advanced
Users get the name finder capabilities of the
Standard option. In addition, they are able
to narrow search results by manager,
department, job title, location.
This option is available for hybrid
environments only.
This search capability applies to web client
users only.
Show user photos
Search results show user photos.
In service-only environments, the photos
come from IBM Connections Cloud user
profiles.
In hybrid environments, the photos can
come from IBM Connections Cloud user
profiles or from Person documents in an
on-premises directory. To use an on-premises
directory, clear the Use SmartCloud Engage
photos field.
This option is available when you select the
Standard or Advanced options.
The feature applies to web client users only.
48
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Option
Description
Browse corporate hierarchy
Users can browse a directory by hierarchy
categories that you assign to Person
documents in an on-premises Domino
directory.
This option is available for hybrid
environments when you select the Standard
or Advanced options.
The feature applies to Notes users and to
web client users.
Browse corporate hierarchy > Used ranked
sort order
Users can browse a directory by ranked
categories that you define in an on-premises
Domino directory by using the Domino
Japanese Extension (DJX) tool.
This option is available for hybrid
environments when you select the Standard
or Advanced options.
The feature applies to Notes users and to
web client users.
Results
The change usually takes effect within 15 minutes or less.
Standard and Advanced Name Finder options
The Standard and Advanced Name Finder configuration options provide several
features to help users to find names in directories.
The Standard option is available for service-only environments and hybrid
environments. The Advanced option is available for hybrid environments only.
The following table compares the features that are provided by each option. All of
these features are available for the web client. The features currently available for
the IBM Notes client are the browse features only. When you enable the Standard
or Advanced option, the Basic Quick Search Only search option is put in effect
for Notes client users.
Table 10. Comparison of the Standard and Advanced Name Finder configuration options
Feature
Standard Name Finder
Advanced Name Finder
Name search
Users can search by:
Users can search by:
v First name
v First name
v Last name
v Last name
v Notes full name
v Notes full name
v Internet address
v Internet address
v Short name
v Short name
v Alternate name
v Alternate name (if value
populated in directory)
v Phonetic name
v Phonetic name (if value
populated in directory)
Chapter 4. Configuring the service
49
Table 10. Comparison of the Standard and Advanced Name Finder configuration
options (continued)
Feature
Standard Name Finder
Advanced Name Finder
Search conditions to narrow
the results of name searches
Not available
Users can narrow name
searches by:
v Manager
v Department
v Job Title
v Location
Each condition added
narrows results further.
These fields must be
populated in Person
documents in the
on-premises directory.
Maximum search results
returned
200
200
Sort entries in search results
All users can sort results by:
All users can sort results by:
v Last name, first name
v Last name, first name
v First name, last name
v First name, last name
v Directory
v Directory
Users in hybrid
environments can sort results
by the following information,
if the corresponding fields
are populated in Person
documents:
Users can sort results by the
following information, if the
corresponding fields are
populated in Person
documents:
v Manager
v Job Title
v Job Title
v Department
v Department
v Location
v Manager
v Location
Show details about names in
search results
Show user photos from IBM
Connections Cloud user
profiles in search results
50
All users can see the
following details:
All users can see the
following details:
v User name
v User name
v Internet address
v Internet address
v Domain
v Domain
v Directory
v Directory
Users in hybrid
environments can see several
additional details, if the
fields are populated in
Person documents.
Users can see several
additional details, if the
fields are populated in
Person documents.
This feature requires users to
have a collaboration
subscription in addition to a
SmartCloud Notes
subscription.
This feature requires users to
have a collaboration
subscription in addition to a
SmartCloud Notes
subscription.
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Table 10. Comparison of the Standard and Advanced Name Finder configuration
options (continued)
Feature
Standard Name Finder
Advanced Name Finder
Shows user photos from
on-premises Person
documents
Available in hybrid
environments only and
requires a change to the
Domino directory design to
support photos in Person
documents.
Requires a change to the
Domino directory design to
support photos in Person
documents.
Browse entries in a directory
by categories that are defined
by use of the Domino
Corporate Hierarchy feature
Available in hybrid
environments for directories
with Person documents that
are assigned corporate
hierarchy categories. For
more information, see the
topic about categorizing a
user by corporate hierarchy
in the Domino
documentation.
Available for directories with
Person documents that are
assigned corporate hierarchy
categories. For more
information, see the topic
about categorizing a user by
corporate hierarchy in the
Domino documentation.
Browse entries in a directory
by ranking
Available in hybrid
environments. You use the
Domino Japanese Extension
tool (DJX) to configure the
directory to support this
option.
You use the Domino
Japanese Extension tool
(DJX) to configure the
directory to support this
option.
Basic name finder illustration
The following pictures illustrate finding names in a directory when the Basic name
finder option is enabled.
Chapter 4. Configuring the service
51
Basic Quick Search Only name finder illustration
The following pictures illustrate finding names in a directory when the Basic Quick
Search Only name finder option is enabled.
52
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Chapter 4. Configuring the service
53
Standard name finder illustration
The following pictures illustrate finding names in a directory when the Standard
name finder option is enabled.
54
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Configuring mail settings
There are several settings related to mail that you configure from SmartCloud
Notes Administration.
Changing the size limit for incoming messages
The service does not deliver inbound messages that are larger than 100MB, by
default. You can specify a different inbound message size limit. The limit applies to
all mail that is sent to users in the service.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings and then click Email Management.
5. Under Limit Message Size, specify the size limit for incoming messages.
Prevent automatic forwarding of messages
You can prevent users from using mail rules to automatically forwarding email to
external addresses.
About this task
Users can create mail rules that include the action send copy to, which
automatically forwards a copy of the email to other users. Select this option so that
mail addressed to users in domains that are not owned by your company are
ignored when the message is forwarded. Users can still forward email to any
address manually.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
Chapter 4. Configuring the service
55
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings and then click Email Management.
5. Under External Forwarding, select Do not allow automatic forwarding to
external addresses.
Specifying how Notes links display in the web client
You can specify how IBM Notes links, such as doc links, application links, and
view links, display in web client email.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings and then click Email Management.
5. Under Link Style, select how Notes document, view, and application links
display when users read mail in a browser:
Table 11. Link Style Options and Icons
Style
Description
Web links only
The default. Uses web addresses
(https://...). In email, the address displays
as an Internet icon:
Document link
View link
Application link
Notes links only
Uses Notes URLs (notes://...). In email, the
address displays as a Notes icon:
Document link
View link
Application links
Notes and web links
Uses both web and Notes addresses, and
includes both icons to represent each link.
Example of a link to a document:
Configuring how long mail remains in the Trash folder
When a user deletes a message from a mail file on a cloud server or the service
automatically deletes an older message, the message is moved to the Trash folder
where it remains for 14 days, by default. After 14 days, the message is
permanently deleted. You can change how long deleted mail remains in the Trash
folder. You can also prevent users from emptying the Trash folder themselves.
56
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
About this task
Documents that are deleted from the Trash folder cannot be recovered. While
deleted mail is in the Trash folder, users can restore it to its original folder.
The Trash folder can contain a maximum of 32,768 messages. If this limit is
reached, each message added to the Trash folder causes a message that has been in
the Trash folder the longest to be permanently deleted. This deletion occurs even if
a message has been in the Trash folder less time than the specified deletion
interval. Premature deletion from Trash stops when either manual or automatic
deletion of messages causes the number of messages in the Trash folder to fall
below the limit. This behavior is not common but can occur in mail files where
many messages are frequently received and deleted.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings and then click Email Management.
5. Under Configure Mail Retention in the Trash Folder, complete these fields to
manage mail in the Trash folder.
Table 12. Trash Folder Mail Retention Settings
Option
Description
Retain deleted messages for how many
days?
Enter a number from 14 - 90. The default
value is 14.
If you decrease an interval that was
previously set, then all messages that meet
the new criteria are deleted. For example, if
you decrease the interval from 20 days to 16
days, then mail in the Trash folder older
than 16 days is deleted.
Allow users to empty the Trash folder
When this option is selected, users can
permanently delete messages from the Trash
folder by clicking Empty Trash or by
selecting a message and deleting it.
This option is enabled by default. To prevent
users from deleting mail from the Trash
folder, deselect the option. Then, mail
remains in the Trash folder for the duration
specified in Retain deleted messages for
how many days? before being permanently
deleted.
Note: If you prevent users from deleting
mail in the Trash, IBM Notes client users can
still delete mail from the Trash on local mail
replicas. However, the deletion does not
carry over to the server mail file replicas.
Deleting older email and meetings
You can reduce the size of mail files and improve email usability by automatically
deleting older email messages and meetings. By default, email messages and
meetings remain indefinitely unless users delete them.
Chapter 4. Configuring the service
57
About this task
When you enable email deletion, you can:
v Control how many days messages and meetings remain before they are
processed for deletion.
v Exclude messages in user-created folders from automatic message deletion.
v Send reports of automatically deleted messages and meetings to specific user
addresses.
v Exclude the mail files of specific users from the automatic deletion.
Non-mail documents added by web client users, such as Person documents, are
not deleted.
Messages that are flagged for follow-up are not deleted, except for messages that
are flagged by the sender before being sent, which are deleted.
When email deletion is enabled, the service takes the following steps to delete
older messages and meetings:
1. Messages that are older than the Delete email after how many days? value are
moved temporarily to a folder created by the service. Meetings are moved to
the temporary folder when it is longer than the specified number of days since
the meetings occurred. Repeat meetings are processed based on the date of the
last meeting.
2. The default name of the folder to which deleted messages and meetings are
moved temporarily is *To Be Deleted*. You can specify a different name. Users
can prevent messages in this folder from being deleted by moving them to a
folder that is exempted from automatic deletion.
3. Messages and meetings are moved weekly from the temporary folder location
to the Trash folder. The service staggers this processing so that not all mail files
are processed at the same time. Users can prevent messages and meetings in
the Trash folder from being deleted by moving them to a folder that is
exempted from automatic deletion.
4. Messages and meetings are deleted from the Trash folder after 14 days, by
default. You can use the Retain deleted messages for how many days? setting
in the Configure Mail Retention in the Trash Folder section of the Email
Management window to change the number of days messages remain in the
Trash folder. After messages are deleted from the Trash folder, they cannot be
recovered.
The value of Delete email after how many days? plus the value of Retain deleted
messages for how many days? determine when messages are deleted from mail
files. For example, if the value of Delete email after how many days? is 365 and
the value of Retain deleted messages for how many days? is 90, messages are
permanently deleted from mail files after one year and three months (455 days).
Perform the following steps to enable and configure automatic deletion of older
email.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
58
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
4. Click Account Settings and then click Email Management.
5. Under Delete Older Email, select Enable email deletion.
6. Use the following settings to specify how to manage older email deletion:
Table 13. Mail Deletion Settings
Option
Description
Delete email after how many days?
Specify the number of days email messages
remain before being processed for deletion.
If no value is specified, 14 days is the
default value.
Keep email that is filed in folders.
Select this option to prevent mail that is
stored in all user-created folders from being
deleted.
Keep email only if it is in one of these
folders or their subfolders
Select this option to keep mail only
messages in specific folders or subfolders
from being deleted. In the Exempt Folders
box, specify the folder names, one name per
line.
To specify a single subfolder, enter
parentfolder\subfolder. For example, enter
Suppliers\Tools to prevent messages in the
\Tools subfolder from being automatically
deleted, but to allow messages in the
Suppliers parent folder and any other of its
subfolders to be deleted.
Folder name
Specify the name of a folder to temporarily
store messages that are targeted for deletion.
If the folder does not exist, the service
creates it. Messages remain in this folder for
a week and then are moved to the Trash
folder.
If you do not specify a folder name, the
name *To Be Deleted* is used.
Send email report of the number of emails
deleted to the following addresses
List the addresses of users you want to
receive email deletion reports.
Do not delete the email of the following
users
List the names of users you want to exempt
from mail deletion.
Enabling the ActiveX control for Internet Explorer users
The Internet Explorer ActiveX control provides mail enhancements to IBM
SmartCloud Notes web users who use Internet Explorer.
About this task
You enable use of the ActiveX control through SmartCloud Notes Administration
Account Settings. ActiveX is disabled by default to allow and encourage more
secure web browser configurations. If you enable ActiveX to provide additional
mail features to Internet Explorer users, be aware that doing so might result in less
secure browser configurations.
If you enable ActiveX, when users who use Internet Explorer log in to the
SmartCloud Notes service, they see prompts that allow them to install the ActiveX
control. The prompts refer to the ActiveX control as the IBM iNotes control.
Chapter 4. Configuring the service
59
After users install the control, they can do the following tasks:
v Make SmartCloud Notes web the default email client through Preferences.
v Send email from Windows Explorer, the desktop, or the Start menu.
v Create new email messages by clicking a Mailto:// link from external web
pages.
v Select multiple files to attach to an email, detach and save multiple attachments,
open attachments by double-clicking without having to save them first, and drag
multiple attachments to Windows Explorer or the desktop.
v Copy an image to the clipboard and then press Ctrl+V or click the image icon in
the message toolbar to paste the image into an email.
Note: Running Internet Explorer in Protected Mode can prevent users from being
able to save attachments, drag attachments from mail to the desktop, or set the
default mail client. For information about options to resolve this issue and about
Protected Mode, see IBM Technote 1655831. One option is to resolve the issue by
adding the mail server or domain as a trusted site. If you use this option, as the
trusted site, specify notes.<dc>.collabserv.com (where dc is your data center) or
*.collabserv.com.
Users might occasionally be prompted to install updates to the ActiveX control
when enhancements to the control are deployed in the service. If users do not
install an update, features that require the control are no longer available during
the current session. Users are prompted again to install the update when they next
log in to the service.
Complete the following steps to enable all web users who use Internet Explorer to
download and use the ActiveX control.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings.
5. Click Email & Calendar Options.
6. Select Enable ActiveX attachment control.
Related information:
IBM Technote 1655831
Specifying an SMTP server to route mail to the Internet
By default, the service routes mail that service users send to external users over the
Internet. You have the option to route this mail through a company-controlled
SMTP host server instead.
Before you begin
Prepare your on-premises environment. For more information, see “Preparing to
use a company SMTP server to route outbound Internet mail” on page 20.
60
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
About this task
Skip this procedure if you want the service to handle routing the mail that is sent
to external users. In this case (default behavior), the service filters the messages for
virus and spam before routing them to the Internet.
By using a company SMTP host server for external routing, you can act on
messages before routing them, for example, filter or audit messages. When you use
this feature, the service filters messages for viruses and spam and then routes them
directly to your designated SMTP host server. Messages addressed to any domain
that is not an internal, service-verified domain are routed to the SMTP host server.
The service uses Transport Layer Security (TLS) to route mail to the SMTP host
server if the host server uses TLS. The connection is made using STARTTLS over
SSL TCP/IP port 25.
Perform the following steps to specify the name of your SMTP host server in
Account Settings.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings > Email Management.
5. In the SMTP server field under Manage Routing to External Internet
Domains, enter an SMTP host name to use for routing.
6. Click Save.
Preparing to use custom mail file templates
You can apply a custom mail file template to mail files of service users. The
template must meet design requirements that minimize the risk and impact to your
users and to the service. You submit the template for approval to an IBM Software
Services for Collaboration representative.
About this task
The template design development can be done in-house or through a contract with
a third-party developer or an IBM representative. A short professional services
engagement with IBM Software Services for Collaboration is required to approve a
custom template.
A custom mail file template allows you to customize the design of user mail files.
It is also used to customize the mail file access of new mail files to enable
administrators or server-based agents to access them. Customized mail file access
is strongly recommended; without it only mail file owners and mail file delegates
can access mail files.
The following steps outline the high-level tasks and identify who is responsible for
developing and applying a custom template.
Procedure
1. Customer Contacts an IBM Software Services for Collaboration representative
to procure a statement of work.
Chapter 4. Configuring the service
61
This step should be done as soon as it is determined that the business requires
a custom mail template. This prior notice ensures that they are prepared to
validate the template soon after receiving it
2. Developer Reviews the design requirements for custom mail templates.
To be approved for use with the service, a custom mail template must meet
specific design requirements. For example, a custom template must contain
specific design elements from the standard mail template of a IBM Notes
version supported by the service. For information about template design
requirements, see the wiki article SmartCloud Notes Template Validation
Requirements.
3. Developer Designs and implements the template changes in the on-premises
environment. When preparing a custom template that is already in use, the
developer should:
v Assess and document the current customizations.
v Compare each customization to the standard mail template. Determine
whether each is still needed or if it can be deleted. If a customization is still
needed, determine whether it requires modification.
v Document the requirements for the new version of the custom template.
4. Customer Tests the template in the on-premises environment.
You are responsible for testing the template in your company environment to
ensure that it functions as intended.
5. Customer Emails a request to customization.analyzer@collabserv.com to be
set up for the Mail Analyzer application.
The email should include the Customer ID and also be sent to the IBM
Software Services for Collaboration representative. The customer receives a
confirmation email when setup is complete. The Mail Analyzer application is
used to do preliminary checks of the custom template.
6. Customer After receiving notification that the Mail Analyzer application setup
is complete, the customer emails the custom template to
customization.analyzer@collabserv.com to perform an automated analysis.
The customer receives an email summary of the results. This step can be
repeated as often as needed during the development and testing cycle.
7. Customer Submits the template to an IBM representative for a final manual
validation.
Template validation requires a short professional services engagement with
IBM Software Services for Collaboration.
8. IBM representative Validates the template and report results to the customer.
This step ensures that the template meets the template validation
requirements. The IBM representative sends the customer a short, written
report summarizing the assessment, and indicating approval or rejection.
9. IBM representative Loads the template to the service, after approval of the
template.
10. Company administrator Applies the template to user accounts.
When the template is approved, a company administrator for the service uses
SmartCloud Notes Administration to apply the template to the accounts of
new or existing users.
Alternatively, the template can be applied through the integration server and a
user provisioning change file. For more information, see the topic on creating
user provisioning change files in the integration server documentation.
Related tasks:
62
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
“Preparing customized mail file ACLs” on page 68
An important reason to customize mail file access is to allow administrators or
server-based agents to access mail files. Without customized mail file access, only
mail file owners and mail file delegates can access mail files.
“Configuring mail file templates”
Configure which mail file templates can be applied to user mail files and configure
a mail file template to use by default.
“Changing user mail file templates” on page 139
You can change the mail file template assigned to a user. For example, change the
mail template if the IBM Notes client of a user is upgraded to a new version.
Related information:
Integration server documentation
Handling execution security alerts caused by custom templates
The service signs a custom mail file template with a unique customer signature.
IBM Notes users that use a custom mail file template see an execution security
alert if the Execution Control List (ECL) on the client does not allow access to the
signature.
About this task
The first time Notes users authenticate with the service after the application of a
custom template, they see an execution security alert. The alert states that the
template signer, customerID LotusLive Template Signer/customercertifier, is
attempting to perform an ECL update action. Selecting Start trusting the signer
prevents all future alerts for the template signature.
For more information about execution security alerts, see the topic about the
execution control list in the Domino documentation.
Related information:
Domino documentation
Configuring mail file templates
Configure which mail file templates can be applied to user mail files and configure
a mail file template to use by default.
About this task
The service provides standard mail file templates to apply to user mail files.
Custom mail file templates that are designed for your company and approved by
an IBM Software Services for Collaboration representative might also be available
for use. Apply the mail file template after user provisioning.
Procedure
1. Log on to http://www.ibmcloud.com/social as a user with the Administrator
role.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. From SmartCloud Notes Administration, click Mail Templates.
5. Perform any of the following template management tasks.
Chapter 4. Configuring the service
63
Table 14. Mail template management tasks
Task
Steps
Additional information
Select a mail template
to apply to new user
accounts by default.
1. Click Custom Mail Templates
or Standard Mail Templates.
If you do not select a
default template, the most
recent English version of the
standard template is used as
the default.
2. Select a template.
3. Click Set as default
You can change the mail
template after you add a
new user, as necessary.
Download a template to 1. Click Custom Mail Templates
make design changes to
or Standard Mail Templates.
it.
2. Select a template.
3. Click Download.
Remove a custom
1. Click Custom Mail Templates.
template from the list of
2. Select a template.
available templates.
3. Click Delete Selected.
When the design changes
are complete, you must
submit the template to an
IBM Software Services for
Collaboration representative
for approval before it can be
applied to user mail files.
Remove a template if it is
no longer used. If you
remove a template that is
currently assigned to a user,
you should assign a new
one.
Be careful when removing a
template. If you change
your mind, you must
contract the services of IBM
Software Services for
Collaboration to add it back.
Related tasks:
“Changing user mail file templates” on page 139
You can change the mail file template assigned to a user. For example, change the
mail template if the IBM Notes client of a user is upgraded to a new version.
“Preparing to use custom mail file templates” on page 61
You can apply a custom mail file template to mail files of service users. The
template must meet design requirements that minimize the risk and impact to your
users and to the service. You submit the template for approval to an IBM Software
Services for Collaboration representative.
“Viewing assigned mail file templates” on page 137
You can view the mail file template that is assigned to a service user.
Using extension forms files to customize the look of the web
client
You can use an extension forms file to customize the visual theme, fonts, the action
bar, and other aspects of the web client. For example, you can add graphics,
change colors, and add new menu items.
Before you begin
Read the topic “Extension forms file requirements” on page 66.
64
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Note: IBM reserves the right to disable any extension forms file that causes a
degradation in the service.
About this task
Deploying an extension forms file in the service requires a brief service contract
with an IBM Software Services for Collaboration representative. The representative
validates extension forms files to ensure that they comply with requirements that
reduce risk to your users and to the service. Once approved, the IBM
representative uploads the extension forms file to the service for your use. You can
deploy more than one extension forms file and apply each to different users.
Extension forms files must be based on the IBM iNotes 9.0 Social Edition
forms9_x.ntf template that is downloaded from the service.
To deploy an extension forms file in the service, perform the following steps.
Procedure
1. Download the extension forms template or a currently deployed extension
forms file from the service:
a. Log in to the service as an administrator.
b. If your account has the user role, click Admin > Manage Organization.
c. In the System Settings section of the navigation pane, click IBM
SmartCloud Notes.
d. Click Extension Forms Files.
e. Perform one of the following steps:
v To use the default design as a starting point, click Extension Forms
Templates and download the template file.
v To download an extensions forms file that is already deployed, select the
file in the Extension Forms File page and click Download.
2. If you download the extension forms template in the previous step, use the
template to create the extension forms file.
3. To transfer changes in an extension forms file currently used at your company
to the extension forms file used in the service:
v Assess and document the design changes in the on-premises extension forms
file.
v Note any design changes that are no longer needed and can be deleted.
v Determine whether the remaining design changes in the on-premises
extension forms file are supported in the service or need modification.
v Document the changes to the new extension forms file that are required.
4. Make the design changes to the extension forms file to be used in the service.
5. Test the design changes on an IBM Domino iNotes server in the on-premises
environment:
Note: You might want to install and set up a test server for this purpose.
a. In a Mail Settings document applied to a policy, click IBM iNotes and in
the Basics tab, add the name of the extension forms file to the Extension
Forms File Name field.
This step is needed only if the extension forms file name is not
Forms9_x.nsf, or if you want to use a policy to enable the forms file for
specific users.
Chapter 4. Configuring the service
65
b. Use the following server command to flush the server database cache:
dbcache flush
c. Copy the extension forms file to the iNotes directory under the server data
directory.
d. Use the following server command to stop and restart the HTTP task:
tell http restart
e. Start a web browser and clear the browser cache.
f. Test the changes from the browser.
6. Submit the extension forms file to an IBM Software Services for Collaboration
representative for validation.
The IBM representative validates the extension forms file and sends you a
summary report that indicates whether the extension forms file is approved.
After it is approved, the IBM representative uploads the extension forms file to
the service.
What to do next
Assign the extension forms file to users.
Related tasks:
“Assigning extension forms files to users” on page 140
After an IBM representative uploads an approved extension forms file to the
service, you can assign the forms file to users. Extension forms file enable you to
customize the visual theme, fonts, the action bar, and other aspects of the web
client.
“Preparing to use custom mail file templates” on page 61
You can apply a custom mail file template to mail files of service users. The
template must meet design requirements that minimize the risk and impact to your
users and to the service. You submit the template for approval to an IBM Software
Services for Collaboration representative.
Extension forms file requirements
Before you develop an extension forms file to customize the web client, be aware
of the requirements. You can use multiple extension forms files, each applied to
different sets of users.
v Extension forms files must be based on the IBM iNotes 9.0 Social Edition
forms9_x.ntf template that you download from the service.
v Extension forms files can reference only mail files within the IBM SmartCloud
Notes service. In particular, they cannot reference IBM Notes databases on
on-premises servers or images on web servers outside the service.
v Customization must be self-contained. Any resources, such as images, style
sheets and JavaScript, must be included in the Extension Forms File. References
to external sources are not allowed. Customization such as ActiveX controls or
Java classes where the source code cannot be inspected are also not allowed.
v Local encryption must be disabled on extension forms file databases:
1. From Notes, open the extension forms file database.
2. Click File > Application > Properties.
3. Click Encryption Settings. If the text Current encryption
strength :
None is shown in the dialog box, the database is not encrypted. If the
database is encrypted, complete the remaining steps.
4. Click Do not locally encrypt this database.
5. Close the extension forms file database.
66
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
6. Open the database. A progress bar is shown as the database is unencrypted.
7. Repeat steps 2 and 3 to verify that the database is unencrypted.
You can use an extension forms file to make the following types of changes to the
web client:
v Modify the visual theme in the following ways:
– Override CSS styles.
v
v
v
v
– Override gradient fill color specifications.
– Replace images. New images must be in the extension forms file.
Add fonts to the rich text editor that is used when users create email messages,
calendar entries, and so forth.
Add fields to documents such as mail messages and calendar entries.
Add, remove, or modify items in the action bar menu.
Use global settings to extend the session information, for example, override a
preference setting or read a profile note field.
v Add JavaScript code to the document save function to verify items when
documents are saved or sent.
You can customize the following subforms in an extension forms file:
Table 15. Subforms that can be customized
Subform
Purpose
Custom_Common_Utils
Adds functions that are called from
Custom_JS.
Custom_CSS
Adds new CSS styles.
Custom_JS
Contains callback functions to use to add or
remove action bar items, add code when
pages are displayed or submitted. This
subform is used for forms that use an older
architecture. Most of the code uses the
newer forms, however a few older forms
remain.
Custom_JS_Edit
Adds fonts to the rich text editor.
Custom_Name_Lite
The code to display names in Korean
format.
Custom_Page_Dictionary
Adds new variable values for use with the
Custom_CSS subform.
Custom_WelcomePage
Adds choices for the Welcome Page.
Custom_Page_Dictionary
Adds variable values that are available for
use in the Custom_CSS subform.
Custom_xxx_Dictionary
These custom dictionary subforms are
included with each main area form, Mail,
Calendar, ToDo, and so forth, to allow easier
inclusion of new NotesFields and NotesVars.
Custom_LazyLoad_Subforms
Adds custom code to the lazy load table.
Custom_Logout
Adds custom code that runs on logout.
Custom_About
Displays the forms file version and a
user-specified file version number in the
client console log when the client starts.
Custom_SessionInfo
Add items to the iNotes session info object.
Chapter 4. Configuring the service
67
Preparing customized mail file ACLs
An important reason to customize mail file access is to allow administrators or
server-based agents to access mail files. Without customized mail file access, only
mail file owners and mail file delegates can access mail files.
About this task
To customize mail file access, modify the access control list (ACL) in a custom IBM
Notes mail file template. Then, apply the custom template to the new mail files
when you provision users for the service. Using a custom mail file template
requires a short service contract with IBM Software Services for Collaboration to
approve and upload the template to the service.
Important: It is important to customize mail file ACLs before users are
provisioned. After users are provisioned, you can no longer use the ACL to change
access to their mail files. At that point, the mail file ACL is changed only indirectly
in the following circumstances:
v A user is given access to a mail file through mail file delegation.
v A user's name changes, which causes the name to change in the mail file ACL.
(Renaming a group does not update a group name in the ACL.)
Note the following additional restrictions to ACLs of mail files in the service:
v You cannot use the following ACL group entries that are seen in traditional IBM
Domino environments: LocalDomainAdmins, LocalDomainServers, and
OtherDomainServers. If you add these entries, they are stripped from ACLs.
v To allow administrators to access mail files, add a group to the directory that
includes their names, and then add the group to mail file ACLs.
v Editor access is the highest level of access that is allowed for any ACL entry. If
you give a user or group Manager or Designer access, the access is lowered to
Editor. The user or group does not become a mail file delegate.
v The mail file owner always has Editor access and you cannot change this access.
You can give another user or group Editor access. In this case, they become mail
file delegates, by default. You can prevent people with Editor access from
becoming delegates. To do so, assign them the [ExcludeDelegate] role in the
ACL.
v You can use the following types of ACL entries: Person, Person group, Server
group, Mixed group, or Unspecified.
v Server type entries are not allowed. If you add them, they are stripped from
ACLs.
v You cannot customize the -Default- and Anonymous entries. These entries are
always set to No Access.
To use a custom mail file template to modify mail file ACLs, add entries that are
enclosed in brackets [ ] to the ACL of the custom mail file template. The ACLs of
the new mail files in the service inherit the entries in brackets. For example, to give
Editor access to the group SCN Administrators, add [SCN Administrators] to the
ACL, select Editor access and the type Person group or Mixed group . If you
apply the custom mail file template when you provision Samantha
Daryn/Renovations with a brand new mail file in the service, her mail file ACL
includes the following entries:
68
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
-Default- (No Access)
Anonymous (No Access)
Samantha Daryn/Renovations (Editor)
SCN Administrators (Editor)
SaaSLocalDomainServers1
Mail1/SCN/Renovations2
1
This group is reserved for use in the service. Do not create a group by this name
on-premises, or a group that begins with the characters SaaS.
2
This entry is the name of a user's home mail server in the service.
Related tasks:
“Configuring mail file templates” on page 63
Configure which mail file templates can be applied to user mail files and configure
a mail file template to use by default.
“Preparing to use custom mail file templates” on page 61
You can apply a custom mail file template to mail files of service users. The
template must meet design requirements that minimize the risk and impact to your
users and to the service. You submit the template for approval to an IBM Software
Services for Collaboration representative.
Related information:
Using server-based agents in a SmartCloud Notes hybrid environment
SmartCloud Notes Template Validation Requirements
Configuring email filters and reporting
Use email filter and reporting features to control and manage the delivery of
specific inbound Internet mail.
About this task
The following table summarizes the filter and reporting features that are available.
The table briefly describes each feature, indicates which clients support each
feature, and indicates the method to enable each feature. These features apply to
Internet mail that is addressed to a domain owned by your company for which the
service manages inbound routing. In a service-only environment, the service
manages inbound routing for all of your company’s verified Internet domains.
Table 16. Summary of email filter and reporting features
Feature
Description
Supported clients
Method to enable
Email filters for
inbound Internet
mail
Use filters to control All clients
the delivery of mail
from specific
addresses, mail with
newsletter content, or
mail that matches the
service Spam filter.
SmartCloud Notes
Administration
Junk Mail Reports
Send periodic reports All clients
to users that list
messages recently
delivered or moved
to the Junk folder.
SmartCloud Notes
Administration
Chapter 4. Configuring the service
69
Table 16. Summary of email filter and reporting features (continued)
Feature
Description
Supported clients
Method to enable
Customized Junk
Mail Reports
Customize or
translate text in Junk
Mail Reports.
All clients
Custom mail file
template ¹
Customized Remove
sender from Junk
list option
For specific senders,
allow users to
override a filter that
delivers the senders'
mail to the Junk
folder.
Notes client, web
client
Notes client: Custom
mail file template ¹
Report as Spam
option.
Provides a menu
option to use to
report spam.
Notes client, web
client
Web client: Available
automatically, no
enablement needed
Notes client: Custom
mail file template ¹
Web client:
SmartCloud Notes
Administration
¹ This option requires a short service contract with an IBM Software Services for
Collaboration representative to deploy a custom mail file template in the service.
Related tasks:
“Preparing to use custom mail file templates” on page 61
You can apply a custom mail file template to mail files of service users. The
template must meet design requirements that minimize the risk and impact to your
users and to the service. You submit the template for approval to an IBM Software
Services for Collaboration representative.
Related information:
IBM Software Services for Collaboration web page
Configuring email filters for inbound Internet mail
Configure email filters to allow users to receive email from people whose messages
would otherwise be blocked or to block email that is not normally blocked but that
your users do not want to receive.
About this task
You can create address filters that filter based on sender address. You can also
create keyword filters that filter based on email category. Newsletter is the only
keyword category currently supported. You can create multiple address filters but
just one newsletter filter.
In addition to creating filters, you can customize the service spam filter by
allowing email that matches the filter to be delivered to the Inbox or the Junk
folder. Delivering email that matches the service spam filter to the Inbox is not
recommended unless your company applies its own filtering software to mail
before it is routed to the service.
The number of all filters, excluding the spam filter, cannot exceed 100.
The service malware and anti-virus filters are not configurable and take precedence
over all other filters.
Perform the following steps to configure email filters for inbound Internet mail.
70
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings and click Email Filters.
5. To create a filter:
a. Click a type of filter:
Table 17. Types of filters
Filter type
Description
Address Filter
Use to filter by sender address.
To allow or block email for a specific user,
type the user's address, for example,
branney@renovations.com.
To allow or block email for multiple
addresses in a domain, use an address
expression that contains one or more
asterisks (*), for example,
*@renovations.com.
To separate multiple address entries in a
filter, type a comma (,) or press Enter.
Each address or address expression must
contain one at sign (@).
Keyword Filter
Use to filter by email category. The category
that is currently supported is newsletter,
which filters newsletters and other
automated email.
You can enable one newsletter filter.
By default, the service delivers newsletters
to the Inbox.
b. Click a delivery option.
Table 18. Filter delivery options
Filter delivery option
Description
Allow
Deliver mail that matches the filter to the
Inbox.
Filter
Deliver mail that matches the filter to the
Junk folder.
Block
Prevent delivery of mail that matches the
filter.
c. Click OK.
6. To control the delivery of mail that matches the service spam filter, click
System Filter, click Edit, and then click Allow, Filter, or Block.
By default, the service blocks mail that matches the spam filter.
Chapter 4. Configuring the service
71
Note: The Allow option is intended for companies that apply their own
filtering software to mail before it is routed to the service.
7. If you configure more than one filter, drag them or use the arrows to order
them by precedence.
The service evaluates the list of filters from top to bottom. The first filter that
matches a particular message is applied to it, and that message is not evaluated
further.
8. Click Save Changes.
Results
The changes take effect immediately.
Effort is taken to avoid the inclusion of legitimate email such as order and flight
reservation confirmations, invoices, or other mail lists in the newsletter filter.
However, if users consider an email that matches the newsletter filter or another
filter to be legitimate, and you configure the filter to deliver matching email to the
Junk folder, users can use the Remove Sender from Junk List option. Selecting
this option delivers future email from a sender to the Inbox.
Example
The following table provides examples of addresses that match and do not match
rules in address filters.
Table 19. Examples of matching and non-matching addresses
Address rule
Matching addresses
Non-matching addresses
branney@renovations.com
branney@renovations.com
b.ranney@renovations.com
branney@ny.renovations.com
*ranney@renovations.com
ranney@renovations.com
branney@renovations.com
b_ranney@renovations.com
wm.ranney@renovations.com
branney@ny.renovations.com
*.ranney@renovations.com
b.ranney@renovations.com
wm.ranney@renovations.com
b.ranney@ny.renovations.com
branney@renovations.com
b_ranney@renovations.com
*@renovations.com
branney@renovations.com
s.daryn@renovations.com
asingh@bos.renovations.com
cfield@ny.renovations.com
*@*.renovations.*
asingh@bos.renovations.com
cfield@ny.renovations.com
asingh@bos.renovations.net
cfield@ny.renovations.us
branney@renovations.com
s.daryn@renovations.com
The following table provides an example filter configuration that blocks spam and
then blocks the delivery of email that is sent from asingh@bos.renovations.com
and cfield@ny.renovations.com.
Table 20. Example of filter configuration that blocks spam and then blocks email from
specific addresses
72
Number
Filter name
Rule
Action
1
Spam: System Filter
Spam as defined by the service
Block
2
Addresses: Two
renovations addresses
asingh@bos.renovations.com
cfield@ny.renovations.com
Block
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
The following table provides an example filter configuration that blocks spam, then
blocks email from any subdomain of renovations.com (for example, email from
cfield@ny.renovations.com but not branney@renovations.com), and then allows
newsletters to be delivered to the Junk folder.
Table 21. Example of filter configuration that blocks spam and blocks email from a
subdomain and allows newsletters
Number
Name
Rule
Action
1
Spam: System Filter
Spam as defined by the service
Block
2
Addresses: Renovations
subdomains
*@*.renovations.com
Block
3
Keywords: Newsletters
Newsletters as defined by the
service
Filter (deliver
to Junk folder)
The following table provides an example filter configuration that blocks email from
branney@renovations.com and s.daryn@renovations.com, then allows all other
email from the renovations.com domain, and then delivers spam to the Junk
folder. Email from renovations.com that matches the spam filter is delivered to the
Inbox because in this case processing stops after the second filter is applied.
Table 22. Example of filter configuration that blocks email from specific addresses in a
domain, allows other addresses in the domain, and then delivers spam to the Junk folder.
Number
Filter name
Rule
Action
1
Addresses: Two
renovations addresses
branney@renovations.com
s.daryn@renovations.com
Block
2
Addresses: Renovations
*@renovations.com
Allow (deliver
to Inbox)
3
Spam: System Filter
Spam as defined by the service
Filter (deliver
to Junk folder)
Enabling Junk Mail Reports
Enable Junk Mail Reports to send users periodic email reports that list the
messages that were recently added to the Junk folder.
Before you begin
Optionally customize the text in Junk Mail Reports by deploy a custom mail
template.
About this task
Junk Mail Reports report messages that the service delivers to the Junk folder. For
example, if you configure the newsletter filter to deliver newsletter-type email to
the Junk folder, the newsletter emails are reported. Junk Mail Reports also report
messages that users move to the Junk folder, either manually or through other
means such as mail rules.
Junk Mail Reports list and link to messages added to the Junk folder since the last
report. Reports identify messages by delivery date and time, sender, and subject.
Reports include the following introductory paragraph, by default:
The following messages have recently been put in the Junk
folder. From the Junk folder you can move messages to
your Inbox, delete them, or remove senders from the junk list.
Chapter 4. Configuring the service
73
You configure how frequently to send reports. Reports can be sent as frequently as
every hour or as infrequently as once a week.
All users receive Junk Mail Reports, regardless of the client they use.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings.
5. Click Email Filters.
6. Select Send periodic junk mail reports to all users.
7. Specify a reporting interval, in hours. You can specify a value from 1 hour to
168 hours (once a week).
8. Click Save Changes.
Related tasks:
“Customizing the text in Junk Mail Reports”
If you enable periodic Junk Mail Reports to be sent to users, you can optionally
use a custom Notes mail template to translate or customize the text in the reports.
This custom template can be applied to the mail file of any SmartCloud Notes
user, regardless of the client used.
Customizing the text in Junk Mail Reports
If you enable periodic Junk Mail Reports to be sent to users, you can optionally
use a custom Notes mail template to translate or customize the text in the reports.
This custom template can be applied to the mail file of any SmartCloud Notes
user, regardless of the client used.
Before you begin
Understand the process for deploying customized mail templates. For information,
see the topic “Preparing to use custom mail file templates” on page 61.
About this task
To customize the text in Junk Mail Reports, you use IBM Domino Designer to add
a hidden form, (JunkReport), to the mail template. Then you add customized text
strings to the form. This form is used only to generate the custom text and is not
displayed to users.
Customizing the mail template requires a short service contract with an IBM
Software Services for Collaboration representative. The representative validates the
design changes you make and then uploads the approved template to the service
for you to use. The IBM representative provides a custom Notes 8.5.3 template,
mail85_esm1018.ntf, that has the required design changes. You can use the
template as a reference and copy design elements from it.
If you do not customize the text in Junk Mail Reports, the English default text is
used.
Note: The following procedure assumes that you customize a Notes 8.5.3 template.
You can customize a different version of the template as long as it is for a version
74
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
of Notes that the service supports. The procedure to customize a different version
of the template might be slightly different.
Procedure
1. Download the mail template to use as the starting point for making the design
changes:
v If you do not currently used a custom version of the standard Notes 8.5.3
mail template, from SmartCloud Notes Administration, click Mail
Templates, click Standard Mail Templates, browse the list of templates and
select the StdR85Mail template for version 8.5.3 in the desired language, and
click Download.
v If you currently use a custom version of the standard Notes 8.5.3 mail
template, from SmartCloud Notes Administration, click Mail Templates,
click Custom Mail Templates, select the custom template, and click
Download.
2. From Domino Designer, open the mail85_esm1018.ntf template given to you
by the IBM representative.
Double-click Forms.
Right-click (JunkReport) and click Copy.
Open the 8.5.3 mail template that you downloaded from the service.
Double-click Forms.
Right-click anywhere in the list of forms and click Paste to add the
(JunkReport) form.
8. When asked if you want the form to be automatically updated, click No.
9. Perform the following steps to customize or translate each text field in the
form:
3.
4.
5.
6.
7.
a. Double-click the (JunkReport) form.
b. Click a text field and edit the default value shown in the programmer
pane.
v Expand the programmer pane if you do not see it.
v Keep quotations marks (") around the text.
The following table describes the text fields that you can customize.
Table 23. Text fields to customize in a Junk Mail Report
Text to customize
Default text
Text field
Label for the subject of the
report
Junk Mail Report
junkTitleLabel
Introductory text in the
report
The following messages have
recently been put in the Junk
folder. From the Junk folder
you can move messages to
your Inbox, delete them, or
remove senders from the
junk list.
JunkGreetingLabel
JunkGreetingLabel2
Label for the sender of each
reported email.
Sender
junkSenderLabel
Label for the subject of each
reported email.
Subject
junkSubjectLabel
Each field has a
256-character limit. Use
JunkGreetingLabel2 if your
text exceeds 256 characters.
The content of the two fields
is concatenated without a
space. Add a space if
necessary.
Chapter 4. Configuring the service
75
Table 23. Text fields to customize in a Junk Mail Report (continued)
Text to customize
Default text
Text field
Label for the document link
to each reported email
Link to email in the Junk
folder
junkDocLinkLabel
10. Click File > Save.
What to do next
Submit the customized 8.5.3 template to an IBM Software Services for
Collaboration representative to validate the template and then upload the
approved template to the service. After the custom template is uploaded, you can
apply it to users.
Related information:
IBM Software Services for Collaboration web page
Customizing the Remove Sender from Junk List action for Notes
users
You can customize the Remove Sender from Junk List option for IBM Notes
users. The customized option allow users to override email filters that deliver mail
to the Junk folder, on a per-sender basis.
About this task
This feature is useful if your email filter configuration causes mail to be delivered
to the Junk folder.
The feature requires a custom mail file template. The design changes apply only to
Notes users. The feature is automatically available to web client users. The feature
is not available to users who access mail through IMAP clients or mobile devices.
Customizing the mail template requires a short service contract with an IBM
Software Services for Collaboration representative. The representative validates the
design changes you make and then uploads the approved template to the service
for you to use. The IBM representative provides a custom Notes 8.5.3 template,
mail85_esm1018.ntf, that has the required design changes. You can use the
template as a reference and copy design elements from it.
Note: The following procedure assumes that you customize a Notes 8.5.3 template.
You can customize a different version of the template as long as it is for a version
of Notes that the service supports. The procedure to customize a different version
of the template might be slightly different.
The following table compares the junk mail feature in the standard 8.5.3 template
to the feature in the customized template.
76
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Table 24. Comparison of the standard template and the custom template
Task
Remove selected email from
the Junk folder and deliver
future mail from the sender
to the Inbox.
Steps when the standard
template is used
Steps when the custom
template is used
1. From the Junk folder,
click More > Remove
sender from Junk list.
1. From the Junk folder,
click the Remove sender
from Junk list action.
2. At the prompt Do you
want to remove sender
from the Junk Mail
List?, click Yes.
2. At the prompt Do you
want to stop sending
mail from this user to
the Junk folder? sender,
click Yes.
These steps do not affect
filtered email that the service These steps do affect filtered
email that the service
delivers to the Junk folder.
delivers to the Junk folder.
Remove addresses from the
list of addresses whose mail
is sent to the Junk folder.
From the Junk folder, click
the Manage Junk Mail
Sender’s List action.
From the Junk folder, click
More > Manage Junk Mail
Sender’s List.
Procedure
1. Download the mail template to use as the starting point for making the design
changes:
v If you do not currently used a custom version of the standard Notes 8.5.3
mail template, from SmartCloud Notes Administration, click Mail Templates,
click Standard Mail Templates, browse the list of templates and select the
StdR85Mail template for version 8.5.3 in the desired language, and click
Download.
v If you currently use a custom version of the standard Notes 8.5.3 mail
template, from SmartCloud Notes Administration, click Mail Templates, click
Custom Mail Templates, select the custom template, and click Download.
2. Add the (AllowUser) subform:
a. From Domino Designer, open mail85_esm1018.ntf.
b. Double-click Shared Elements > Subforms.
c. Right-click (AllowUser) and click Copy.
d. Open the 8.5.3 mail template.
e. Click Shared Elements > Subforms.
f. Right-click and select Paste.
g. When asked if you want the subform to be automatically updated, click No.
h. Optional: To translate the text displayed by this subform, double-click the
(AllowUser) subform and in the field dspTxt in the programmer pane,
change the content of the sentenceTxt: variable.
i. Click File > Save.
3. Modify the (JunkUser) subform:
a. From the 8.5.3 mail template, double-click Shared Elements > Subforms.
b. Double-click (JunkUser).
c. For consistency, in the static text string, change Junk Mail Folder to Junk
folder. The status text then becomes:
Mail from this address will be delivered directly to your Junk folder.
d. Click File > Save.
4. Import a modified version of the blockUserRule script library:
Chapter 4. Configuring the service
77
a. Click File > Preferences, click Domino Designer > LotusScript Editor, clear
the Use Eclipse-based LotusScript editor setting, and click Apply and OK.
b. Open mail85_esm1018.ntf.
c. Double-click Code > Script Libraries.
d. Double-click the BlockUserRule library.
e. Click once in the programmer pane next to the line that reads Option
Public.
f. Click File > Export.
g. In the File Name box, type c:\library.lss and click Export.
h. When prompted, click All objects and click OK.
i. Open your 8.5.3 mail template.
j. Double-click Code > Script Libraries.
k. Double-click the blockUserRule library.
l. Click once in the programmer pane next to the line that reads Option
Public.
m. Look at the Use "Rules" text after Option Public. If the text includes a
language tag, write down the text or copy it to the clipboard. Examples of
text with language tags are Use "Rules-GR" or Use "Rules_el_translated".
n. Click File > Import.
o. In the File Name box, type c:\library.lss and click Import.
p. When prompted, click Yes to All.
q. If you wrote or copied rules text containing a language tag in step 3m,
replace the Use "Rules" text with rules text containing the language tag.
r. Click the ESC button on your keyboard and click Yes to save the changes.
s. Click Tools > Recompile All LotusScript and click OK.
t. When compiling is complete, click OK. The compiling takes a few minutes.
5. Optional: If your template is not the English version, perform the following
steps to translate text strings in the updated blockUserRule script library:
a. Open the blockUserRule script library.
b. Click the (Declarations) event.
c. Find the text Function GetString.
d. Translate all the strings under that function.
e. Click File > Save.
6. Delete the existing Not Junk Mail action from the ($JunkMail) folder; the action
is not currently used:
a. Open the 8.5.3 mail template.
b. Double-click Folders and double-click ($JunkMail).
c. In the Actions pane, right-click Not Junk Mail and click Delete.
7. Change the location of the Remove sender from Junk List action:
a. In the 8.5.3 mail template, double-click the ($JunkMail) folder.
b. Click the More action to expand it.
c. Drag the Remove sender from Junk List action and place it directly below
the Delete All action, as shown in the following screenshot:
78
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
8. Change the location of the Manage Junk Mail Sender’s List action in the
($JunkMail) folder:
a. Drag the Manage Junk Mail Sender’s List action to the More menu, directly
below the double bar, as shown in the following screenshot:
9. Click File > Save to save the modified ($JunkMail) folder.
What to do next
Submit the customized 8.5.3 template to an IBM Software Services for
Collaboration representative to validate the template and then upload the
approved template to the service. After the custom template is uploaded, you can
apply it to users.
Related tasks:
“Preparing to use custom mail file templates” on page 61
You can apply a custom mail file template to mail files of service users. The
template must meet design requirements that minimize the risk and impact to your
users and to the service. You submit the template for approval to an IBM Software
Services for Collaboration representative.
Related information:
IBM Software Services for Collaboration web page
Enabling the Report as Spam feature
Enabling the Report as Spam feature provides users with a menu option for
reporting spam.
About this task
Because the nature of spam changes frequently, forms of new spam can slip past
the spam filters in the service and be delivered to a user. If you enable the Report
as Spam feature, users can report spam by selecting the spam email and clicking
More > Report as Spam. The message is reported and then moved to the Junk
folder. A user can click More > Deliver Sender's Mail to Junk to ensure that mail
from the sender of the spam is automatically delivered to the Junk folder in the
future.
Chapter 4. Configuring the service
79
The service evaluates reported spam to determine whether to include it in the list
of spam filters. Reporting spam can help reduce its occurrence in the future.
The service does not treat newsletters and event invitations as spam.
To enable the Report as Spam feature for web client users, use SmartCloud Notes
Administration. To enable the feature for IBM Notes users, use a custom Notes
mail template. The Report as Spam feature is not available to users who access
mail through IMAP clients or mobile devices.
Users can report spam without using the Report as Spam feature by saving a
message as an .eml file and mailing the file to a specific address in the service.
Enabling the Report as Spam feature for web client users:
Use a setting in SmartCloud Notes Administration to enable the Report as Spam
feature for web client users.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings.
5. Click Email Filters.
6. Select Display Report as Spam control to end users.
7. Click Save Changes.
Results
Web client users can see the More > Report as Spam option the next time they log
in to the service.
Enabling the Report as Spam feature for Notes users:
You can enable the Report as Spam feature for IBM Notes users through the use of
a custom Notes mail template.
About this task
Customizing the mail template requires a short service contract with an IBM
Software Services for Collaboration representative. The representative validates the
design changes you make and then uploads the approved template to the service
for you to use. The IBM representative provides a custom Notes 8.5.3 template,
mail85_esm1018.ntf, that has the required design changes. You can use the
template as a reference and copy design elements from it.
Note: The following procedure assumes that you customize a Notes 8.5.3 template.
You can customize a different version of the template as long as it is for a version
of Notes that the service supports. The procedure to customize a different version
of the template might be slightly different.
80
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Procedure
1. Download the mail template to use as the starting point for making the design
changes:
v If you do not currently used a custom version of the standard Notes 8.5.3
mail template, from SmartCloud Notes Administration, click Mail
Templates, click Standard Mail Templates, browse the list of templates and
select the StdR85Mail template for version 8.5.3 in the desired language, and
click Download.
v If you currently use a custom version of the standard Notes 8.5.3 mail
template, from SmartCloud Notes Administration, click Mail Templates,
click Custom Mail Templates, select the custom template, and click
Download.
2. From Domino Designer, open mail85_esm1018.ntf.
3. If the action pane is not open, click View > Action Pane.
4. Click Code and double-click Shared Actions.
5. Right-click the Report as Spam.. action and click Copy.
6. Open the 8.5.3 mail template that you downloaded from the service.
7. Paste the Report as Spam action into your mail template:
a. Click Code and double-click Shared Actions.
b. Click anywhere in the list of shared actions and click Paste.
8. Insert the Report as Spam action into the ($Inbox) folder:
a. Click Folders and double-click ($Inbox).
b. In the action pane, expand More and right-click Views-Deliver Sender's
Mail to Junk.
c. Click Insert Shared Action.
d. Select Report as Spam.. and click Insert.
e. Click File > Save.
9. Insert the Report as Spam action into the ($JunkMail) folder:
a. Click Folders and double-click ($JunkMail).
b. In the action pane, expand More and right-click Views-Deliver Sender's
Mail to Junk.
c. Click Insert Shared Action.
d. Select Report as Spam.. from the list, click Insert, and click Done.
e. Click File > Save.
10. Insert the Report as Spam action into the ($All) (All Documents) view:
a. Click Views and double-click ($All).
b. In the action pane, expand More and right-click Views-Deliver Sender's
Mail to Junk.
c. Click Insert Shared Action.
d. Select Report as Spam.. from the list, click Insert, and click Done.
e. Click File > Save.
11. Copy the (ReportSpam) agent to the 8.5.3 mail template:
a. From mail85_esm1018.ntf, click Code and double-click Agents.
b. In the list of agents, right-click (ReportSpam) and click Copy.
c. From the 8.5.3 mail template, click Code and double-click Agents.
d. Right-click anywhere in the list of agents and click Paste.
e. When asked if you want the agent to be automatically updated, click No.
Chapter 4. Configuring the service
81
f. Optional: To translate the agent, double-click the agent and translate the
English text in the following statements in (Declarations):
v SUBJECT_VALUE
v PROMPT_TITLE
v PROMPT_MESSAGE_SINGLE
v PROMPT_MESSAGE_MULTI
v MSG_SUCCESS
v MSG_SUCCESS_MOVED
v MSG_CANCEL
v MSG_ERR_SEND
g. Click File > Save.
What to do next
Submit the customized 8.5.3 template to an IBM Software Services for
Collaboration representative to validate the template and then upload the
approved template to the service. After the custom template is uploaded, you can
apply it to users.
Related tasks:
“Preparing to use custom mail file templates” on page 61
You can apply a custom mail file template to mail files of service users. The
template must meet design requirements that minimize the risk and impact to your
users and to the service. You submit the template for approval to an IBM Software
Services for Collaboration representative.
Related information:
IBM Software Services for Collaboration web page
Reporting spam without the Report as Spam feature
If you do not enable the Report as Spam feature, you can provide these
instructions to users for reporting spam manually.
Procedure
1. Perform one of the following steps to save the spam message as an .eml file:
v From the web client, select the spam message, click More > Show MIME
Full, select all, copy the entire contents to a text file, and save the file with
the extension .eml.
v From the Notes client, drag the spam message to the desktop. The message is
automatically saved as an .eml file.
2. Attach the .eml file to a new message.
3. Mail the new message to one of the following addresses:
v If you want to receive a confirmation email from the service, mail the
message to spam.smartcloud.feedback@kassel.ibm.com.
v If you do not want to receive a confirmation email from the service, mail the
message to spam.smartcloud@kassel.ibm.com.
Enabling busytime details in calendars
You can enable IBM Notes users and web client users to see busytime details in
calendars.
82
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
About this task
If you enable this feature, when users schedule a meeting or use a group calendar,
they can click a block of busytime in someone's calendar to see details about the
calendar entry. Users can see calendar details only if users grant them this access
to their calendars. The following types of detailed information can be seen:
v Type of calendar entry, for example, meeting or appointment
v Optionally assigned calendar category
v Meeting chair
v Location
v Room
This feature is disabled, by default. When it is disabled, users can still see the
blocks of time when users are busy, they just cannot see details about those blocks
of time.
Complete the following steps to enable busytime details.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings.
5. Click Email & Calendar Options.
6. In the Calendar Details section, select Enable calendar detail collection.
Results
When Notes client users and web client users schedule a meeting or use a group
calendar, they can click a block of busytime in a calendar to see details if they are
given the access to do so. Users control who can see their calendar information
and whether detailed calendar information is visible or only users' availability. To
control access to their calendars, web client users click Preferences > Delegation >
Schedule. Notes users click More > Preferences then Access and Delegation >
Access to Your Schedule.
Configuring instant messaging
Use the Instant Messaging settings in IBM SmartCloud Notes Administration to
specify whether to enable an instant messaging community in clients automatically.
Instant messaging enables users to chat with and see the availability of other users
in the service. You can automatically enable use of the service instant messaging
community. For web users, you can automatically enable an on-premises IBM
Sametime community managed by your company.
About this task
By default, web users automatically connect to the instant messaging community
in the service if the Enable instant messaging preference is selected on the client.
By default, IBM Notes 8.5.2 or later clients automatically connect to the instant
messaging community in the service if the clients are installed with the Sametime
(integrated) option. Users are also logged on to the community automatically.
Chapter 4. Configuring the service
83
You can change the default setting and allow web users to instead connect
automatically to an on-premises Sametime community at your company site. You
must use a Sametime Proxy Server 8.5.2 (IFR1 or later) and configure it to support
this capability. Notes clients can also connect to an on-premises community if you
configure the clients to connect to the community yourself.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings
5. Click Instant Messaging.
6. In the Instant Messaging Integration window, select an option described in the
following table and then click Save.
If you switch from one option to another, the service pushes the change to the
clients immediately.
Table 25. Instant messaging configuration options
Option
Result - web users
Enable the service instant
messaging community for
IBM Notes and SmartCloud
Notes web users
Web users are logged on to
the service instant messaging
community if they perform
the following steps from the
Inbox:
Result - Notes
Notes users who use Notes
8.5.2 or later installed with
the Sametime (integrated)
option are logged on to the
service instant messaging
1. Click More > Preferences community.
2. Under Instant
messaging, select Enable
instant messaging.
Multiple communities are
not supported.
The connection to the service
community overwrites any
pre-existing embedded
connection to an on-premises
Sametime community.
Notes 8.5.1 clients are not
affected by this option. To
enable them to access the
service instant messaging
community, manually
configure the clients to
connect to the community.
Enable an on-premises IBM
Web users can connect to an
Sametime community for
on-premises Sametime
SmartCloud Notes web users community managed by
your company after you
configure the on-premises
environment.
Disable instant messaging
integration
84
Notes users can use instant
messaging, but you must
configure the clients
manually to connect to
communities.
Web users cannot use instant Notes users can use instant
messaging.
messaging, but you must
configure the clients
manually to connect to
communities.
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Configuring the web client to connect to an on-premises
Sametime community
Complete this procedure to configure IBM SmartCloud Notes web clients to
connect to an IBM Sametime community at your company site.
Before you begin
The following Sametime server components must be installed on-premises. For
instructions, see the Sametime documentation.
v Sametime Server 8.0.2, or Sametime Community Server 8.5 or later. For
installation instructions, see the Sametime documentation.
v Sametime Proxy Server 8.5.2IFR1. For installation instructions, see the Sametime
documentation.
v The Sametime Proxy Server requires the latest hot fix, which is available on IBM
Fix Central. The hot fix includes installation instructions. This link retrieves the
list of fixes for Sametime 8.5.2 IFR1 for all operating systems; find the latest fix
for the Sametime Proxy Server on the operating system you use.
Note: The Sametime System Console is not used in this deployment.
About this task
Allowing the web client to connect to the on-premises Sametime community
requires that users be able to access the Sametime Proxy Server from the same
location where they access SmartCloud Notes. If your organization chooses to
restrict access to the Sametime Proxy Server to users inside the corporate network,
then all users must connect to that corporate network in order to access Sametime
functionality in SmartCloud Notes.
If your organization wants to allow users to access Sametime functionality in
SmartCloud Notes from locations outside the corporate network, you must ensure
that requests to https://Server_name:Port_number/ are correctly forwarded to the
Sametime Proxy Server, regardless of where they originate. To support external
connections, the following requirements must be satisfied:
v Server_name must be listed in the public DNS (domain name server).
v The firewall must allow connections to Server_name on Port_number.
v You must create network routes that allow connections to reach the Sametime
Proxy Server.
Procedure
1. Configure the on-premises Sametime Proxy Server to allow connections from
the SmartCloud Notes domain by completing the following steps:
a. On the computer where the Sametime Proxy Server is installed, open the
stproxyconfig.xml file that is stored in the deployment manager's profile:
The deployment manager's stproxyconfig.xml file is typically located in the
following directory:
WebSphere_AppServer_install_root/profiles/Deployment_Manager_Profile_Name/
config/cells/Cell_Name/nodes/Node_Name/servers/STProxyServer/
For example, on IBM AIX® or Linux:
/opt/IBM/WebSphere/AppServer/profiles/dmgr/config/cells/STProxyCell1/nodes/
STProxyNode1/servers/STProxyServer
On Microsoft Windows:
Chapter 4. Configuring the service
85
C:\Program Files\IBM\WebSphere\AppServer\profiles\dmgr\config\cells\
STProxyCell1\nodes\STProxyNode1\servers\STProxyServer
b. In the stproxyconfig.xml file, look for the closing </server> tag and add
the following statement immediately after it:
<domainList>Your_organization_domain_name,SmartCloud_Notes_domain_name
</domainList>
Specify your own organization's domain name for
Your_organization_domain_name. To determine the SmartCloud Notes domain
your company uses, open the Inbox and look at the domain name that is
shown in the browser URL. For example, in the following browser URL, the
SmartCloud Notes domain is notes.na.collabserv.com:
https://mail.notes.na.collabserv.com/livemail/iNotes/Mail/?OpenDocument
Note: The server, mail, is not part of the domain name.
Specify one of the following values for the SmartCloud_Notes_domain_name:
v If you use the North America data center: notes.na.collabserv.com
v If you use the Asia Pacific data center: notes.ap.collabserv.com
For example, if the Renovations company uses the North America data
center, the statement looks like the following line:
<domainlist>renovations.com,notes.na.collabserv.com</domainlist>
c. Copy the new statement so you can use it again, and then save and close
the file.
d. On the same computer, open the copy of the stproxyconfig.xml file that is
stored in the Sametime Proxy Server's profile:
The Sametime Proxy Server node's copy of stproxyconfig.xml file is
typically located in the following directory:
WebSphere_AppServer_install_root/profiles/Sametime_Proxy_Profile_Name/
config/cells/Cell_Name/nodes/Node_Name/servers/STProxyServer/
For example, on IBM AIX or Linux:
/opt/IBM/WebSphere/AppServer/profiles/STPAppProfile/config/cells/
STProxyCell1/nodes/STProxyNode1/servers/STProxyServer
On Microsoft Windows:
C:\Program Files\IBM\WebSphere\AppServer\profiles\STPAppProfile\config\
cells\STProxyCell1\nodes\STProxyNode1\servers\STProxyServer
The Sametime Proxy Server's path looks very similar to the deployment
manager's path, but references the Sametime_Proxy_Profile_Name instead of
the Deployment_Manager_Profile_Name.
e. Add the same new statement to the Sametime Proxy Server's copy of the
stproxyconfig.xml file (after the closing </server> tag as before), and then
save and close the file.
f. Restart the Sametime Proxy Server.
2. If web clients do not have VPN access to the Sametime Proxy Server, provide
external access to the server.
3. If your Sametime server restricts access to certain types of clients, allow access
to web clients by adding the following value to the VPS_ALLOWED_LOGIN_TYPES
setting in the [Config] section of the sametime.ini file:
14A4
For more information, see Technote 1114318.
4. Complete the following steps to enable the service to connect to the
on-premises community:
a. Log on to the service as an administrator.
86
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
b. Click Administration > Manage Organization.
c. In the System Settings section of the navigation pane, click IBM
SmartCloud Notes.
d. Click Account Settings.
e. Click Instant Messaging.
f. Click Enable an on-premises IBM Sametime community for SmartCloud
Notes web users.
g. Provide the Sametime Proxy Server URL, for example, https://
stproxy01.renovations.com.
5. Instruct Internet Explorer users to modify the browser trusted sites list as
follows:
a. Click Tools > Internet Options
b. Click Security.
c. In the Select a Zone to view or change security settings section, click
Trusted sites and then click Sites.
d.
Add the following sites to the Websites box:
*.lotuslive.com
*.collabserv.com
In addition, add the Sametime Proxy Server URL, for example:
https://stproxy01.renovations.com.
6. Instruct users to complete the following steps from their SmartCloud Notes
web Inbox:
a. Click More > Preferences
b. Click Instant messaging > Enable instant messaging.
Related information:
Sametime documentation
Manually configuring Notes clients to connect to the service
instant messaging community
If you performed the procedure “Configuring instant messaging” and selected the
option Enable an on-premises IBM Sametime community for SmartCloud Notes
web users or the option Disable instant messaging integration, IBM Notes clients
are not configured automatically to connect to the instant messaging community in
the service. This topic describes how to configure Notes clients to connect to the
service instant messaging community yourself if you selected either of these
options.
Before you begin
Notes must be installed with the Sametime (integrated) option selected.
About this task
Perform this procedure for any of the following reasons.
v You want to allow Notes 8.5.1 clients to connect to the service instant messaging
community.
v You want to allow Notes clients to connect to an on-premises Sametime
community and to the service instant messaging community. You will configure
the service instant messaging community as a secondary community.
Chapter 4. Configuring the service
87
Note: To provide dual-community enablement, the on-premises IBM Sametime
server must be configured to support IBM Sametime Standard clients. You must
purchase the Sametime Standard license separately, as the SmartCloud Notes
entitlement supports IBM Sametime Entry only.
v You want to allow some, but not all, Notes 8.5.2 or later clients to connect to the
service community as the primary community. If you want all Notes 8.5.2 or
later clients to connect to the service instant messaging community as the
primary community, instead perform the procedure “Configuring instant
messaging” and select the option Enable the service instant messaging
community for IBM Notes and SmartCloud Notes web users.
Perform the following steps to configure a Notes client to connect to the service
instant messaging community.
Procedure
1. Start Notes.
2. Click File > Preferences.
3. Click Sametime.
4. Click Server Communities.
5. Perform the following steps to add the service instant messaging community to
the sidebar:
a. Click Add New Server Community.
b. Complete the fields in the Add Sametime Server Community window as
described in the following table, and then click OK.
Tab
Field
Field value
Not applicable
Server community type
Sametime
Not applicable
Server community name
Provide a name that identifies
the new community.
Log in
User name
Service login name, for
example,
sdaryn@renovations.com
Log in
Password
SmartCloud Notes web logon
password
Do not specify the Notes client
login password.
Log in
Use token based single
sign on
Do not select
Server
Host server
im.na.collabserv.com (if your
company uses the North
American data center)
im.ap.collabserv.com (if your
company uses the Asia Pacific
data center)
im.ce.collabserv.com (if your
company uses the European
data center)
Server
88
Server community port
1533
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Tab
Field
Field value
Server
Send keep alive signal
60 (default)
after the following number
of seconds
Connection
Connection
Direct connection (default)
Options
Use this server for
awareness status lookup
Select (default)
Options
Use canonical names for
status lookup
Do not select (default)
6. If the client also connects to an on-premises community, make sure the service
community is not the default community.
7. Click OK to save your changes.
Instant messaging features
The table in this topic summarizes the instant messaging features that are available
through the service instant messaging community.
Note: If IBM Notes clients connect to an on-premises IBM Sametime community
and to the service community, the version of Sametime that is used on-premises
determines the features that are available for both communities.
Table 26. Features supported by the service instant messaging community
Feature
Available
Online presence status;
availability status icons;
custom status message
X
Not available
The web client shows online
presence status for names in
the sidebar but not for
names in documents or
views. This limitation does
not apply if an on-premises
Sametime community is
used.
Automated geographic
awareness
X
Telephony status
X
Set alerts when users are
available; privacy lists,
selective do not disturb
X
Business card display
X
The name and email address
are displayed but not other
information, such as title and
telephone number.
Primary, frequent, and recent X
contact list views
There is a 500-contact limit.
Public groups are not
supported.
The web client supports only
the primary contact list.
Chapter 4. Configuring the service
89
Table 26. Features supported by the service instant messaging community (continued)
Feature
Available
Initiate chats with users not
in your contact list
X
Not available
Security-rich one-on-one text X
chat and multi-way text chat.
Rich text formatting; spell
check; emoticons and
emoticon palettes
X
Time and date stamps; chat
history
X
Log in to multiple
communities
X
Screen capture tool; file
transfers
X
The web client does not
support chat history.
Supported by Notes clients
only.
Supported by Notes clients
only.
Note: To provide
dual-community enablement,
the on-premises IBM
Sametime server must be
configured to support IBM
Sametime Standard clients.
You must purchase the
Sametime Standard license
separately, as the
SmartCloud Notes
entitlement supports IBM
Sametime Entry only.
Instant screen share
X
Zero-download browser chat X
client
Supported by web clients
only.
Online meetings
X
Voice and video
X
Community collaboration
features, such as instant
polls, broadcast chats, and
persistent group chat
X
Mobile use
X
Telephony integration
X
Setting password expiration for Notes IDs
For users who access the service with the IBM Notes client, you can specify when
Notes ID passwords expire. This password expiration does not apply to web users
because they log in using their web login password rather than a Notes ID
password.
90
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Before you begin
For information on how this feature interacts with the password synchronization
feature, see “Enabling password synchronization” on page 33.
About this task
If users click File > Security > User Security, the Password must be changed by
field does not show the password expiration date.
Perform the following procedure to set password expiration for Notes IDs.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes and then click Account Settings.
4. Click Password Management
5. Click Enable password expiration for IBM Notes clients.
6. Enter the number of days a password can be used before it expires. The
minimum value for this setting is 30 days; the maximum is 3650 days.
Results
v When password expiration is first enabled, the passwords of all current users
expire on a random basis after the expiration period, regardless of when the
passwords were last changed. For example, if the expiration period is 90 days,
all current users are prompted to change their passwords on a random basis
when first authenticating after the 90-day expiration period.
v The passwords of new users also expire on a random basis after the expiration
period.
v Users who are logged in when this setting becomes effective are not prompted
to change the password during the current login session.
v Users might experience a lag time of a few seconds between the time they
change their password and authentication. This lag occurs while the updated ID
is synchronizing with the vault. If the synchronization does not complete,
authentication can fail. In that case, users can wait a few minutes, and then try
again. If the synchronization continues to fail and the user cannot access the
client, reset the Notes ID using SmartCloud Notes Administration.
What to do next
You might want to communicate the following information to your users:
v There is no warning that informs them that their password is about to expire.
v How often they will be prompted to reset their passwords.
v What to do if authentication fails after they change their passwords.
Related tasks:
“Resetting passwords for Notes IDs” on page 31
Reset the password on an IBM Notes ID file to change the current password.
Typically you do this because a user has forgotten the current password.
Chapter 4. Configuring the service
91
Enabling password synchronization
When users change their service login passwords, password synchronization
enables the users to use the new passwords when they log in to the IBM Notes
client.
About this task
Password synchronization benefits users who are active users of both the web and
Notes clients by allowing them to use one password for both clients.
After you enable password synchronization, when users change their service login
passwords, the new passwords are added to the Notes ID files in the ID vault.
Users can then use the new passwords the next time they log in to the service from
the Notes client.
Password synchronization occurs whenever users change their service login
passwords. Users can change the service login passwords at any time through
Connections Cloud My Account Settings. They also change the passwords:
v After they log in to the service for the first time with temporary passwords;
v After they log in to the service after an administrator resets their service login
passwords;
v After they log in to the service when service login password expiration is
enabled and their passwords expire.
Before you enable password synchronization, be aware of the following
information:
v The feature does not apply to users who log in to the service with a federated
identity that your organization defines.
v Synchronization occurs in one direction: from the service login password to the
Notes ID password. Changing the Notes ID password does not change the
service login password.
v When service login passwords change, Notes client users are not required to use
the new passwords. Their old passwords remain valid until they use the new
passwords to log in to the service from the Notes client. Because the continued
use of the old password prevents ID synchronization with the ID vault, as a best
practice, recommend to users that they use the new passwords on the Notes
client.
v Synchronization occurs after Notes clients are connected to the service.
v Notes client users can change their Notes ID passwords, either by choice or
because you enable the Password Expiration setting in SmartCloud Notes
Administration and their passwords expire. When Notes users change the Notes
ID passwords, the service login passwords do not change automatically.
However, users can use Connections Cloud My Account Settings to change the
service login passwords to match the new Notes ID passwords.
v If you enable password expiration for Notes IDs, a Notes ID password might
expire before a user logs in to Notes with a new service login password. In this
case, the user can log in to the Notes client with the old Notes ID password but
the user is prompted to change the password when opening mail or another
application. At this point the user can provide the new service login password.
To enable password synchronization, complete the following procedure.
92
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes and then click Account Settings.
4. Click Password Management.
5. In the Password Synchronization section of the page, select Enable password
synchronization.
6. Click Save.
Results
When users change their service login passwords, they can use the new passwords
to log in to the Notes client.
If users change the Notes ID password, the service login password does not
change automatically.
What to do next
Notify users that the feature is enabled. Recommend that when they change the
service login passwords that they use the new passwords to log in to the Notes
client.
Related tasks:
“Resetting service login passwords” on page 30
Users can reset their own service login passwords once within a 24 hour period by
clicking Forgot password?. An administrator or administrator assistant can reset
service login passwords for any user at any time.
“Setting service login password expiration” on page 31
By default, service login passwords do not expire. Enforcing a password expiration
period helps ensure that passwords are changed frequently. Administrators can set
a password expiration interval for all users.
Related information:
Federated identity management
Logging activity in journal files
You can log different types of activity in journal files that you then download from
the service.
Before you begin
Before you complete this procedure, you must request integration server
enablement from an IBM Connections Cloud customer services representative
(CSR). When you do so, you provide an account identity to use to connect to the
FTP site to download the journal files. You are notified when your enablement
request is complete. For more information, see Requesting integration server
enablement in the Connections Cloud integration server documentation.
About this task
The following types of journal files are available for Notes:
v Notes mail delivery, which records each email message that service users send.
Chapter 4. Configuring the service
93
v Notes client session, which records each attempt to log in to the service from a
Notes client to access an application such as mail or the company directory.
The journal service produces gzip-compressed journal files about every 24 hours.
You use an FTP client to download the journal files from the IBM Connections
Cloud integration site. Files are removed from the integration site after seven days.
Journal files are available for other Connections Cloud services, as well. For more
information, see the Connections Cloud journaling documentation.
After you are notified that your request for integration server enablement is
complete, complete the following steps to enable journaling through SmartCloud
Notes Administration.
Procedure
1. Log on to the service as an administrator.
2. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
3. Click Account Settings.
4. Click Journaling Options.
5. Select any of the following options to specify the type of journal files to
generate:
v Notes mail delivery
v Notes client sessions
6. Click Save.
What to do next
You can begin downloading journal files in about 24 hours.
Related information:
Connections Cloud journaling documentation
Downloading journal files
You can begin to download journal files about 24 hours after you enable
journaling.
Before you begin
Request integration server enablement, then enable journaling options in
SmartCloud Notes administration. For more information, see “Logging activity in
journal files” on page 93.
Make sure that your corporate firewall allows outbound connections to the
following hosts over FTP port 990 and FTP PASV port range 60000 - 61000:
v North America data center: ftp.na.collabserv.com
v Asia Pacific data center: ftp.ap.collabserv.com
v European data center: ftp.ce.collabserv.com
94
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Procedure
1. From an FTP client, specify the following connections settings:
Setting
Value
Host
If you use the United States data center:
ftp.na.collabserv.com
If you use the Asia Pacific data center:
ftp.ap.collabserv.com
If you use the European data center:
ftp.ce.collabserv.com
Protocol
FTP
Port
990
Encryption
Implicit FTP over TLS
User and password
Account name and password that is used to
connect to the FTP site.
2. Connect to the FTP host.
3. Change to the journal directory.
4. Select and download the following files:
v If you enabled Notes mail journaling, download files named
<date>.NOTESMAIL.txt.gz
v If you enabled Notes client session journaling, download files
named<date>.NOTES_NRPC_SESSION.txt.gz.
<date> is the file creation date.
Related tasks:
“Configuring the firewall for outbound connections” on page 17
Configure the firewall to allow outbound connections to the service.
Related information:
Integration server documentation
Format of the Notes mail journal file
A Notes mail journal file records each message that users send.
File name
The name of the compressed file that you download is <date>.NOTESMAIL.txt.gz,
where <date> is the file creation date , in YYYY-MM-DD format. For example:
2012-12-23.NOTESMAIL.txt.gz.
Syntax
Each record in a Notes mail journal file conforms to the following syntax:
date user name (id=customerId, customerId=customerId) performed ACTION
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)]
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)]
with outcome OUTCOME [REASON][(EXTRA)]
Each record in a journal file is contained in a single line.
Parameters
date
Chapter 4. Configuring the service
95
A date and time, for example, 2012-12-18T13:23:47+0000. One of the
following values is logged:
v The date and time that a user sends a message to another user at the
company
v The date and time that a message failed to be delivered to a user at the
company
v The date and time that a user sends a message to an external user at
another company
name
The user’s Notes name, if an internal user sends the message, for example,
CN=Samantha Daryn/O=Renovations. An Internet email address, if an
external user sends the message.
customerId
The unique number that identifies the company subscription in the service.
ACTION
SENT_MAIL
TYPE
The type of object or target. The object type is always MAIL_MESSAGE. The
target type is always RECIPIENT.
OBJECTID
The unique identifier of the mail message that is sent.
name
The name of the OBJECTID or the TARGETID. The name for the
OBJECTID is always MAIL. The name for the TARGETID is the email
address of the recipient.
TARGETID
The unique identifier for the recipient. This value is always null because
the email address specified in the name parameter uniquely identifies the
recipient.
OUTCOME
The result of the action, either SUCCESS or FAILURE. If the outcome of an
event is FAILURE, the reason is given. The reason is in uppercase and can
be multiple words separated by underscores. For example: FAILURE
“USER_NOT_FOUND”.
EXTRA
Contains the size of the message in kilobytes.
Examples
Note: The following example records are shown on multiple lines. In the journal
file, each record is a single line.
1. Samantha Daryn sends a message to another internal user at the company, Allie
Singh. Allie receives the message.
2012-12-30T19:03:01+0000 user CN=Samantha Daryn/O=Renovations
(id=20076547, customerId=20076547) performed SENT_MAIL
on object (type=MAIL_MESSAGE, id=<OFF0EBF61D.5CAAD94F-ON85257A
96
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
78.005C2BF7-85257A78.005C3063@LocalDomain>, name=“MAIL”,
customerId=20076547) targeted at (type=RECIPIENT, id=,
name=“CN=allie singh/O=renovations@renovations.com”, customerId=20076547)
with outcome SUCCESS (size=“1”)
2. Samantha Daryn sends a message to another internal user at the company, Allie
Singh. Allie’s name is not found in the directory and the message is not
delivered.
2012-12-28T15:02:01+0000 user CN=Samantha Daryn/O=Renovations
(id=20076547, customerId=20076547) performed SENT_MAIL
on object (type=MAIL_MESSAGE,
id=<OF0645EB2C.8B339FE8-ON00257A9B.0054F723-00257A9B.0054F726@LocalDomain>,
name=“MAIL”, customerId=20076547) targeted at (type=RECIPIENT, id=,
name=“CN=allie singh/O=renovations@renovations.com”, customerId=20076547)
with outcome “FAILURE RECIPIENT NOT FOUND IN COMPANY DIRECTORY” (size=“2”)
3. Samantha Daryn sends a message over the Internet to an external user,
branney@zetabank.com.
2012-12-28T15:02:01+0000 user CN=Samantha Daryn/O=Renovations
(id=20076547, customerId=20076547) performed SENT_MAIL
on object (type=MAIL_MESSAGE, id=<OF8E758E11.39C4D326-ON00257A9B.
00550042-00257A9B.00550046@LocalDomain>, name=“MAIL”,
customerId=20076547) targeted at (type=RECIPIENT, id=,
name=“branney@zetabank.com”, customerId=20076547)
with outcome SUCCESS (size=“1”)
Format of the Notes client session journal file
A Notes client session journal file records information about each IBM Notes client
login session within the service.
File name
The name of the compressed file that you download is
<date>.NOTES_NRPC_SESSION.txt.gz, where <date> is the file creation date, in
YYYY-MM-DD format. For example: 2012-12-23.NOTES_NRPC_SESSION.txt.gz.
Syntax
Each record in a Notes client session journal file conforms to the following syntax:
date user name (id=customerId, customerId=customerId) performed ACTION
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)]
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)]
with outcome OUTCOME [REASON][(EXTRA)]
Each record in a journal file is contained in a single line.
Parameters
date
The date and time a Notes client user logs in to the service or attempts to
log in, for example, 2012-12-18T13:23:47+0000.
name
The user’s Notes name, for example, CN=Samantha Daryn/O=Renovations
customerId
The unique number that identifies the company subscription in the service.
ACTION
NRPC_SESSION
Chapter 4. Configuring the service
97
TYPE
The type of object or target. The object type is always NRPC_SESSION. The
target type is always USER.
OBJECTID
A unique session ID
name
The name of the OBJECTID or the TARGETID. The name for the
OBJECTID is always NRPC_SESSION. The name for the TARGETID is the
user’s Notes name, for example, CN=Samantha Daryn/O=Renovations.
TARGETID
The unique identifier for the user. This value is always null because the
name parameter uniquely identifies the user.
OUTCOME
The result of the action, which is always SUCCESS.
EXTRA
The following information is provided:
v Number of databases accessed
v Number of documents that are read and written
v Time to connect to the service, in seconds
v The client versions being used
Examples
Note: The following example records are shown on multiple lines. In the journal
file, each record is a single line.
1. Samantha Daryn logs in to the mail server in the service successfully from
Notes.
2013-04-09T14:35:12+0000 user CN=Samantha Daryn/O=Renovations(id=20076547,
customerId=20076547) performed NRPC_SESSION on object (type=NRPC_SESSION,
id=02E31600, name=“NRPC_SESSION”, customerId=20076547) targeted at (type=USER,
id=, name=“CN=Samantha Daryn/O=Renovations”, customerId=20076547) with outcome
SUCCESS (DBs accessed=“1”, docs read=“0”, docs written=“0”, connect time=“302”,
client version=“90010”,)
Configuring IMAP access
You can allow users to access IBM SmartCloud Notes from third-party email
clients using IMAP. By default, the option Disable IMAP for all users is selected,
but you can enable it for all users.
About this task
After you enable IMAP access, service users can configure their mail clients for
IMAP access using information provided by the service. The following IMAP
clients are supported:
v Apple email
v Microsoft Outlook 2003, 2007
v Thunderbird
98
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Account Settings and then click IMAP Email Access.
5. Select Enable IMAP for all users, and then click Save.
Results
If you enabled IMAP for all users, then service users can set up their IMAP clients
for IMAP access to SmartCloud Notes mail.
Related information:
Setting up IMAP clients
IMAP client limitations
There are a few limitations when using an IMAP client to access IBM SmartCloud
Notes.
Folder limitations
The following restrictions apply to folders used with IMAP:
v A single folder name cannot exceed 64 bytes.
v An unlimited number of nested folders is allowed, but the combined length of
all nested folder names (including delimiters) cannot exceed 129 bytes.
View limitations
The service provides IMAP clients access to folders in user mail files but not to
views. The Drafts, Sent, and Trash views in mail files therefore are not available
through IMAP clients. To work around this limitation, IMAP client users can create
folders that correspond to these views and put messages in the folders instead.
IBM Notes or web client users must open these folders to see the messages in
them.
Return receipt
The service does not support the use of return receipts with IMAP clients. If you
request a return receipt and the recipient opens the message using the IBM Notes
or web client, no return receipt is generated.
Chapter 4. Configuring the service
99
100
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Chapter 5. Onboarding users
Onboarding refers to all the steps that are done to get users up and running with
mail files and mail servers in the cloud.
Before you begin
Before you onboard users, configure the service and, optionally, customize settings.
Deciding whether to use the Notes client
IBM SmartCloud Notes web is the mail client that is available automatically to all
IBM SmartCloud Notes users through a browser. Before you prepare to onboard
users, decide whether you want them to use the optional IBM Notes client in
addition to or instead of SmartCloud Notes web.
About this task
For the following reasons, many companies decide to use SmartCloud Notes web
and not the Notes client:
v Users get access to new features automatically as they are available in the
service.
v IT departments save money by avoiding the need to upgrade and maintain
Notes clients.
v SmartCloud Notes web is easy to use and the interface is similar to that of
recent versions of IBM iNotes and Notes. There might be little or no training
needed.
v Most Notes clients features are available in SmartCloud Notes web.
A recommended approach is to start all users in the service with SmartCloud
Notes web. After users become familiar with it, you have a better sense of which
users, if any, still need the Notes client. The following table describes some reasons
to use the Notes client, as well as alternative options.
Table 27. Reasons you might use the Notes client
Reason
Considerations and alternatives
Users need access to IBM Domino
applications on-premises.
The Notes Browser Plug-in is an alternative
option to the Notes client. This plug-in
provides access to on-premises Notes
applications through a browser.
Users need access to mail when
disconnected from the network.
Currently, only the Notes client supports
local, disconnected access to mail. Local mail
file access is provided through managed
mail replicas (in hybrid environments) or
standard local mail file replicas (in
service-only environments).
Before you choose the Notes client for this
reason, consider that with the increased use
of mobile devices, some users might no
longer require offline access through
notebooks or desktops.
101
Table 27. Reasons you might use the Notes client (continued)
Reason
Considerations and alternatives
Internet connections are slow.
In hybrid environments, users with slow
Internet connections, for example, users with
limited bandwidth connections, see better
performance if they use managed mail
replicas on Notes clients. In service-only
environments, these users benefit from using
standard local mail file replicas on Notes
clients.
Users are starting with new mail files in the Currently, accessing mail that is archived
service and want access to old mail archived on-premises requires a Notes client.
on-premises.
Users want features that are available only
with the Notes client.
For a feature comparison, see the technote
“Comparison tables of features between IBM
Notes, IBM iNotes, and IBM SmartCloud
Notes web”.
In hybrid environments, users want to
manage (be delegates for) the mail files of
on-premises users.
Managing on-premises mail files of users
who are not provisioned for the service
requires the Notes client.
Related information:
Technote: Comparison tables of features between IBM Notes, IBM iNotes &
IBM SmartCloud Notes web
Notes Browser Plug-in
IBM SmartCloud Notes client requirements
Preparing for onboarding
To prepare for onboarding, complete these tasks to prepare users, clients, and mail
files.
Before you begin
Before you prepare for onboarding, complete the following tasks:
v Chapter 4, “Configuring the service,” on page 25
v “Deciding whether to use the Notes client” on page 101
About this task
Table 28. Tasks to prepare for onboarding
Task
Create a detailed
provisioning
schedule and require
your project team to
sign off on it.
102
Why the task is
important
Additional
information
This step ensures that
provisioning happens
in planned stages
that take into account
factors such as pilot
users, work
schedules,
geographic locations,
and clients used.
Delegates of mail
files must
provisioned to
manage mail files of
provisioned users.
For more information
see “Mail file
delegation” on page
118.
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Complete?
Table 28. Tasks to prepare for onboarding (continued)
Task
Prepare
communications and
training.
Why the task is
important
Additional
information
Complete?
This step allows for a “Preparing
smooth transition to communications and
training” on page 117
the service and
reduces help desk
calls.
Develop a method to This step helps you
track provisioning.
understand at what
stage users are at in
the transition to the
cloud and is also
useful for providing
status reports to
executive
management.
Contact Support to
determine whether
users at your
company have trial
accounts.
Request removal of
trial accounts.
Provisioning can fail
for users who have
trial accounts.
In hybrid
environments, if
users will not use the
IBM Notes client
with the service,
verify that the users
have Notes ID files to
which they or
administrators have
local access.
Though not
required,Notes ID
files enable users to
sign email, read
encrypted email, and
to recall mail
messages. ID files are
typically required to
enable administrators
to change users'
Notes names.
Customize mail file
access.
This step is required “Preparing
if you want to allow customized mail file
ACLs” on page 68
people who are not
the owners of mail
files to access mail
files without being
delegates. Typically
this access is
provided by adding a
customer-specific
administrator group
to mail file ACLs.
Familiarize yourself
with password
requirements for
logging in to the
service
The password
requirements might
be different from
ones that are
currently used in
your on-premises
environment.
“Password rules by
authentication
method” on page 45
Chapter 5. Onboarding users
103
Table 28. Tasks to prepare for onboarding (continued)
Task
Why the task is
important
Additional
information
In hybrid
environments only,
verify that users’
Person documents
comply with service
requirements.
This step helps to
ensure a smooth
transition to the
service.
(Optional) In hybrid
environments only,
configure multiple
Internet addresses for
users
This step applies
only if users have
more than one
Internet email
address, for example,
if users have two
email addresses as a
result of a company
merger.
(Optional) Ensure
that a custom mail
template is uploaded
to the service, if you
plan to use one.
You can apply the
custom template
during user
provisioning so that
users see the custom
design when they
first use the service.
See “Preparing to use
custom mail file
templates” on page
61.
(Optional) Set up
batch user
provisioning with the
integration server.
This step allows you
to use
comma-separatedvalue (CSV) files to
provision batches of
users.
See the section on
user provisioning
and identity
management in the
Integration server
documentation.
Prepare for specific
clients.
There are special
v “Preparing for the
considerations for
web client”
each type of client
v “Preparing for
that can be used with
Notes Traveler
the service.
devices” on page
106
Complete?
v “Preparing for
Notes clients” on
page 108
v “Preparing for
IMAP clients” on
page 114
Preparing for the web client
Before you provision users who will access IBM SmartCloud Notes using the web
client, prepare for the web client.
Before you begin
Read about the web client.
104
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
About this task
Table 29. Tasks to prepare for the web client
Task
Why the task is
important
Additional
information
Complete?
Prepare for
onboarding.
There are tasks to
“Preparing for
prepare that apply to onboarding” on page
all or most clients.
102
Review the
supported browsers
and browser
versions, decide
which to use, and
upgrade browsers if
necessary.
Using a supported
browser version
ensures the best
experience for your
users.
SmartCloud Notes
web requirements
If users currently use
IBM iNotes, compare
the features that are
supported for
SmartCloud Notes
web.
Most IBM iNotes
features are
supported in the
cloud. Making your
users aware of the
few differences can
reduces help desk
calls and improve
user satisfaction.
Technote:
Comparison tables of
features between
IBM Notes, IBM
iNotes & IBM
SmartCloud Notes
web
Assess network
capacity.
“Network capacity
This step ensures
that your site has the for the web client”
on page 14
network capacity to
support the number
of web client users
you plan to have
If the Notes client is
used with shared
login enabled, but
the client won't be
used in the cloud,
disable the shared
login feature before
you provision users.
This step enables
administrators or
web client users to
upload Notes ID files
to the vault in the
service manually
after provisioning.
An ID enabled for
shared login cannot
be uploaded to the
service ID vault
manually by a web
client user or an
administrator. It can
only be uploaded
automatically
through the use of a
Notes client. For
more information on
shared login, see the
Securing section of
the Domino
documentation.
(Optional) Deploy an
extension forms file
to customize the web
client
Use an extension
forms file if you
want to customize
the visual theme,
fonts, the action bar,
and other aspects of
the web client.
“Using extension
forms files to
customize the look of
the web client” on
page 64
Chapter 5. Onboarding users
105
Table 29. Tasks to prepare for the web client (continued)
Task
Disable on-premises
IBM iNotes login
redirection, if used.
Why the task is
important
Additional
information
This step ensures
that users are not
redirected to their
on-premises mail
servers after the
move to the cloud.
For information on
Using iNotes IBM
iNotes redirect, see
the Domino
documentation.
Complete?
An IBM Software
Services for
Collaboration
representative can
provide a custom
redirector for cloud
login.
Preparing for Notes Traveler devices
Before enabling users to use IBM Notes Traveler mobile devices with the service,
prepare your environment and the devices.
Before you begin
Read about Notes Traveler devices.
About this task
Before you provision users with a Notes Traveler subscription, complete the tasks
in the following table to prepare.
Table 30. Tasks to prepare for Notes Traveler devices
Why the task is
important
Additional
information
Prepare for
onboarding.
There are tasks to
prepare that are not
client-specific.
“Preparing for
onboarding” on page
102
Ensure that your
firewall configuration
allows devices to
access the service
over WiFi.
Connections to hosts
in the service over
Port 443 are required
for WiFi access.
“Configuring the
firewall for outbound
connections” on page
17
Review the Notes
Traveler device
memory and
operating system
requirements.
Notes Traveler
Using a mobile
device that complies requirements for the
cloud.
with these
requirements ensures
the best experience
for your users.
Task
106
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Complete?
Table 30. Tasks to prepare for Notes Traveler devices (continued)
Why the task is
important
Additional
information
If you plan to use
BlackBerry 10
devices, first verify
that your wireless
carrier supports the
minimum operating
system level that is
required in the
cloud.
Some carriers might
not support the
minimum required
Blackberry 10
operating system
level.
Notes Traveler
requirements for the
cloud.
Enable cookies in
device browsers.
Cookies must be
enabled to connect to
the service and to
sync mail on devices.
Review Notes
Traveler device
policy settings.
Be aware of policy
settings that the
service enforces that
might be different
than your current
settings.
“Notes Traveler
device settings”
Review device
limitations in the
cloud.
This step makes you
aware of any
changes that users
might see after the
move to the cloud.
Notes Traveler
Troubleshooting,
known limitations,
and restrictions.
(Optional) Enable
application
passwords.
This step is required v “Enabling
only if your
application
company enables full
passwords” on
federated identity
page 43
authentication and
v “Setting up
Android devices that
federated identity
run Notes Traveler
management” on
9.0.1.3 or a higher
page 36
are not used.
Task
Complete?
Notes Traveler device settings
The service enforces the following device settings.
v Device passwords of at least 4 characters are required.
v Device lockout occurs after 30 minutes of inactivity.
v There is no limit to the number of incorrect password attempts.
v On Android, Apple, Windows Tablet, and BlackBerry 10 devices, there is no size
limit to attachments in received emails. Attachments are always downloaded
during device syncs.
v On Windows Mobile devices, there is a 4 MB limit to attachments in received
emails. When the combined attachment size exceeds the limit, attachments are
removed from emails that are synced to the device.
Note: Windows Tablet requires a device password of at least eight characters. The
password must include at least three of the following types of characters: upper
case, lower case, number, special character.
Chapter 5. Onboarding users
107
Preparing for Notes clients
Use of the IBM Notes client to connect to the service is optional. If you want your
users to use the Notes client, understand the steps to prepare.
Before you begin
Read about the “Notes client” on page 7 and decide whether to use it.
About this task
Skip this task is you do not plan to use the Notes client.
Table 31. Tasks to prepare for the Notes client
Task
108
Why the task is
important
Additional
information
Prepare for
onboarding.
There are tasks to
“Preparing for
prepare that apply to onboarding” on page
all or most clients.
102
Compare the features
that are supported
for the on-premises
client to the featured
that are supported in
the cloud.
Most features are
also supported in the
cloud, but there are
some differences to
be aware of.
Technote:
Comparison tables of
features between
IBM Notes, IBM
iNotes & IBM
SmartCloud Notes
web
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Complete?
Table 31. Tasks to prepare for the Notes client (continued)
Task
Why the task is
important
Additional
information
Evaluate your
currently deployed
clients. If necessary,
upgrade to newer
versions of the client.
A version of Notes
(Standard
configuration) that is
supported in the
cloud is required.
To ensure a smooth
transition, leave
plenty of time to
complete client
upgrades, and, if
necessary, related
hardware upgrades,
before you provision
users for the cloud.
Complete?
There are various
upgrade methods
available, including
desktop push
technology, Notes
Smart Upgrade, and
end-user controlled
upgrades.
v Technote:
SmartCloud Notes
client requirements
v Upgrade Central:
Planning your
upgrade to IBM
Notes and Domino
9.0 Social Edition
v Search for “Using
Notes Smart
Upgrade” in the
IBM Domino
documentation.
.
Use an on-premises
policy to configure
managed mail
replicas. Complete
this step before you
provision users so
that you can resolve
any issues specific to
this feature ahead of
time.
In hybrid
environments,
configure managed
mail replicas
Managed mail
replicas are
recommended to
provide Notes users
quick, local access to
their mail when
connected or
disconnected from
the service.
Assess network
capacity
“Network capacity
This step ensures
that your site has the for the Notes client”
on page 14
network capacity to
support the number
of Notes client users
that will connect to
the cloud.
Chapter 5. Onboarding users
109
Table 31. Tasks to prepare for the Notes client (continued)
Task
(Optional) Use a
custom mail file
template to
customize the mail
file design.
Why the task is
important
Additional
information
If you prepare a
custom mail file
template in advance,
you can apply the
custom template
during user
provisioning so that
users' first experience
with the cloud is
with the custom
design.
A short contract with
IBM Software
Services for
Collaboration is
required to test and
approve the template
design. For more
information on
requirements and
steps, see “Preparing
to use custom mail
file templates” on
page 61.
In hybrid
Be aware of policy
environments, review settings that the
policy settings
service enforces that
might be different
than your current
settings. Also,
optionally customize
settings.
110
(Optional) In hybrid
environments, if you
are not transferring
mail files, export
contacts, and
calendar entries that
have future dates.
After users move to
the cloud, they can
import the contacts
and calendar entries
into their new mail
files.
Exporting calendar
entries allows users
to save calendar
entries in local .ics
files. After users are
provisioned, they can
import the files into
their new mail files
in the service.
Contacts are
imported along with
the saved calendar
entries. For more
information, see the
topic about exporting
and importing
calendars in the
Notes client help.
(Optional) In hybrid
environments, if you
are not transferring
mail files, create mail
archives on-premises
before the move to
the cloud.
Mail archives
provide users with
access to old mail
content after the
move to the cloud.
Note: Users cannot
create local archives
of their on-premises
mail after the move
to the cloud.
You can use Domino
policies to archive
mail. For
information, see the
topic about
understanding mail
archiving and
policies in the IBM
Domino
documentation.
Alternatively, you
can use a third-party
archiving
application.
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Complete?
Table 31. Tasks to prepare for the Notes client (continued)
Task
(Optional) Install the
IBM Connections
Activity Plug-in
Why the task is
important
Additional
information
If your company
purchases a
collaboration
subscription, this
step provides access
to cloud Activities
from the Notes client
sidebar.
“Connecting to cloud
Activities through
the Notes client
sidebar” on page 113
Complete?
How the Client Configuration tool configures the Notes client
To set up the IBM Notes client for use with the service, users download and run
the Client Configuration tool (config.nsf) from their workstations. The tool
performs the following configuration checks and tasks on the client.
v Checks for the following information:
– The client is a version supported for IBM SmartCloud Notes access.
– The config.nsf file contains information needed to perform the configuration.
– The downloaded data is less than 24 hours old. If it is older than 24 hours, an
message informs users. They can continue to use the tool if they choose.
v Performs other small consistency tests, such as checking that the current
Location document can be located.
v Creates a wildcard Connection document that the client will use to connect to a
mail server in the service through the proxy server in the service. The server
name in the Connection is */your_certifier, where your_certifier is the name
of the OU certifier you provided for your mail servers during service
configuration.
v If the user is already using the Notes ID that they will use in the service, tests
connectivity to their new mail server on port 1352.
v If the tool needs to close the Notes client to force a download of the user ID file,
it attempts to find an Offline location:
– If an Offline location is found, the tool switches to it to prevent the client
from doing a final replication when it closes.
– If no Offline location is found, the tool creates an Offline location (named
Offline) for this purpose.
– If a location named Offline already exists, but is not suitable for configuration
purposes, a the tool creates a location named “Temporary location for cloud
mail setup - safe to delete”.
Note: If the tool closes the Notes client for reasons other than to download
the Notes ID an Offline location is not needed.
v Creates a Location document called SmartCloud for
username, or updates
it if it already exists and is incorrect.
v If the user has Connection documents (Contacts > Advanced view) that restrict
which locations can be used, and the list includes the current location, then the
tool updates those connections to allow the cloud location document. This is
necessary so that users can continue to access on-premises application servers
using the new cloud location.
Chapter 5. Onboarding users
111
v If the user has Account documents (Contacts > Advanced view) that restrict
which locations can be used, and one of the locations is the current location, the
tool updates the Account documents so that they can be used from the cloud
location.
v If the user is not yet using the Notes ID file they will use in the service, the tool
sets the Notes client to download the new ID the next time the user logs in to
the Notes client. This is done by assigning values to the following Notes.ini
settings:
– Location
–
–
–
–
–
–
KeyFileName
KeyFileName_Owner
MailServer
MailFile ID
VaultLastServer ID
VaultLastFlushTime
Note: The IDVault settings are cleared. Then when the user logs in to the
Notes client using the service Notes ID, they are prompted to change their
password (in most cases). When they do, the client immediately updates the
Notes ID in the Connections Cloud ID vault.
v Depending on the configuration tasks that have been completed at this time, the
tool might shut down the Notes client. If so, a message informs the user, and
provides instruction for what to do next (for example, restart Notes and enter
the password for your SmartCloud Notes ID, to download the ID file). Again
note that sometimes the shutdown is done for purposes other than downloading
an ID file.
Downloading Notes client software and other entitled software
You can easily access the IBM Software Download Center to download IBM Notes
and other software to which your company is entitled. Software entitlement is
governed by the service Terms of Use and applicable License documents.
About this task
You can access the site if you have the Administrator account role. You can use the
site to download software before or after user subscriptions are activated.
To access the Download Center, complete the following steps:
1. Log in to the service as an administrator.
2. Click Apps > Downloads and Setup.
3. In the Software Entitlements section, click View available software to get to
the Download Center.
112
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
4. In the Software Downloads page, type the partial or full name of the entitled
software in the Find by search text box. Then, click the search icon.
Search filter options are available to narrow product results by language and
operating system. For more information, see Technote 1674504.
Related information:
Technote 1674504
Connecting to cloud Activities through the Notes client sidebar
Users with collaboration subscriptions in addition to SmartCloud Notes
subscriptions are automatically logged in to the cloud Activities server through the
Activities sidebar.
About this task
The Activities sidebar must be installed on the client. To install the Activities
sidebar in Notes 8.5.2 or later 8.5x versions, select the IBM Connections Notes
installation option.
Chapter 5. Onboarding users
113
To install the sidebar in IBM Notes 9.0 Social Edition or later versions, install the
IBM Connections Plug-ins. For more information, see the wiki article Where is the
Activities Sidebar for Notes 9.0 Social Edition?
Activities integration is not supported for Notes 8.5.1.
Preparing for IMAP clients
If you plan to use IMAP clients, complete these tasks to prepare.
Before you begin
Read about IMAP clients.
About this task
Table 32. Tasks to prepare for IMAP clients
Task
Prepare for
onboarding.
Why this task is
important
Additional
information
Complete?
There are tasks to
“Preparing for
prepare that apply to onboarding” on page
all or most clients.
102
Verify that users have Using a supported
a supported IMAP
client is required
client installed.
because it provides
the best experience
for users.
IMAP client
requirements
Be aware of the
IMAP client
limitations.
This information can
help with
troubleshooting.
IMAP client
limitations
Open the firewall
ports that are
required for IMAP
access.
Ports 993 and 465
must be open to
allow connections to
the service via IMAP.
“Configuring the
firewall for outbound
connections” on page
17
Enable IMAP access IMAP access is not
in IBM SmartCloud
enabled by default.
NotesAdministration.
“Configuring IMAP
access” on page 98
Preparing to use BlackBerry devices
If you plan to use BlackBerry devices that are supported by a Hosted BlackBerry
Services subscription, complete these tasks to prepare.
Before you begin
Read about “BlackBerry devices with a Hosted BlackBerry Services subscription”
on page 8.
114
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
About this task
Table 33. Tasks to prepare for BlackBerry devices
Task
Why this task is
important
Additional
information
Complete?
Prepare for
onboarding.
There are tasks to
“Preparing for
prepare that apply to onboarding” on page
all or most clients.
102
Verify that this
subscription supports
the BlackBerry
devices that you
want to use.
The Hosted
BlackBerry Services
subscription does not
support BlackBerry
10.
An IBM SmartCloud
Notes for Hosted
BlackBerry Services
subscription enables
users to access the
service through
BlackBerry devices
that run operating
system versions 4.0
through 7.x. Users
who use BlackBerry
10 devices require
SmartCloud Traveler
for Notes
subscriptions instead.
For more information
about device
requirements for each
of these
subscriptions, see the
client requirements.
Plan for time that is
required to accept
and process the
Research in Motion
terms of use
agreement.
This step must be
complete before you
can provision users
and can take three to
four weeks.
After your company
purchases a Hosted
BlackBerry Services
subscription, you
must accept the
Research in Motion
terms of use
agreement. Then,
wait for an IBM
representative to
indicate that your
subscription setup is
complete.
Chapter 5. Onboarding users
115
Table 33. Tasks to prepare for BlackBerry devices (continued)
Why this task is
important
Additional
information
Ensure that devices
are set up to use an
Enterprise data plan.
An enterprise data
plan is required to
activate the
BlackBerry devices
for the service.
If users currently use
personal plans such
as BlackBerry
Internet Service, they
must convert to
enterprise data plans.
Allow time for users
to contact the phone
company to make the
change and to set up
the new plans on
their devices. Users
should know that
they can no longer
use personal accounts
in the cloud. When
users switch from
personal plans to
enterprise plans, you
are likely to see
increased costs that
are associated with
purchasing the new
plans and with data
usage.
Be aware of the
BlackBerry device
settings that are
enforced in the
service, such as
password
requirements.
These setting
requirements might
be different from
ones that are
currently
implemented at your
company.
If your current
policies are different
from the cloud
policies,
communicate this
change to users. For
more information, see
“Settings enforced for
BlackBerry
smartphones.”
Task
BlackBerry browser is You can notify users
not supported
if this behavior is
different from what
they are accustomed
to.
Complete?
Access to web
applications in your
corporate intranet or
on the Internet
through the device is
not supported.
Settings enforced for BlackBerry smartphones
This topic describes the settings that the service currently enforces for BlackBerry®
smartphones.
Table 34. Settings enforced for BlackBerry smartphones
Policy
Value
Allow users to send outbound messages
No
through services other than IBM SmartCloud
Notes
116
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Table 34. Settings enforced for BlackBerry smartphones (continued)
Policy
Value
The maximum size of a single native
attachment that can be downloaded to a
smartphone
10240 (KB)
The total size of all native attachments that
can be uploaded from a smartphone
5242880 (Bytes)
The maximum size of a single native
attachment that can be uploaded from a
smartphone
3145728 (Bytes)
Allow users to disable smartphone
passwords
No
Password pattern checks
At least 1 alphabetic character and 1
numeric character
Number of days after which a smartphone
password expires and the smartphone
prompts the user to set a new password
90
The number of minutes of inactivity allowed 30
before the smartphone is locked and the
user must provide a password to unlock it.
Minimum smartphone password length
8 characters
Smartphone password required
Yes
The number of previous passwords that are
prevented from being used as new
passwords
8
Reset smartphone to factory default settings
when smartphone is wiped
Yes
Allow users to place calls while the
smartphone is locked
Yes
Preparing communications and training
Prepare a communications and training plan to help your users, administrators,
and help desk personnel make the transition to the service.
About this task
Prepare to communicate to your users the benefits of the service, the changes to
expect, and the steps to take to make the transition. Ensure that your help desk
personnel are aware of the communications plan and are prepared to help users
follow instructions that are provided in it. For several client-specific sample
communications to use as a starting point, see the wiki article Preparing
communications about the transition to SmartCloud Notes.
Consider use of the following training resources to help users, help desk personnel,
and administrators become familiar with the clients and features available with the
service:
v Preparing training for IBM SmartCloud Notes wiki article
v Technote 7040248: Comparison tables of features between IBM Notes, IBM
iNotes & IBM SmartCloud Notes web
v IBM Multimedia Library for IBM Notes, affordable and proven resource for
Notes client training
Chapter 5. Onboarding users
117
v Getting started with SmartCloud Notes clients, getting started resources that are
provided through the wiki
Mail file quota
Currently a size limit (quota) of 25 GB is enforced on the mail files of users who
were provisioned before November 22, 2014; the mail file size limit of users who
are provisioned after this date is 50 GB. An exception is the mail files of
SmartCloud Notes Entry users, whose mail files have a 1 GB limit.
The sizes of the following mail file elements are factored into the quota calculation:
v design elements
v documents
v view index
v Domino Attachment and Object Store (DAOS) element
v white space
v attachments
Full-text index size is not a factor in the quota calculation.
Users do not receive warning notifications if they are approaching their mail quota.
However, web client users and Notes client users can see how close they are to
quota by clicking the quota status bar that is shown near their name in the mail
file.
When a user’s mail file quota is reached, the user cannot receive mail and the
sender of a message receives a delivery failure notification.
Some clients continue to allow mail to be sent when quota is reached, as described
in the following table. When a user with an over-quota mail file sends a message
that cannot be delivered, the user does not receive a delivery notification failure.
The service retries sending the delivery failure notification for about a day, and if
not successful, deletes the notification.
Table 35. Send mail behavior when quota is reached
Client
Sending mail without
saving a copy
Sending mail and saving a
copy
Notes
Mail is sent.
Mail is sent but not saved.
web client
Mail is sent.
Mail is not sent or saved.
Notes Traveler
Not supported.
Mail is not sent. Mail stays
in the Outbox and the client
tries to resend.
BlackBerry® smartphone
Mail is sent.
Mail is not sent. Mail stays
in the Sent folder and can be
resent later.
Mail file delegation
Using delegation preferences, users can allow other users to manage their mail,
calendar, contacts, and to do items. Depending on which client is used, there are
some differences in how delegation works with IBM SmartCloud Notes.
118
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Notes client
Delegation works in the following way for users who access their mail using the
IBM Notes client:
v To set up delegation, users set a Mail > Access & Delegation preference. Once
set, this preference applies to both the Notes client and the web client.
v In the Notes client, users can also delegate management of their Calendar,
Contacts, and To Do tasks.
v A delegate cannot assign other delegates to a mail file.
Web client
Delegation works in the following way for users who access mail using the web
client:
v To set up delegation, users set a Delegation user preference. Once set, this
preference applies to both the Notes client and the web client.
v In the web client, users can also delegate management of their Calendar,
Contacts, To Do tasks, and Notebook.
v A delegate cannot assign other delegates to a mail file.
Reassigning delegation after a user name change
If a delegate’s Notes user name changes, then the owner of the mail file must
reassign delegation to the new name. Doing so updates the mail file ACL (access
control list) with the new name, which allows the user access to the database.
Related tasks:
“Changing a user name” on page 145
When the name of a user changes, you edit the user account to change the name in
one or more fields that include the user name. After you change the name, a
multi-step process occurs. Many of the steps occur asynchronously, so there is no
set time by which the rename process completes, although renames generally
complete within one day.
Adding a SmartCloud Notes subscription to a user account
Perform the steps in this procedure to add a IBM SmartCloud Notes subscription
to a user account. Adding a subscription is also referred to as provisioning.
Before you begin
Prepare for onboarding.
About this task
If you want to add subscriptions for many users at once, you can instead use
provisioning change files and the Connections Cloud integration server.
Note: In the Account Login section described in this procedure, if you do not
provide a distinguished name when you create an account, a system-generated one
is created. It is recommended that you allow the system to create this name for
you. Doing so ensures that the formula is applied correctly. Note, however, that
when the system generates the distinguished name, it does not display in the
Distinguished Name field. The distinguished name for each user must be unique.
If the system-generated name is already in use, then you are prompted to create
Chapter 5. Onboarding users
119
one manually. To determine the text to add to the user's name to form the
Distinguished Name, complete the task Forming a distinguished name.
Procedure
Log on to the service as an administrator.
If your account also has the User role, click Admin > Manage Organization.
In the navigation pane, click User Accounts.
Perform one of the following steps:
v If the user already has an account, select the user name and click Edit User
Account.
v If the user does not have account yet, click Add User Account.
5. If this is a new account, complete the User Information fields. Otherwise,
continue to the next step.
1.
2.
3.
4.
Table 36. User Information
Field
Steps
Given
Type the users' given name, which is sometimes referred to
as the first name.
Surname
Type the user's surname, which is sometimes referred to as
the last name.
Language
Select a language. The language you select here must be the
same language as the user's mail file template.
Department
Optionally provide information such as a department name
or organizational code.
Role
Select one or more of the following roles:
v AppDeveloper -- Select this role to give developers
sufficient access to create extensions or add internal
applications.
v User -- This role is required for subscriptions.
v Administrator -- Select this role if the user will perform
administrative tasks. If you also want to the administrator
to have subscriptions, select the User role as well.
v Admin Assistant -- An admin assistant can reset logon
passwords for a user. If you also want to the admin
assistant to have subscriptions, select the User role as
well.
Important: You cannot assign both the Administrator and
the Admin Assistant role to a user.
v e-Discovery administrator -- If your company purchased
the IBM SmartCloud Archive Essentials subscription,
select this role to enable the user to perform e-Discovery
administrator tasks.
v e-Discovery user -- If your company purchased the IBM
SmartCloud Archive Essentials subscription, select this
role to enable the user to perform e-Discovery user tasks,
such as working with searches.
6. Click Next and in the Subscriptions page select IBM SmartCloud Notes as the
mail subscription. Select any other subscriptions that are available that you
want to assign to the user.
7. Click Next and complete the Account Login fields:
120
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Table 37. Account Login
Field
Steps
Notes email or Email
Complete the following steps to specify the user's Internet
mail address.
1. Determine the correct field to use:
v If the user account is new, enter the address in the
Email field. The value of this field is used as the user's
Internet mail address and as the web client login
identity.
v If the user account already existed, enter the address
in the Notes email field. In this case, the value of the
Notes email field is used for the user's Internet mail
address and the value of the Email field is used as the
web client login identity.
2. Enter the first part of the user's SmartCloud Notes
Internet email address, typically based on the user's
name. For example, for Samantha Daryn you might enter
sdaryn.
3. If your company uses more than one Internet domain,
select the domain in which the user resides, for example,
renovations.com.
Distinguished Name
Leave this field blank so the system generates a Notes
distinguished name. If the system-generated name is in use,
you see a prompt. In this case, you must provide a different
distinguished name manually, following the rules described
in the topic Forming a distinguished name.
Initial password for user
If this is a new user account, create and confirm a temporary
password. This is the password users will use when they log
on to the service with the web client for the first time.
Important: Make a note of this password to provide to the
user.
8. Click Finish.
What to do next
Check user provisioning status to determine when provisioning is complete or if
any provisioning errors occur.
Related tasks:
“Checking user provisioning status” on page 122
After you add IBM SmartCloud Notes subscriptions to user accounts, check the
provisioning status of the users.
Related information:
Integration server
Forming a distinguished name
A distinguished name is a unique name that is associated with a IBM Notes ID file.
It is used to authenticate a Notes client user, and is seen in Notes mail messages,
directories, in database ACLs, and in other groups used by the service. When you
create a new user account, the Add User form includes a Distinguished Name
field. In most instances you will not complete this field; you can leave it blank and
the system will generate a distinguished name for the account based on the user's
Chapter 5. Onboarding users
121
name and other information you provide. However, if you decide to create the
distinguished name yourself, or if the system-generated one is already in use, you
must use the correct formula to create it.
About this task
It is recommended that you allow the system to create a distinguished name for
you. Doing so ensures that the formula is applied correctly. However, the
distinguished name for each user must be unique. If the system attempts to
generate a name and finds that it is already in use, then you are prompted to
create one manually. In this scenario, the formula is provided for you, and you can
simply change the user name portion.
When the name of a user changes, you can update the information in the
Distinguished Name field. Again, you are prompted to create a different one if the
name you enter is already in use.
Note: System-generated distinguished names do not display in the Distinguished
Name field on the Add User or Edit User forms after they are created. Only names
you provide display in this field.
Use these steps to determine how to form the distinguished name.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. In the SmartCloud Notes Administration window, click Account Settings.
5. When the Account Setup window displays, look at the IBM Notes Names field.
This field identifies how your Notes names are formed:
Your IBM Notes Names are:
User Name/Renovations@Renovations
6. To form the distinguished name, begin with the common name, for example:
Samantha Daryn
Next add the forward slash (/). Now the example looks like this:
Samantha Daryn/
And finally, use the text after the slash but before the at sign (@) to complete
the formula. Here is the distinguished name, for this example:
Samantha Daryn/Renovations
Checking user provisioning status
After you add IBM SmartCloud Notes subscriptions to user accounts, check the
provisioning status of the users.
Before you begin
Complete the procedure “Adding a SmartCloud Notes subscription to a user
account” on page 119.
122
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. In the Provisioning section of the SmartCloud Notes Administration window,
click Provisioning Status.
5. Display the names of the users whose status you want to check. In the Search
box, type the beginning characters of any of the following user values:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on ma
include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
6. In the Status field, select one of the following options:
Option
Description
In Progress
Show all users in the search results who are
in the process of being provisioned. The
service is setting up mail files and doing
other steps to prepare user accounts. Users
that are shown in this view cannot use the
SmartCloud Notes service yet.
Note: It is possible for user accounts to be
in a Held state. This state can be seen only
in IBM Connections Cloud user accounts by
clicking Home and then User Accounts. The
Held state indicates that service is
performing routine checks. It does not
indicate that there is a problem. Do not
delete and then re-add the account.
Resolution often takes a few hours or less;
however, on some occasions it can take a
few days. If you are concerned that the Held
state is not changing, contact customer
support.
Chapter 5. Onboarding users
123
Option
Description
Done
Show all users in the search results who are
successfully provisioned. The service has
finished preparing the mail files and
accounts of these users, and the users can
use the service.
One of the following states is shown for
each user:
v Pending: This state indicates that a user
has not yet logged in to the SmartCloud
Notes service and accepted the terms of
use.
v Active: this state indicates that a user has
logged in to the service and accepted the
terms of use.
Error
Show all users in the search results who
cannot be provisioned because of an error. If
you see a user in this state, contact support
to help you resolve the error.
What to do next
When users are listed in the provisioning status page as Done and in the Pending
state, complete the following steps:
1. If you do not want users to use the default IBM Notes mail file template,
assign the users a mail file template.
2. If your company uses extension forms files and you do not want users to the
default forms file, assign users an extension forms file.
3. Help users get started with the service.
Related tasks:
“Changing user mail file templates” on page 139
You can change the mail file template assigned to a user. For example, change the
mail template if the IBM Notes client of a user is upgraded to a new version.
“Assigning extension forms files to users” on page 140
After an IBM representative uploads an approved extension forms file to the
service, you can assign the forms file to users. Extension forms file enable you to
customize the visual theme, fonts, the action bar, and other aspects of the web
client.
“Helping users get started”
After user provisioning is complete, help users get started with their mail in the
cloud.
Helping users get started
After user provisioning is complete, help users get started with their mail in the
cloud.
Before you begin
Check user provisioning status; users in the Pending state are ready to begin to
use the service.
124
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Providing account information to users
After you add a IBM SmartCloud Notes subscription to user account, provide the
user with the information that is required to log in to the service.
Before you begin
Complete the procedure “Checking user provisioning status” on page 122 and
verify that users are listed in the provisioning status page as Done and in the
Pending state.
About this task
Users must log in to the service from a browser within 30 days after being
assigned a SmartCloud Notes subscription. After logging in, users can begin to use
the web client immediately.
Users who want to use the IBM Notes client must download and run the
SmartCloud Notes client configuration tool to connect the client to the mail server
in the service. This tool is available within the service after logging in from a
browser. A version of the Notes client that is supported by the service must be
installed and set up. The Notes client is available for download from the IBM
Notes product page. A SmartCloud Notes subscription includes a license for the
client.
Note: If a user sees the error ID in vault has expired download time when
attempting to connect to the service for the first time from a Notes client, reset the
Notes ID password and instruct users to log in again with the new password.
Procedure
Provide the following information to each user:
v The login URL – http://www.ibmcloud.com/social.
v The web login name – The value of the Email field in the Account Login tab of
the user's Connections Cloud user account. To see user accounts, log in to the
service as an administrator, click Administration > Manage Organization, and
click User Accounts.
v The temporary password -- The first time users log on, they use a temporary
password that is created for them at the time their account is created. They are
asked to change this password the first time they log on.
Note: If users already use another Connections Cloud service, they use the
existing web login password.
Results
When users log in from the browser, they are presented with the Account Updates
form. They must click Submit to complete the user registration and activate their
account.
What to do next
Help users get started with the clients they will use in the cloud.
Related tasks:
Chapter 5. Onboarding users
125
“Getting started with the web client”
Complete the following tasks to help users get started with the web client.
“Getting started with the Notes Traveler devices” on page 127
Complete the following tasks to help users get started in the cloud with IBM Notes
Traveler devices.
“Getting started with the Notes client” on page 130
If the IBM Notes client is used with the service, complete the following tasks to
help users get started.
“Getting started with IMAP clients” on page 131
If IMAP clients are used, complete the following tasks to help users get started
with them.
Getting started with the web client
Complete the following tasks to help users get started with the web client.
Before you begin
Complete the procedures “Providing account information to users” on page 125
and “Preparing for the web client” on page 104.
About this task
Table 38. Getting started with the web client
Task
Why this task is
important
Additional
information
Point users to the
web client
documentation.
Users can refer to the SmartCloud Notes
web documentation
documentation as
they begin using the
client.
Prepare to
troubleshoot any
login problems.
If any user has
trouble logging in to
the service, you can
quickly resolve the
problem.
See Technote 1496881:
SmartCloud Notes
user cannot log on
(Optional) If instant
messaging is enabled
for your company,
make sure that users
also enable it in
client preferences.
Instant messaging
must be enabled in
client preferences and
in SmartCloud Notes
Administration.
To enable instant
messaging in the web
client, users click
More > Preferences
> Instant Messaging
and select Enable
instant messaging.
For information on
configuring instant
messaging in
SmartCloud Notes
Administration, see
“Configuring instant
messaging” on page
83.
126
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Complete?
Table 38. Getting started with the web client (continued)
Task
(Optional) In hybrid
environments, install
and configure the
IBM Notes Browser
Plug-in
Why this task is
important
Additional
information
The plug-in allows
web client users to
access Notes
applications on
on-premises Domino
servers.
v Notes Browser
Plug-in
requirements
Complete?
v Notes Browser
Plug-in
documentation for
the service
Getting started with the Notes Traveler devices
Complete the following tasks to help users get started in the cloud with IBM Notes
Traveler devices.
Before you begin
Complete the procedures “Providing account information to users” on page 125
and “Preparing for Notes Traveler devices” on page 106.
About this task
Table 39. Getting started with Notes Traveler devices
Why this task is
important
Additional
information
If you did not add
the Notes Traveler
add-on subscription
during user
provisioning, add it
now.
This subscription
must be added for
users to access their
mail in the cloud
through mobile
devices that are
supported by the
Notes Traveler
service.
“Adding a Notes
Traveler subscription
to a user account” on
page 128
Uninstall any
previous Notes
Traveler accounts
from devices.
This step prevents
devices from
attempting to
continue to get mail
from an on-premises
server.
Remove user
accounts from any
on-premises Notes
Traveler servers.
This step prevents
the on-premises
servers from
attempting to connect
to mail files in the
service to which they
no longer have
access.
“Removing user
accounts from
on-premises Notes
Traveler servers” on
page 129
Point users to the
Notes Traveler
documentation.
The documentation
describes how to get
started with each of
the supported
devices.
Notes Traveler
documentation
Task
Complete?
Chapter 5. Onboarding users
127
Table 39. Getting started with Notes Traveler devices (continued)
Why this task is
important
Additional
information
(Optional) On the
Apple iPhone,
recommend that
users enable the Ask
Before Deleting
setting.
This setting helps
prevent users from
deleting messages by
mistake.
On the phone, select
Settings > Mail,
Contacts, Calendars
> Ask Before
Deleting
Prepare to
troubleshoot.
You can quickly
resolve any
problems.
Refer to the
following section of
the Notes Traveler
documentation:
Troubleshooting,
known limitations,
and restrictions
Task
Complete?
Related tasks:
“Managing IBM Notes Traveler devices” on page 156
For each user with an IBM Notes Traveler subscription, you can view information
about the user's mobile device. You can also wipe the device to remove sensitive
data from it, for example, if the device is lost or stolen.
Adding a Notes Traveler subscription to a user account
To enable a user to connect to the service through a mobile device supported by
IBM Notes Traveler, add the subscription to the user’s account.
About this task
The following steps describe how to add a subscription to the account of a user
who already has a Notes Traveler subscription. You can also add the subscription
when you first add the user account. For information about adding user accounts,
see the topic Administering user accounts.
Procedure
1.
2.
3.
4.
Log on to the service as an administrator.
If your account also has the User role, click Admin > Manage Organization.
In the navigation pane, click User Accounts.
Click the arrow next to a user's name and select Edit User Account.
5. Click Next.
6. In the Subscription Add-ons section, select the Notes Traveler subscription.
7. Click Save.
What to do next
The user can now set up the mobile device to connect to the service. For
information, see theNotes Traveler documentation.
Related tasks:
Chapter 6, “Administering user accounts,” on page 137
Though IBM is responsible for the administration and maintenance of the mail
servers, there are tasks that you perform through an administration interface at
http://www.ibmcloud.com/social.
Related information:
128
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Notes Traveler
Removing user accounts from on-premises Notes Traveler
servers
After a user sets up a device to connect to the service, if you use a hybrid
environment, remove all accounts the user has on on-premises IBM Notes Traveler
servers.
About this task
To remove users’ on-premises Notes Traveler accounts, deny users access to the
on-premises Notes Traveler server as described in the topic "“Restricting access
using server document access fields”." Then delete the users from the Notes
Traveler server.
In addition, remove any previous on-premises Notes Traveler client software or
account from mobile devices.
Restricting access using server document access fields:
Deny service users access to on-premises IBM Notes Traveler servers.
Procedure
1. From the Domino Administrator client, select the IBM Notes Traveler Server
document.
2. Click Edit Server.
3. Click the IBM Notes Traveler tab.
4. Populate either the Access Server or Not Access Server field with the names of
users and groups.
Users defined as Domino 'Full Access Administrators' have access regardless of
how the Not Access Server or Access Server fields are configured. Users
denied access to Domino through the Domino Not Access Server or Access
Server fields under the Security tab of the server document cannot access Notes
Traveler.
Table 40. Server access fields
Field
Description
Access Server
Select the option users listed in all trusted
directories to allow access to Notes Traveler
only to people that have person documents
in either the primary directory of this server
or any secondary directories that trusted
credentials using Domino directory
assistance.
You can also select individual names of
users and groups to allow access to this
Notes Traveler server. A blank entry means
that all users can access Notes Traveler
except any who are listed in the Not Access
Server field.
Chapter 5. Onboarding users
129
Table 40. Server access fields (continued)
Field
Description
Not Access Server
Select the names of users and groups that
should be denied access to this Notes
Traveler server. A blank entry means that no
users are denied access.
Note: Entering names in the Access Server
field automatically denies access to those
names not listed.
5. Click Save & Close.
What to do next
Delete users from on-premises Notes Traveler servers.
Deleting a user from Notes Traveler servers:
Remove service users from all on-premises IBM Notes Traveler servers.
Procedure
1. Run the following command:
tell traveler delete * <username>
2. Run the following command:
tell traveler security delete * <username>
Note: If the user has already been deleted from the Domino directory, then the
full user name must be specified. For example:
tell traveler delete * "CN=John Doe/OU=Raleigh/O=IBM"
The previous two steps should completely remove the user, but you can verify
with these additional steps:
3. Open the Notes Traveler administration application and verify that there are no
entries for the user.
4. Open ntsclcache.nsf and verify that there are no entries for the user.
Getting started with the Notes client
If the IBM Notes client is used with the service, complete the following tasks to
help users get started.
Before you begin
Complete the procedures “Providing account information to users” on page 125
and “Preparing for Notes clients” on page 108.
130
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
About this task
Table 41. Getting started with the Notes client
Why this task is
important
Additional
information
Users require
instructions to
download and run
the client
configuration tool to
connect to a mail
server in the cloud.
For more
information, see the
Notes section of the
IBM SmartCloud
Notes user
documentation.
Prepare to
troubleshoot any
problems.
If a user has trouble
connecting the Notes
client to the cloud
mail server, you can
quickly resolve the
problem.
Technote: Could not
connect to server
when running IBM
SmartCloud Notes
liveConfig
application
(config.nsf)
(Optional) If users
exported contacts
and calendar entries
from their original
mail files, import the
entries into the new
mail files in the
cloud.
If mail files are not
transferred to the
service, this step
enables users to
preserve their
existing calendar and
contacts.
For more
information, see the
topic about exporting
and importing
calendars in the
Notes client help.
(Optional) Manually
configure the client
to connect to the
service instant
messaging
community.
One reason to do this
is if you want users
to be able to connect
to both an
on-premises
community and the
service community.
“Manually
configuring Notes
clients to connect to
the service instant
messaging
community” on page
87
Task
Point users to the
documentation.
Complete?
For complete
documentation on
using Notes, see the
help that comes with
the client.
Getting started with IMAP clients
If IMAP clients are used, complete the following tasks to help users get started
with them.
Before you begin
Complete the procedures “Adding a SmartCloud Notes subscription to a user
account” on page 119 and “Configuring IMAP access” on page 98.
Chapter 5. Onboarding users
131
About this task
Table 42. Getting started with IMAP clients
Why this task is
important
Additional
information
Point users to the
documentation.
The documentation
describes how to get
started with each
supported IMAP
client.
Enabling IMAP
access
Read the
documentation on
IMAP client
limitations.
This information can
be helpful with
troubleshooting.
IMAP client
limitations
Task
Complete?
Getting started with BlackBerry devices
If BlackBerry devices supported by a Hosted BlackBerry Services subscription are
used, complete the following tasks to begin using the devices with the service.
Before you begin
Complete the procedures “Providing account information to users” on page 125
and “Preparing to use BlackBerry devices” on page 114.
About this task
Note: If BlackBerry 10 devices are used, see “Getting started with the Notes
Traveler devices” on page 127, instead.
Accepting the Research In Motion terms of use
An authorized person from your company must accept the Research In Motion®
terms of use. This person receives an email notification with instructions that
include a link to the terms of use document.
About this task
After you accept the Research in Motion terms of use, you must wait to receive a
notification from an IBM Customer Service Representative indicating that your
company’s BlackBerry® subscription setup is complete. You must receive this
notification before you can add BlackBerry subscriptions to user accounts.
Related tasks:
“Preparing to use BlackBerry devices” on page 114
If you plan to use BlackBerry devices that are supported by a Hosted BlackBerry
Services subscription, complete these tasks to prepare.
Adding a BlackBerry subscription to a user account
To enable a user to connect to the service through a BlackBerry® smartphone, add
a SmartCloud Notes for Hosted BlackBerry® Services subscription to the user
account.
132
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Before you begin
Before you can add BlackBerry® subscriptions to user accounts, you must receive a
notification from an IBM Customer Service Representative that the subscription for
your company has been set up.
About this task
The following steps describe how to add the subscription to a user account that
has already been created with a SmartCloud Notes subscription. You can also add
the subscription at the same time you create the user account.
Procedure
1.
2.
3.
4.
Log on to the service as an administrator.
If your account also has the User role, click Admin > Manage Organization.
In the navigation pane, click User Accounts.
Click the arrow next to a user's name and select Edit User Account.
5. Click Next.
6. Under Subscription Add-ons, select SmartCloud Notes for Hosted BlackBerry
Services.
7. Click Next and then Finish.
Related tasks:
“Adding a SmartCloud Notes subscription to a user account” on page 119
Perform the steps in this procedure to add a IBM SmartCloud Notes subscription
to a user account. Adding a subscription is also referred to as provisioning.
Removing user accounts from an on-premises BlackBerry
Enterprise Server
If your company uses a hybrid environment and you have transferred user mail
files to the service, before you activate devices for the service, remove all accounts
users have from any on-premises BlackBerry® Enterprise Servers, and then wipe
the user devices. If you do not complete these steps, obsolete on-premises
information can be provided to the service. Completing these steps is also
important to prevent on-premises servers from consuming resources by repeatedly
attempting to access mail files in the service to which they no longer have access.
About this task
For information on removing accounts, see BlackBerry Knowledge Base document
KB04169.
Related information:
BlackBerry Knowledge Base document KB04169
Activating a user's BlackBerry smartphone
After you add a BlackBerry® subscription to a user account, the user's smartphone
must be activated to enable it to be used with the service.
Before you begin
The user's wireless carrier plan must be an Enterprise plan rather than a Personal
plan. A smartphone cannot be activated for the service when a Personal plan is
used.
Chapter 5. Onboarding users
133
Complete the procedures “Adding a BlackBerry subscription to a user account” on
page 132 and “Removing user accounts from an on-premises BlackBerry Enterprise
Server” on page 133.
About this task
To begin the activation process, a one-time activation password is created in the
service. You can create this activation password, or the user can create it.
After creation of the activation password, the user's smartphone is ready to be
activated. To activate the smartphone, the activation password and the user's
service Internet email address are entered on the smartphone using the Enterprise
Activation option.
The following steps are performed to activate a user's smartphone. You can
perform these steps, or the user can perform them as described in Using your
BlackBerry smartphone with SmartCloud Notes.
Procedure
1. If the smartphone has been used before, perform the following steps.
a. Back up any existing data. For instructions, see the BlackBerry Knowledge
Base article How to back up the data on a BlackBerry smartphone.
b. Wipe the smartphone. For instructions, see the BlackBerry Knowledge Base
article How to delete all data and applications from the BlackBerry
smartphone using the Wipe Handheld option.
2. To begin the activation process, perform the following steps to create an
activation password:
a. Log on to the service as an administrator.
b. If your account has the user role, click Admin > Manage Organization.
c. In the System Settings section of the navigation pane, click IBM
SmartCloud Notes.
d. Under User and Groups, click Users.
e. In the Search box, type the beginning characters of any of the following
user values to display the user's name:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on
ma include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
134
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
f. Click the user's name in the search results.
g. Click Manage BlackBerry Smartphone.
h. Click Activate Now, create a one-time activation password, and then click
Set Password.
Note: Alternatively, the user can create the activation password through the
service web site.
3. To activate the smartphone, refer to the following table and perform the steps
that are shown for the operating system (OS) version of the smartphone.
Activation can take from a few minutes to an hour, depending on the size of
the mail file. After performing these steps, look for the Activation Complete
message on the smartphone, which indicates that activation is successful.
OS version
Steps to activate
OS4, OS5
1. From the Home screen of the
smartphone, click Manage Connections
and then enable your Mobile
Connection.
2. From the Home screen of the
smartphone, click Options > Advanced
Options > Enterprise Activation.
3. Enter your SmartCloud Notes Internet
email address, for example
sdaryn@renovations.com.
4. Enter the activation password.
5. Click the track ball and select Activate.
Note: Leave the Activation Server Address
field blank, if you see it.
OS6, OS7
1. From the Main screen of the smartphone,
click Options > Device > Advanced
System Settings > Enterprise Activation.
2. Enter the SmartCloud Notes Internet
email address, for example
sdaryn@renovations.com.
3. Enter the activation password.
4. Click the Activate button.
4. If you backed up data before activating, restore the data now. For information,
see the BlackBerry Knowledge Base article How to use BlackBerry Desktop
Software to restore data to a BlackBerry smartphone from a backup file.
Related tasks:
“Providing documentation to your BlackBerry smartphone users” on page 136
BlackBerry® smartphone users with a hosted BlackBerry subscription can activate
and manage their smartphones themselves using options available through the
service website at http://www.ibmcloud.com/social. To help users perform these
tasks and to troubleshoot problems, point them to the user documentation.
Ensuring that mail encryption is available for BlackBerry
smartphone users
To encrypt and sign mail with a BlackBerry® smartphone, a user’s IBM Notes ID
file must be uploaded to the ID vault in the service.
Chapter 5. Onboarding users
135
About this task
If a user is unable to send and receive encrypted mail, the user’s ID file is not in
the ID vault. This situation can occur if the user waits more than five days to log
on to the service after being provisioned. To upload the ID file in this situation, use
SmartCloud Notes Administration to reset the Notes password. The smartphone
prompts the user to provide the new password and then to change the password.
After that point, the user no longer provides a Notes password. The user provides
only the smartphone password.
Related tasks:
“Resetting passwords for Notes IDs” on page 31
Reset the password on an IBM Notes ID file to change the current password.
Typically you do this because a user has forgotten the current password.
Providing documentation to your BlackBerry smartphone users
BlackBerry® smartphone users with a hosted BlackBerry subscription can activate
and manage their smartphones themselves using options available through the
service website at http://www.ibmcloud.com/social. To help users perform these
tasks and to troubleshoot problems, point them to the user documentation.
About this task
BlackBerry smartphone users can perform the following tasks themselves:
v Activate a smartphone
v Reactivate a smartphone to correct a problem
v Activate a different smartphone
v Wipe a smartphone
Instructions for performing these tasks can be found in the “Using your BlackBerry
smartphone with SmartCloud Notes ” section of the user documentation.
Note: For information on using a BlackBerry® 10 device, see the Notes Traveler
documentation for SmartCloud Notes.
Related information:
Using your BlackBerry smartphone with SmartCloud Notes
Notes Traveler documentation
136
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Chapter 6. Administering user accounts
Though IBM is responsible for the administration and maintenance of the mail
servers, there are tasks that you perform through an administration interface at
http://www.ibmcloud.com/social.
About this task
You must have the Administrator role assigned in a user account to perform most
administration tasks. An exception is resetting the service login password for a
user account, which can also be performed by someone with the Admin Assistant
role.
Viewing assigned mail file templates
You can view the mail file template that is assigned to a service user.
About this task
If only the template ID displays in the field, the template assigned to the user has
been removed from the template repository. Although the user's mail file is not
affected, you should assign a new template.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Users.
5. In the Search box, type the beginning characters of any of the following user
values to display the user's name:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on ma
include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
6. Click the user's name in the search results.
137
7. Look in the Mail Template field, which includes the following information:
v Name
v Version
v Language
v Template ID number
Related concepts:
“Language versions of the standard mail file template”
The mail file template supported in the service is the IBM Notes Standard 8.5
template (STDR85Mail). This topic lists the languages in which this template is
provided.
Related tasks:
“Configuring mail file templates” on page 63
Configure which mail file templates can be applied to user mail files and configure
a mail file template to use by default.
Language versions of the standard mail file template
The mail file template supported in the service is the IBM Notes Standard 8.5
template (STDR85Mail). This topic lists the languages in which this template is
provided.
v English (en)
v Arabic (ar)
v
v
v
v
v
Catalan (ca)
Czech (cs)
Danish (da)
German (de)
Greek (el)
v Finnish (fi)
v
v
v
v
v
v
v
v
French (fr)
Hebrew (he)
Hungarian (hu)
Italian (it)
Japanese (ja)
Korean (ko)
Dutch (nl)
Norwegian (no)
v Polish (pl)
v Portuguese (pt)
v
v
v
v
v
Portuguese, Brazil) (pt_BR)
Russian (ru)
Slovak (sk)
Slovenian (sl)
Swedish (sv)
v Thai (th)
v Turkish (tr)
v Chinese, China (zh_CN)
v Chinese, Taiwan (zh_TW)
138
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
v Spanish (es)
Changing user mail file templates
You can change the mail file template assigned to a user. For example, change the
mail template if the IBM Notes client of a user is upgraded to a new version.
Before you begin
Make sure that users are offline when you change their templates.
About this task
When you change a user's mail file template, custom folders in the mail file inherit
the design of the Inbox folder. Custom folders are user-created folders or
company-created folders from a custom template that is used in the service.
Note: If you change the languages of a user's IBM SmartCloud Notes subscription,
you then also need to change the language of the mail file template.
Procedure
1. Log on to http://www.ibmcloud.com/social using the email address and
password of a SmartCloud Notes user with the Administrator role.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Users.
5. In the Search box, type the beginning characters of any of the following user
values to display the user's name:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on
ma include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
6. Select the name of each user to change to a specific template. You can search
for and select more names; previously selected names remain selected.
7. Click Apply Mail Template.
8. Select the template to use.
9. Click Apply Mail Template.
Chapter 6. Administering user accounts
139
10. Click Confirm.
11. Click Continue.
Related information:
Integration server and user provisioning change files
Assigning extension forms files to users
After an IBM representative uploads an approved extension forms file to the
service, you can assign the forms file to users. Extension forms file enable you to
customize the visual theme, fonts, the action bar, and other aspects of the web
client.
About this task
You can assign extension forms files to users explicitly. You can also assign
extension forms files to users implicitly by setting a default extension forms file.
The following topics describe how to use IBM SmartCloud Notes Administration to
assign extension forms files. You can also use user provisioning change files and
the IBM Connections Cloud integration server. For more information, see the
integration server section of the Connections Cloud documentation.
Related tasks:
“Using extension forms files to customize the look of the web client” on page 64
You can use an extension forms file to customize the visual theme, fonts, the action
bar, and other aspects of the web client. For example, you can add graphics,
change colors, and add new menu items.
Related information:
IBM Connections Cloud documentation
Setting a default extension forms file
Optionally set a default extension forms file that applies to all current and future
web client users who are not explicitly assigned an extension forms file.
Before you begin
An IBM representative must upload the approved extension forms file to the
service.
About this task
If you do not specify a default extension forms file, users without an explicit
extension forms file see the default service behavior. The default service behavior is
similar to IBM iNotes 9.0.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Extension Forms Files.
5. Select the forms file and click Set as Default.
140
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Results
The change takes effect the next time web client users log in to the service.
In the list of files in the Extension Forms Files page, the text [default] is shown
after the file name. The file is also shown in the Defaults page, in the Default
Extension Forms File section.
To see whether a user uses the default forms file, from SmartCloud Notes
Administration, click Users and select the name of the user. If the user uses the
default extension forms file, the value of the Forms extension field is Default
(forms file), where forms file is the name of the default extension forms file.
You can disable a default extension forms file and revert to the default service
behavior. To do so, perform this procedure and in the last step select None in the
files list and click Set as Default. The extension forms file remains available and
you can re-enable it as the default at any time.
Explicitly assigning an extension forms file to many current
users
You can assign a forms file to all current users, to users who are explicitly assigned
a different extension forms file, or to users who are not explicitly assigned an
extension forms file who use the default behavior.
Before you begin
An IBM representative must upload the extension forms file to the service.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Extension Forms Files.
5. Select the extension forms file to assign and click Apply to Users.
Note: To remove an explicit forms file assignment and revert to the default
forms file or the default service behavior, select None [default].
6. Perform the steps in the following table that correspond to your objective.
Table 43. Steps to assign an extension forms file to many users
Objective
Steps
Assign to all users in the service.
Click Apply to > All users.
Note: An alternative approach is to set a
default extension forms file. A default file is
used by all current and future users who are
not assigned an extension forms file
explicitly.
Assign to all users who are not currently
assigned to the selected forms file.
1. Click Apply to > Users of a different
extension forms file.
2. Select the current extension forms file of
the users.
Chapter 6. Administering user accounts
141
Table 43. Steps to assign an extension forms file to many users (continued)
Objective
Steps
Assign to all users who are not explicitly
assigned an extension forms file.
1. Click Apply to > Users of a different
extension forms file.
2. Select None (default).
7. Click Apply.
Results
If you click Cancel or close the window before the changes are complete, the
change is cancelled only for users not yet processed.
The extension forms file changes take effect the next time the web client users log
in to the service.
If you click Users from SmartCloud Notes Administration and select the name of a
user, the Forms extension field shows the extension forms file.
Explicitly assigning an extension forms file to individual
current users
You can explicitly assign an extension forms file to individual current users. The
explicit assignment overrides the default behavior for your company.
Before you begin
An IBM representative must upload the extension forms file to the service.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Users.
5. Display the names of the users to whom you want to assign the forms file. In
the Search box, type the beginning characters of any of the following user
values:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on ma
include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
142
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
6. Select the names of the users from the search results.
7. Click Apply Extension Forms File.
8. Select the file and click Apply.
Results
If you click Cancel or close the window before the changes are complete, the
change is cancelled only for users not yet processed.
The extension forms file changes are visible the next time the user uses the web
client to log in to the service.
If you click Users from SmartCloud Notes Administration and click a user name to
see details about the user, the Forms extension field shows the extension forms
file.
To remove an explicit extension forms file assignment, repeat the procedure and in
the last step select None in the list of file names and click Apply. Users then use
the default extension forms file, if specified, or the default service behavior.
Resetting service login passwords
Users can reset their own service login passwords once within a 24 hour period by
clicking Forgot password?. An administrator or administrator assistant can reset
service login passwords for any user at any time.
About this task
Reset passwords when userd forget their passwords, or when the password might
be compromised. Users that log in by clicking Use My Organization's Login are
using a federated identity and can reset their passwords only by following their
company's process.
If administrators enable password synchronization, when users change their
service login passwords, they can also use the new passwords to log in to the IBM
Notes client.
Follow these steps to reset any user's password:
Procedure
1.
2.
3.
4.
Click Administration > Manage Organization.
Click User Accounts.
Select the arrow next to the user that needs the password changed.
Select Reset password and enter the new password. This password is a
temporary password that the user enters the next time that they log in. At that
time, the user is asked to create a password.
You can also reset the password by editing the user account. Click the
appropriate user name in User Accounts and enter a new password in the
Account Login tab.
Chapter 6. Administering user accounts
143
5. Notify the user of the password change. The user is not automatically notified
that the password was reset. Make sure to communicate this change to the user,
along with the new password if needed.
What to do next
Administrators can enable security settings to enforce password expiration through
System Settings > Security. When s user logs in with an expired password, the
user is prompted to reset that password.
Resetting passwords for Notes IDs
Reset the password on an IBM Notes ID file to change the current password.
Typically you do this because a user has forgotten the current password.
About this task
This procedure applies only to passwords associated with Notes ID files used with
Notes clients, and not to service login passwords.
Procedure
1. Log on to http://www.ibmcloud.com/social using the e-mail address and
password of a SmartCloud Notes user with the Administrator role.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Users.
5. In the Search box, type the beginning characters of any of the following user
values to display the user's name:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on ma
include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
6. Click the user's name in the search results.
7. Under Available actions for this user, click Reset IBM Notes Password.
8. Enter a new password, and then click Save Changes. The password must be at
least eight characters in length.
144
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
9. Provide the new password to the user in a way that complies with your
company security policies.
Results
After you complete this procedure, the user can log on to a SmartCloud Notes
server from an IBM Notes client using the new password. After logging on with
the new password, the user is prompted to change the password.
Note: If the Wrong Password prompt is displayed, tell the user to re-enter the new
password that you provided. If that step does not solve the problem, tell the user
to delete the local ID file and then re-enter the password.
The user has five days from the time you reset a password to use the password to
log on to a SmartCloud Notes mail server and download the new password to the
Notes client. If the 5-day limit is exceeded, the user sees the following message
and you must reset the password again:
Contact your company administrator to have your Notes ID password reset.
Related concepts:
“Notes IDs and passwords” on page 35
When users connect to their mail servers in the cloud with IBM Notes clients and
Notes IDs, they are authenticated using Notes Remote Procedure Call (NRPC)
authentication.
Related tasks:
“Resetting service login passwords” on page 30
Users can reset their own service login passwords once within a 24 hour period by
clicking Forgot password?. An administrator or administrator assistant can reset
service login passwords for any user at any time.
“Setting password expiration for Notes IDs” on page 32
For users who access the service with the IBM Notes client, you can specify when
Notes ID passwords expire. This password expiration does not apply to web users
because they log in using their web login password rather than a Notes ID
password.
“Enabling password synchronization” on page 33
When users change their service login passwords, password synchronization
enables the users to use the new passwords when they log in to the IBM Notes
client.
Changing a user name
When the name of a user changes, you edit the user account to change the name in
one or more fields that include the user name. After you change the name, a
multi-step process occurs. Many of the steps occur asynchronously, so there is no
set time by which the rename process completes, although renames generally
complete within one day.
Before you begin
Before you change the distinguished name, the name that is associated with a
Notes ID file and shown in Notes mail, understand how to form a distinguished
name. For more information, see Forming a distinguished name. For additional
information on changing user names, see the article What You Should Know Before
You Change a SmartCloud Notes User’s Name in the Connections Cloud wiki.
Chapter 6. Administering user accounts
145
About this task
If you change a user’s distinguished name, follow these guidelines to ensure a
successful rename operation:
v Do not do two successive renames, one right after another. Wait until the user
who is being renamed accesses the SmartCloud Notes service with their existing
name before you issue a subsequent rename.
v Do not change the distinguished name of a user who was just added to the
SmartCloud Notes service. Wait until after the user accesses the service before
you change the name.
v Be very careful when you enter the distinguished name.
v If a rename fails to complete, contact IBM SmartCloud Notes Support.
Tip: If the IBM Notes user name of a delegate changes, then the owner of the mail
file must reassign delegation to the new name. Reassigning delegation updates the
mail file access control list (ACL), allowing the delegate to access the database.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the navigation pane, click User Accounts.
4. Click the arrow next to a user's name and select Edit.
5. Change the name in any field.
Table 44. Fields that reflect the user name
Fields to Change
Description
Under User Information, the Given name
and Surname fields
When you change the name in one or both
of these fields, the account name changes.
This name is the one that applies to all
subscriptions enabled for the user.
Note: Users can change their account names
themselves by editing My Account Settings.
Under Account Login, the Distinguished
Name field
This name identifies users for authentication
in Notes and is used when users send Notes
mail. When you change the distinguished
name, the name is changed in directories, in
database ACLs, and in other groups that are
used by the service.
Only the common name portion of a
distinguished name changes. For example, in
the distinguished name sdaryn/renovations,
only sdaryn can be changed. Make sure that
you know how to form a distinguished
name.
Important: Before you save your changes,
make sure that you typed the new name
correctly. After you save your changes, do
not make any further corrections or changes
to the Distinguished Name field before the
name change process completes. See the
table that follows for information about the
timing of name changes.
146
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Table 44. Fields that reflect the user name (continued)
Fields to Change
Description
Under Account Login, the Email field, and
the Notes Email field, if shown.
Email is the account login identity. If there is
no Notes Email field, the login identity is
also the user’s Notes Internet mail address.
Notes Email is the user’s Notes Internet
mail address. This field is shown only if a
subscription other than SmartCloud Notes
was added first, and the SmartCloud Notes
subscription was added later.
6. Click Finish.
Results
Use the information in this table as a guideline for how long each name change
takes to complete.
Table 45. Rename Completion Time
Field
Rename Completion
Under User Information, the Given name
and Surname fields
The change occurs immediately, and the new
name displays the next time that the user
logs in.
Under Account Login, the Distinguished
Name field
This name change usually completes in
about a day. However, because renaming is
a multi-step sequential process, a delay in
any step can cause the rename to take
longer. While the name is being changed, the
current user name remains valid. After the
name change completes, the updated name
displays the next time that the user logs in
from the Notes client.
Tip: You can tell if this change is complete
by checking the name in the Users list in
SmartCloud Notes Administration.
Under Account Login, the Email field, and
the Notes Email field, if shown.
The change occurs immediately, and the user
is informed of the change the next time the
user logs in.
Related information:
Integration server
Removing a SmartCloud Notes subscription from a user account
When you remove a SmartCloud Notes subscription from a user's account, the
subscription is available for another user. The account identity still exists, unless
you delete the user account, and is still active, unless you suspend the user. The
user can still log in to the cloud service, but the user no longer has access to
SmartCloud Notes.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
Chapter 6. Administering user accounts
147
In the navigation pane, click User Accounts.
Click the name of the user to edit the user account settings.
Click Next to select the Subscriptions tab.
Perform one of the following steps:
v If the user has more than one subscription, select Customize the
subscriptions for this user and in the Mail field select None selected.
v If the user has only a SmartCloud Notes subscription, select None.
7. Click Next and then Finish.
3.
4.
5.
6.
8. The Edit User Summary window indicates that subscription removal is in
progress. When you click Back to User Accounts, SmartCloud Notes is
removed from the Subscription column for the user.
Results
v The subscription is no longer assigned and is available for another user.
v The mail file becomes inactive. The owner, or a user who has delegation access,
cannot open it. Mail is no longer delivered to the mail file.
v If you remove the subscription within seven days of creating it, all user data is
removed from the mail server in the service. User data includes the mail file and
Notes ID (if the IBM Notes client was used to access mail in the service).
v If you remove a subscription that existed longer than seven days, user data
(including the mail file and vaulted Notes ID) remains on the servers in the
service for 30 days. To see whether a user's data is still in the service, from
SmartCloud Notes Administration, click Users and then Deleted Users. If the
user's name is listed, the data is still in the service. You can force the data to be
deleted by clicking Delete Data.
What to do next
If you want to add the subscription to the user account once again, be aware of the
following considerations:
v If you removed the user's SmartCloud Notes subscription and the user name is
shown in the Users > Deleted Users page of SmartCloud Notes Administration,
the user data is still in the service. In this case, when you add back the
subscription, the user regains access to the mail file and the name is removed
from the Deleted Users page.
v If you removed the user's SmartCloud Notes subscription and the user name is
not shown in the Users > Deleted Users page, the user data has been removed
from the service. In this case, when you add back the subscription, the user does
not have access to the previous version of the mail file. The user will get a new
mail file and a new Notes ID.
Related tasks:
“Deleting a user account” on page 149
When you delete a user's account, the user no longer has access to any cloud
services. If you change your mind about the deletion, you have up to 30 days to
restore the account to full functionality.
“Suspending a user account” on page 149
You can suspend a user account. When an account is suspended, the user cannot
log in to the service. If the user is logged in at the time the account is suspended,
the user can continue working, but cannot log in again after logging out. No
subscriptions are available to the user, but they remain assigned to the user. Also,
the user identity and user data remain on servers in the service.
Related information:
148
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Integration server
Suspending a user account
You can suspend a user account. When an account is suspended, the user cannot
log in to the service. If the user is logged in at the time the account is suspended,
the user can continue working, but cannot log in again after logging out. No
subscriptions are available to the user, but they remain assigned to the user. Also,
the user identity and user data remain on servers in the service.
About this task
Use these steps to suspend a user account, which affects all subscriptions assigned
to a user.
If a user has other subscriptions that you want to remain available to the user, a
Customer Service Representative can suspend a subscription, rather than
suspending an entire account. In that case, the user can log in to the service and
there is no interruption to other subscriptions.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the navigation pane, click User Accounts.
4. Click the arrow next to a user name and then click Suspend.
Results
The following results occur when a user account is suspended:
v Subscriptions remain assigned, and cannot be assigned to other users.
v The user cannot log in and is not listed in the company directory.
v The mailbox becomes inactive and the owner cannot open it. However, someone
who has delegation access to the mail file can open it.
v Mail is not delivered to the mailbox.
v You can reset the user account password.
Note: To return a suspended account to active status, edit the user account using
the previous steps, and in Step 4, click Unsuspend Account. When the account is
returned to active status, the mail file is once again available to the user.
Related information:
Integration server
Deleting a user account
When you delete a user's account, the user no longer has access to any cloud
services. If you change your mind about the deletion, you have up to 30 days to
restore the account to full functionality.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
Chapter 6. Administering user accounts
149
3. In the navigation pane, click User Accounts.
4. Click the arrow next to a user name and then select Delete User.
5. Optional: Enter the email address of a user in your organization to whom you
want to transfer the deleted user's collaboration resources, such as files.
Note: You cannot transfer ownership of the mail file.
6. Click Trash.
Results
The user whose account is deleted can no longer log in to the service. If the user is
logged in at the time of account deletion, he or she can continue to use the service
until the session expires.
Up to 30 days from the initial account deletion, the following conditions exist:
v The user account has the status Trash in the User Accounts page.
v The mail file is inactive and cannot be opened by the owner, or by another user
who has delegation access to the mail file. Mail is not delivered to the mail file.
v The subscriptions associated with the deleted account cannot yet be assigned to
other users.
v The user data remains in the service. If you deleted the account by mistake, you
can restore the account to full functionality, including mail.
v You can permanently delete the account to remove the user data and free the
subscriptions to be assigned to other users.
31 to 90 days from the initial account deletion, the following conditions exist if you
did not permanently delete the account:
v The account is no longer visible and you cannot restore it or permanently delete
it.
v An IBM customer service representative can restore the account.
v The subscriptions associated with the deleted account cannot yet be assigned to
other users.
After 90 days from the initial account deletion, the account is permanently deleted
and the following conditions exist:
v The account subscriptions can be assigned to other users.
v The user data for collaboration subscriptions is permanently deleted.
v The SmartCloud Notes user data, such as the mail file, remains for 30 more
days. You can permanently delete this data yourself, if you do not want to wait
the 30 days. An exception is if the initial account deletion occurred within seven
days of adding the SmartCloud Notes subscription. In this case, SmartCloud
Notes data such as the mail file is permanently deleted along with other cloud
data after 90 days.
Note: While the SmartCloud Notes data remains, you cannot create a user
account with the same common name and email address as that of the deleted
account.
After 120 days from the initial account deletion, SmartCloud Notes user data is
permanently deleted, if it was not deleted previously.
Related tasks:
150
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
“Restoring a deleted user account”
After you delete a user account, you have up to 30 days to restore it if you change
your mind. Restoring the account returns it to full functionality, including full mail
file access.
“Permanently deleting a user account”
After you delete an account, it remains inactive in the service, and you have 30
days to restore it. If you are sure that you will not need to restore the account, you
can permanently delete it within 30 days of the initial account deletion.
Permanently deleting an account frees its subscriptions for other users.
“Removing the SmartCloud Notes data for a deleted user account or subscription”
on page 153
After a user account is permanently deleted or an IBM SmartCloud Notes
subscription is removed from a user account, the SmartCloud Notes data such as
the mail file remains for 30 days. Use this procedure to force the deletion of the
user data from the service, if you do not want to wait the 30 days.
Related information:
Integration server
Restoring a deleted user account
After you delete a user account, you have up to 30 days to restore it if you change
your mind. Restoring the account returns it to full functionality, including full mail
file access.
About this task
An IBM customer service representative can restore a user account up to 90 days
after the account deletion.
Procedure
Log on to the service as an administrator.
If your account also has the User role, click Admin > Manage Organization.
In the navigation pane, click User Accounts.
Select Status in the drop-down box and then select Trash to show the deleted
user accounts that can be restored.
5. Click the arrow next to the user name and select Restore User.
6. In the window that is shown, click Restore.
Related tasks:
“Deleting a user account” on page 149
When you delete a user's account, the user no longer has access to any cloud
services. If you change your mind about the deletion, you have up to 30 days to
restore the account to full functionality.
1.
2.
3.
4.
Permanently deleting a user account
After you delete an account, it remains inactive in the service, and you have 30
days to restore it. If you are sure that you will not need to restore the account, you
can permanently delete it within 30 days of the initial account deletion.
Permanently deleting an account frees its subscriptions for other users.
Chapter 6. Administering user accounts
151
About this task
You cannot restore an account after you permanently delete it. If there is a chance
you might need to restore the account, do not complete this procedure.
A user account is permanently deleted automatically 90 days after the initial
account deletion.
Procedure
1.
2.
3.
4.
5.
Log on to the service as an administrator.
If your account also has the User role, click Admin > Manage Organization.
In the navigation pane, click User Accounts.
Select Status in the drop-down box and then select Trash.
Click the arrow next to the user name and then select Delete User.
6. Optional: Enter the email address of a user in your organization to whom you
want to transfer the deleted user's collaboration resources, such as files.
Note: You cannot transfer ownership of the mail file.
7. Click Delete.
Results
v The account cannot be restored.
v The subscriptions associated with the account are free to be assigned to other
users.
v In a service-only environment, if the initial account deletion occurred within
seven days of adding an IBM SmartCloud Notes subscription, all SmartCloud
Notes user data such as the mail file is permanently deleted immediately.
Otherwise, the SmartCloud Notes data remains for 30 more days and is
automatically deleted after that period. You can delete this data before then
yourself. While this data remains, you cannot create a user account with the
same common name and email address as that of the deleted account.
What to do next
If you want to permanently delete the SmartCloud Notes data immediately,
complete the procedure “Removing the SmartCloud Notes data for a deleted user
account or subscription” on page 153.
Related tasks:
“Deleting a user account” on page 149
When you delete a user's account, the user no longer has access to any cloud
services. If you change your mind about the deletion, you have up to 30 days to
restore the account to full functionality.
“Restoring a deleted user account” on page 151
After you delete a user account, you have up to 30 days to restore it if you change
your mind. Restoring the account returns it to full functionality, including full mail
file access.
152
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Removing the SmartCloud Notes data for a deleted user account or
subscription
After a user account is permanently deleted or an IBM SmartCloud Notes
subscription is removed from a user account, the SmartCloud Notes data such as
the mail file remains for 30 days. Use this procedure to force the deletion of the
user data from the service, if you do not want to wait the 30 days.
About this task
In most situations, there is no need to force the deletion of the SmartCloud Notes
data. However, if an account is permanently deleted and you want to create a new
account that uses the same email address and common name, the SmartCloud
Notes data must first be deleted.
Note: If the initial account deletion occurred within seven days from the time that
you added the SmartCloud Notes subscription, the SmartCloud Notes data is
removed immediately after the account is permanently deleted and this procedure
is unnecessary.
You can delete the data of a user whose SmartCloud Notes subscription was
removed but who still has a user account. However, do so with caution; if you
later add back the subscription, the user starts with a new mail file and Notes ID
in the service.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. In SmartCloud Notes Administration, under Users and Groups, click Users.
5. In the navigation pane, click Deleted Users.
6. Optional: To search for a name if many users are listed, type the beginning
characters of any of the following user values:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on ma
include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
Chapter 6. Administering user accounts
153
7. Click Delete Data next to the name of the user whose data you want to
remove, and then confirm the deletion.
Results
The user data is removed from the service and the user name is removed from the
Deleted Users page.
Related tasks:
“Deleting a user account” on page 149
When you delete a user's account, the user no longer has access to any cloud
services. If you change your mind about the deletion, you have up to 30 days to
restore the account to full functionality.
“Permanently deleting a user account” on page 151
After you delete an account, it remains inactive in the service, and you have 30
days to restore it. If you are sure that you will not need to restore the account, you
can permanently delete it within 30 days of the initial account deletion.
Permanently deleting an account frees its subscriptions for other users.
“Removing a SmartCloud Notes subscription from a user account” on page 147
When you remove a SmartCloud Notes subscription from a user's account, the
subscription is available for another user. The account identity still exists, unless
you delete the user account, and is still active, unless you suspend the user. The
user can still log in to the cloud service, but the user no longer has access to
SmartCloud Notes.
Managing groups
You can create and manage groups that can be used when addressing email and
scheduling meetings. For example, you might create a group when users
frequently send mail to the same set of people. The groups that you create are
available from your company's directory in the service.
About this task
The size of a group is limited. Depending on the number of characters in the
names of group members, the group size varies from approximately 800 to 1200
names. If you get a message that your group contains too many members, you can
create multiple, smaller groups, and make each of them a member of a group.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. From SmartCloud Notes Administration, click Groups.
5. Perform any of the following group management tasks. When you have
finished creating or editing a group, click Save.
Table 46. Group management tasks
154
Task
Steps
Add a group
Click Add Group.
Include an Internet
address for the group
Specify the group's Internet address. This address enables you to
use the group when sending email to other companies.
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Table 46. Group management tasks (continued)
Task
Steps
Edit a group
Click the name of the group to select it. When the group
displays, click Edit.
Add group members
1. From a new or existing group in edit mode, click Add.
2. Do one of the following:
v In the window that displays, select one or more members
from the list or enter a name that is not on the list using
one of these formats:
john@renovations.com
"John Doe" <john@renovations.com>
v Click Select All to add everyone on the list to your group.
3. Click Add to add the names to the Select Names area, and
then click OK.
Tip: Use Starts With to skip to the letter of the alphabet that the
name begins with.
Remove group
members
Select the name of a group member or click Select All, and then
click Remove Selected.
Remove a group
Select the name of one or more groups, and then click Delete
Selected Groups.
Viewing subscriptions
You can view the subscriptions assigned to existing users, or view the
subscriptions that are available to assign to new service users. In addition to the
mail service, other subscriptions can include collaboration services. Third-party
integrated applications may also display if your organization has enabled them.
About this task
Use these steps to view the available subscriptions, and find out how many user
accounts are available for each subscription.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the navigation pane, click Subscriptions.
Viewing assigned subscriptions
About this task
To view the subscriptions that are assigned to an existing user, perform the
following steps.
Procedure
1.
2.
3.
4.
Log on to the service as an administrator.
If your account also has the User role, click Admin > Manage Organization.
In the navigation pane, click User Accounts.
Locate the user name. The assigned subscriptions are listed in the Subscription
column.
Chapter 6. Administering user accounts
155
Managing IBM Notes Traveler devices
For each user with an IBM Notes Traveler subscription, you can view information
about the user's mobile device. You can also wipe the device to remove sensitive
data from it, for example, if the device is lost or stolen.
About this task
Note the following information about wiping a device:
v After you issue a wipe request, the device cannot be used with the service again
unless you cancel a pending wipe or reactivate the device.
v If you remove a user's IBM Notes Traveler subscription, the device information
is no longer available in the service and you cannot perform this procedure. In
this case, the user can request a device reset through the mobile carrier.
v If you cancel a pending wipe, the data is not wiped from the device.
v Wipe options are shown only for devices that support them.
v If a wipe is done outside the IBM Notes Traveler service, for example, if a user
resets a device, the status is not shown.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Click Users in SmartCloud Notes Administration.
5. In the Search box, type the beginning characters of any of the following user
values to display the user's name:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on ma
include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
6. Click the user's name in the search results.
7. Click Manage IBM Notes Traveler Devices to see information about the user's
device such as the name, the time it was last synchronized, and the status of a
wipe request.
If you do not see this option, the selected user does not have a IBM Notes
Traveler subscription.
156
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
8. To remove data from the device, click one of the following options:
Option
Description
Wipe Device
Select this option to remove the IBM Notes
Traveler application and all personal data
and settings from the device. After device
confirmation, the device is reset to the
factory default settings. This option affects
all users of the device.
Wipe Traveler Data
Select this option to remove only the IBM
Notes Traveler application and its data, but
leave personal data on the device. This
option affects only the selected user.
9. If you issue a wipe request, the following options are available:
Option
Description
Refresh Device List
Shows the status of a wipe request.
Cancel Wipe
Cancels a wipe request that shows the status
Wipe pending.
Reactivate
Reactivates a device in the service after a
wipe request is complete or fails with an
error.
Results
The following table describes the messages that you might see in the Wipe status
field after you issue a wipe request and click Refresh Device List.
Table 47. Wipe status messages
Wipe status message
Description
Wipe pending
Wipe Device or Wipe Traveler Data was
selected. The request will be processed when
the device is turned on.
Deactivated
The device was wiped successfully and is no
longer connected to IBM Notes Traveler. If
Wipe Traveler Data was selected, Wipe
Device can still be selected.
Hard reset failed
Wipe Device was selected but the device
cannot be reset to factory default settings.
This error usually indicates that the device is
an older model that does not support hard
resets.
Hard reset confirmed
Wipe Device was selected and the device
confirmed the request.
Application wipe failed
A Wipe Traveler Data request failed. This
error can occur for older device models.
Application wipe confirmed
Wipe Traveler Data was selected and the
device confirmed the request.
Not requested
No wipe has been requested.
Related tasks:
Chapter 6. Administering user accounts
157
“Enabling application passwords” on page 43
Application passwords can be used to provide a secure login for applications that
do not support forms-based authentication. For example, they can be used to
access applications that require passwords on a mobile device or for organizations
that use federated identity and service login passwords are not used. When you
enable application passwords, you also have the option of requiring the use of
application passwords, and of allowing mobile users to bypass IP restrictions.
“Preparing for Notes Traveler devices” on page 106
Before enabling users to use IBM Notes Traveler mobile devices with the service,
prepare your environment and the devices.
Managing BlackBerry smartphones
After activating a user’s BlackBerry® smartphone, perform any of the following
tasks to manage it.
Related concepts:
“Settings enforced for BlackBerry smartphones” on page 116
This topic describes the settings that the service currently enforces for BlackBerry®
smartphones.
Related tasks:
“Getting started with BlackBerry devices” on page 132
If BlackBerry devices supported by a Hosted BlackBerry Services subscription are
used, complete the following tasks to begin using the devices with the service.
Reactivating a user's BlackBerry smartphone
If a user experiences a problem using a BlackBerry® smartphone, activating it again
often resolves the problem. Before activating again, back up the smartphone and
then wipe it. Wiping removes all data and prevents duplicate Contacts and
Calendar entries from occurring when you activate it again.
About this task
Alternatively, the user can reactivate the BlackBerry.
Procedure
1. Back up the smartphone. For instructions, see the BlackBerry Knowledge Base
article How to back up the data on a BlackBerry smartphone.
2. Log on to the service as an administrator.
3. If your account also has the User role, click Admin > Manage Organization.
4. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
5. Under User and Groups, click Users.
6. In the Search box, type the beginning characters of any of the following user
values to display the user's name:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on
ma include the names of users with the following values in the directory:
158
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
7. Click the user's name in the search results.
8. Click Manage BlackBerry Smartphone.
9. Perform the following steps to wipe the smartphone:
a. Click Wipe
b. Click Wipe again to confirm.
10. To begin the activation process, perform the following steps to create an
activation password:
a. Click Reactivate or Activate Now, depending on the option that is
displayed
b. Create a one-time activation password and then click Set Password.
Remember the password because you or the user enter it on the
smartphone in the next step. If you do forget it, you can simply repeat this
step to set a new one.
11. To activate the smartphone, refer to the following table and perform the steps
that are shown for the operating system (OS) version of the smartphone.
Activation can take from a few minutes to an hour, depending on the size of
the mail file. After performing these steps, look for the Activation Complete
message on the smartphone, which indicates that activation is successful.
OS version
Steps to activate
OS4, OS5
1. From the Home screen of the
smartphone, click Manage Connections
and then enable your Mobile
Connection.
2. From the Home screen of the
smartphone, click Options > Advanced
Options > Enterprise Activation.
3. Enter your SmartCloud Notes Internet
email address, for example
sdaryn@renovations.com.
4. Enter the activation password.
5. Click the track ball and select Activate.
Note: Leave the Activation Server Address
field blank, if you see it.
OS6, OS7
1. From the Main screen of the smartphone,
click Options > Device > Advanced
System Settings > Enterprise Activation.
2. Enter the SmartCloud Notes Internet
email address, for example
sdaryn@renovations.com.
3. Enter the activation password.
4. Click the Activate button.
Chapter 6. Administering user accounts
159
12. If you backed up data before activating, restore the data now. For information,
see the BlackBerry Knowledge Base article How to use BlackBerry Desktop
Software to restore data to a BlackBerry smartphone from a backup file.
Wiping a user's BlackBerry smartphone if it is lost or stolen
If a user's BlackBerry® smartphone is lost or stolen, wipe it to remove all data and
deactivate it.
About this task
Wiping a smartphone removes all data from it and deactivates it. If the
smartphone is off, it is wiped the next time it is turned on. Alternatively, users can
wipe their smartphones themselves.
For information on wiping a smartphone as part of reactivating it to correct a
problem, see “Reactivating a user's BlackBerry smartphone”.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Under User and Groups, click Users.
5. In the Search box, type the beginning characters of any of the following user
values to display the user's name:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on ma
include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
6. Click the user's name in the search results.
7. Click Manage BlackBerry Smartphone.
8. Click Wipe
9. Click Wipe again to confirm.
160
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Setting a device password on a user's BlackBerry smartphone
A device password helps to prevent unauthorized access to a user's BlackBerry®
smartphone. Use this procedure to set an initial device password on a user's
smartphone or to set a new device password if a user has forgotten the current
one.
About this task
The device password is a different password than the one-time activation
password used to activate the smartphone.
Procedure
1. Log on to the service as an administrator.
2. If your account also has the User role, click Admin > Manage Organization.
3. In the System Settings section of the navigation pane, click IBM SmartCloud
Notes.
4. Under User and Groups, click Users.
5. In the Search box, type the beginning characters of any of the following user
values to display the user's name:
v Distinguished name, for example, Samantha Daryn/Renovations.
v Internet email address, for example, sdaryn@renovations.
v Last name, for example, Daryn.
Note: You cannot use the wildcard character (*) when you search.
A “starts with” search is done and the names of any users with matching
values in the directory are displayed. For example, the results of a search on ma
include the names of users with the following values in the directory:
v Madison Armond/Renovations
v masmith@renovations
v Kristin MacGyver
This search does not match the following values:
v Emarie Klein/Renovations
v tamado@renovations
v Ted Amado
Search results can include a maximum of 1000 names.
6. Click the user's name in the search results.
7. Click Manage BlackBerry Smartphone.
8. Click Set Device Password.
9. Enter a password and then click Set Password. The password must be at least
eight characters, including at least one numeric character and at least one
alphabetic character.
Results
A message indicating that you have changed the password is displayed on the
smartphone.
Chapter 6. Administering user accounts
161
What to do next
Provide the password to the user.
Related concepts:
“Settings enforced for BlackBerry smartphones” on page 116
This topic describes the settings that the service currently enforces for BlackBerry®
smartphones.
Removing a BlackBerry subscription from a user account
You can remove a BlackBerry® subscription from a user account.
Procedure
1.
2.
3.
4.
Log on to the service as an administrator.
If your account also has the User role, click Admin > Manage Organization.
In the navigation pane, click User Accounts.
Click the arrow next to a user's name, select Edit User Account, and click Next.
5. In the Subscription Add-ons section, clear SmartCloud Notes for Hosted
BlackBerry Services.
6. Click Next and Finish.
Results
The user can no longer use a BlackBerry smartphone with SmartCloud Notes.
Frequently asked questions about BlackBerry smartphone
administration
Table 48. Frequently asked questions about BlackBerry® smartphone administration
Question
Answer
How do I know if a user has a BlackBerry
smartphone subscription?
1. From SmartCloud Notes Administration,
click Users.
2. Search for the user's name and then
select it.
3. Do either of the following steps:
v Select Show BlackBerry only to show
only users with BlackBerry
smartphone subscriptions and see if
the user's name is listed.
v Click the user's name and see if the
value of the BES subscription field
has been set to Enabled.
How do I know if a user's smartphone is
activated?
1. From SmartCloud Notes Administration,
click Users.
2. Search for the user's name and then
select it.
3. Click Manage BlackBerry Smartphone.
4. If the user's smartphone is not activated,
a message is displayed indicating that it
needs to be activated.
162
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Table 48. Frequently asked questions about BlackBerry® smartphone
administration (continued)
Question
Answer
What do I do if BlackBerry activations fails?
Perform these steps:
1. If the BlackBerry smartphone is an OS5
or earlier version, from the Home screen
click Manage Connections and then
enable your Mobile Connection.
2. Make sure that the user has an
Enterprise plan with the wireless carrier
rather than a Personal plan. If there is
no Enterprise Activation option on the
smartphone, the user has a Personal
plan and needs to change to an
Enterprise Plan. After changing to the
Enterprise Plan, reactivate the
BlackBerry.
3. Reactivate the BlackBerry smartphone.
If I set an activation password, can a user
override it?
Yes, the activation password is the last one
set by either the administrator or the user.
What do I do if there are duplicate Calendar
or Contact entries on a smartphone?
Wipe the smartphone and then reactivate it.
How do I tell which operating system (OS)
version a BlackBerry smartphone uses?
See the BlackBerry Knowledge Base article
How to check the model number and
version of installed BlackBerry device
software on a BlackBerry smartphone.
How can I display a user's BlackBerry
smartphone device model and other device
information?
1. From SmartCloud Notes Administration,
click Users.
2. Search for the user's name and then
select it.
3. Click Manage BlackBerry Smartphone.
Chapter 6. Administering user accounts
163
164
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Chapter 7. Troubleshooting the service
Use the following tools and resources to help you troubleshoot a problem with the
service.
Finding troubleshooting tips in the Support Portal
If you need additional troubleshooting information, go to the IBM SmartCloud
Notes Support Portal. There you can find troubleshooting information authored by
IBM specifically for SmartCloud Notes..
Related information:
SmartCloud Notes Support Portal
Contacting Support
If you are unable to resolve a problem, contact Support.
About this task
For information, go to http://www.ibmcloud.com/social and select Support >
Technical Support.
165
166
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Chapter 8. Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user's responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not grant you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan Ltd.
19-21, Nihonbashi-Hakozakicho, Chuo-ku
Tokyo 103-8510 Japan
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law: INTERNATIONAL
BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. Some states do not allow disclaimer of express or implied warranties in
certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
167
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
Such information may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on development-level
systems and there is no guarantee that these measurements will be the same on
generally available systems. Furthermore, some measurements may have been
estimated through extrapolation. Actual results may vary. Users of this document
should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of
those products, their published announcements or other publicly available sources.
IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
All statements regarding IBM's future direction or intent are subject to change or
withdrawal without notice, and represent goals and objectives only.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other companies.
A current list of IBM trademarks is available on the Web at “Copyright and
trademark information” at www.ibm.com/legal/copytrade.shtml.
Intel is a registered trademark of Intel Corporation or its subsidiaries in the United
States and other countries.
168
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Linux is a registered trademark of Linus Torvalds in the United States, other
countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United
States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
The RIM and BlackBerry families of related marks, images and symbols are the
exclusive properties and trademarks of Research In Motion Limited — used by
permission. Research In Motion, RIM, BlackBerry, BlackBerry Enterprise Server and
“Always On, Always Connected” are registered with the U.S. Patent and
Trademark Office and may be pending or registered in other countries.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Privacy policy considerations
IBM Software products, including software as a service solutions, (“Software
Offerings”) may use cookies or other technologies to collect product usage
information, to help improve the end user experience, to tailor interactions with
the end user or for other purposes. In many cases no personally identifiable
information is collected by the Software Offerings. Some of our Software Offerings
can help enable you to collect personally identifiable information. If this Software
Offering uses cookies to collect personally identifiable information, specific
information about this offering’s use of cookies is set forth below.
Depending upon the configurations deployed, this Software Offering may use
session cookies that collect each user's user name, session ID, or other
application-specific state information for purposes of session management,
authentication, or enhanced usability. These cookies cannot be disabled.
If the configurations deployed for this Software Offering provide you as customer
the ability to collect personally identifiable information from end users via cookies
and other technologies, you should seek your own legal advice about any laws
applicable to such data collection, including any requirements for notice and
consent.
For more information about the use of various technologies, including cookies, for
these purposes, See IBM’s Privacy Policy at http://www.ibm.com/privacy and
IBM’s Online Privacy Statement at http://www.ibm.com/privacy/details the
section entitled “Cookies, Web Beacons and Other Technologies” and the “IBM
Software Products and Software-as-a-Service Privacy Statement” at
http://www.ibm.com/software/info/product-privacy.
Chapter 8. Notices
169
170
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Index
A
access
restricting to on-premises servers 129
access control lists
see ACL 68
accessibility
described 4
account identity
deleting 149
removing 152, 153
restoring 151
account settings
configuring your environment 26
ACL
customizing for mail files 68
ActiveX
enabling 59
address filters
described 70
administration tasks
described 9
administrator role
requirement 137
administrators
first logon 25
application passwords
enabling for mobile applications 43
Client Configuration tool
for Notes client 111
comparison
service and on-premises 9
custom templates
execution security alerts 63
preparing 61
D
delegation
planning for mail files 119
deployment
planning 13
device passwords
resetting for BlackBerry devices 161
device wipe
for SmartCloud Traveler devices 156
differences
between service and on-premises
deployments 9
directories
finding names in 47
distinguished name
forming 122
E
bandwidth
Notes client 108
web client 104
BlackBerry devices
activating 133
reactivating 158
BlackBerry documentation
providing to users 136
BlackBerry on-premises servers
removing accounts 133
BlackBerry smartphones
backing up data 158
encrypted mail 136
frequently asked questions 162
management tasks 158
resetting passwords 161
wiping 160
BlackBerry subscriptions
adding a subscription 133
removing a subscription 162
ECLs
custom templates 63
email filters
examples 70
enabling federated identity
management 40
encrypted mail
on BlackBerry smartphones 136
examples
Internet mail routing
using company SMTP host 21
using service SMTP host 23
execution security alerts
custom templates 63
expressions
in mail filters 70
extension forms files
assigning 140
assigning with integration server 140
overview 64
requirements 66
using as default 140
C
F
calendar details
enabling 83
chat
See also instant messaging
see instant messaging 89
client configuration tool
changes made to Notes client
FAQs
administering the service 9
BlackBerry administration 162
federated identity checklist 39
federated identity management
planning 13
B
firewalls
configuring inbound 17
configuring outbound 17
preparing 17
folders
trash folder management 57
FTP
downloading journal files 94
G
getting started
preparing a communications
plan 117
groups
managing 154
H
held status
for new accounts
119
I
IBM iNotes control
enabling 59
IBM Notes clients
described 7
preparing for deployment 108
IMAP
configuring access 98
folder names 99
inbound connections
configuring firewalls 17
information
available resources 10
instant messaging
configuring 83
configuring communities 87
described 89
on-premises 85
integration server
journal files 93
Internet domains
configuring 27
configuring additional 29
configuring an MX record 28
verifying ownership 27
IP range
bypassing in mobile applications
43
J
journal files
downloading 94
Notes client sessions
Notes mail 95
overview 93
97
111
171
Junk Mail Reports
customizing 74
enabling 73
K
keyword filters
described 70
L
Licenses
Notes 7
logon
first time by administrator 25
Lotus Notes distinguished name
forming 122
M
mail file
reducing size of file 58
mail file templates
changing 139
configuring 63
language versions 138
preparing custom 61
viewing assigned template 137
mail files
changing templates 139
configuring mail settings 55
configuring trash retention 57
customizing access 68
planning delegation 119
quotas 118
viewing templates 137
mail filters
Internet mail
creating filters for inbound
mail 70
see email filters 70
mail routing
planning 17
preparing
using SMTP 19, 20
using SMTP 21, 23, 60
using SMTP servers 19
mail rules
limiting use 55
mail settings
configuring 55
configuring Notes links 56
deleting older mail 58
limiting incoming message size 55
preventing automatic forward 55
mail templates
determining template name 119
messages
limiting size 55
mobile applications
enabling passwords for 43
MX record
configuring 28
172
N
Q
name changes
best practices in a service-only
environment 145
name finder
configuring 47
Name finder
Standard and Advanced options 49
network 13
planning 13
network bandwidth
Notes client 108
web client 104
new user accounts
providing information to users 125
newsletter filter
described 70
Notes client
deciding whether to use 101
Notes clients
authentication 35
changes made by Client Configuration
tool 111
Notes ID
on BlackBerry smartphones 136
resetting passwords 31, 144
Notes links
setting style 56
Notes Traveler
adding subscriptions 128
deleting users from on-premises
servers 130
device settings 108
preparing devices 106
removing accounts from on-premises
servers 129
restricting access to on-premises
servers 129
NRPC
authentication 35
quotas
for mail files
O
on-premises accounts
removing Notes Traveler
129
P
password rules
by authentication method 46
passwords
enabling for mobile applications
resetting
for Notes ID 31, 144
set expiration dates 31
setting expiration for Notes
clients 32, 91
setting for BlackBerry
smartphones 161
synchronizing 34, 92
preparing federated identity
management 39
Provisioning
checking status 122
43
118
R
reactivation
for BlackBerry smartphone
devices 158
for Traveler devices 156
references
information resources 10
Research In Motion
accepting terms of use 132
RIM
see Research In Motion 132
S
Sametime
configuring 83
feature comparison 89
on-premises 85, 87
SAML
planning 13
security
planning 13
service-only environment
configuring 26
settings
for BlackBerry smartphones 116
size limits
mail files 118
SmartCloud Notes
overview 1
using in service-only environment 5
what's new 2
SmartCloud Notes entry
described 6
SmartCloud Notes web
described 6
SmartCloud Traveler
managing devices 156
SMTP server
using to route mail 60
SMTP servers
preparing for Internet mail
routing 19
spam
reporting 79, 80
spam mail
reporting 82
status
held status 119
subscriptions
activating BlackBerry service 133
adding
BlackBerry services 133
Notes Traveler 128
adding in a service-only
environment 119
in suspended account 149
removing
BlackBerry services 162
SmartCloud Notes 147
status of new 122
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
subscriptions (continued)
viewing 155
support
troubleshooting tips 165
suspended account
status 149
T
templates
changing 139
configuring 63
language versions 138
using custom 139
viewing assigned 137
third-party email
setting up IMAP 98
troubleshooting
contacting support 165
execution security alerts 63
lost BlackBerry smartphone 160
reporting spam mail 82
tools and resources 165
Troubleshooting
Resetting Notes ID passwords 31,
144
troubleshooting tips
in the Support Portal 165
U
user accounts
adding in a service-only
environment 119
administering 137
deleting 149
removing from BlackBerry
on-premises servers 133
restoring 151
revoking 152, 153
suspending 149
user names
changing in a service-only
environment 145
W
web client
customizing 64
description 6
preparing for 104
what's new 2
Index
173
174
SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015
Printed in USA