SmartCloud Notes Administering SmartCloud Notes: Service-only Environment March 2015 SmartCloud Notes Administering SmartCloud Notes: Service-only Environment March 2015 Note Before using this information and the product it supports, read the information in Chapter 8, “Notices,” on page 167. Contents Chapter 1. Overview of SmartCloud Notes . . . . . . . . . . . . . . . . 1 What's new in SmartCloud Notes . . . . . . . 1 What's new for SmartCloud Notes administrators 2 Administrators can restore deleted user accounts . . . . . . . . . . . . . . 2 What's new for SmartCloud Notes users . . . . 2 Invitee status viewable by meeting chair on Notes Traveler devices . . . . . . . . . 2 More Windows devices are supported for Traveler . . . . . . . . . . . . . . 2 Notes Traveler 9.0.1.1 features are available . . 2 Notes Traveler 9.0.1.2 features are available . . 3 Setup improvements for the Notes Traveler Android client . . . . . . . . . . . . 4 Enhancements to supported email encoding standards for inbound internet mail . . . . 4 Accessibility . . . . . . . . . . . . . . 4 Using SmartCloud Notes in a service-only environment . . . . . . . . . . . . . . 5 SmartCloud Notes clients . . . . . . . . . . 6 Web client . . . . . . . . . . . . . . 6 Traveler devices . . . . . . . . . . . . 7 Notes client. . . . . . . . . . . . . . 7 IMAP client. . . . . . . . . . . . . . 8 BlackBerry devices with a Hosted BlackBerry Services subscription. . . . . . . . . . . 8 Feature differences between Notes and Domino and the SmartCloud Notes service . . . . . . . . 9 Frequently asked questions about administering the service . . . . . . . . . . . . . . . . 9 Information resources . . . . . . . . . . . 10 Chapter 2. Planning to deploy the service. . . . . . . . . . . . . . . 13 Planning security and the network . . Network capacity for the web client . Network capacity for the Notes client Planning mail routing and mail settings . . . . . . . . . . . . . . . . . 13 14 14 15 Chapter 3. Preparing for the service . . 17 Preparing the firewall . . . . . . . . . . . Configuring the firewall for inbound connections Configuring the firewall for outbound connections . . . . . . . . . . . . . Preparing to use company SMTP servers for Internet mail routing . . . . . . . . . . . . . . Preparing to use a company SMTP server to route inbound Internet mail . . . . . . . . Preparing to use a company SMTP server to route outbound Internet mail . . . . . . . Example: Routing mail from a service user to an external user using a company SMTP host . Example: Routing mail from a service user to an external user using a service SMTP host . . 17 17 17 19 19 20 21 22 Chapter 4. Configuring the service . . . 25 Logging on as the first company administrator . . Configuring your account settings . . . . . . . Configuring Internet domains . . . . . . . . Verifying ownership of a domain . . . . . . Configuring the MX record for a domain . . . Configuring additional Internet domains for the service to use . . . . . . . . . . . . . Customizing settings . . . . . . . . . . . Enabling the accessible experience for the web client . . . . . . . . . . . . . . . Configuring logins . . . . . . . . . . . Resetting service login passwords . . . . . Setting service login password expiration . . Managing Notes IDs . . . . . . . . . Setting up federated identity management . . Restricting the IP address range . . . . . Enabling application passwords . . . . . Authentication methods by client . . . . . Password rules by authentication method . . Configuring the name finder . . . . . . . Standard and Advanced Name Finder options Basic name finder illustration . . . . . . Basic Quick Search Only name finder illustration. . . . . . . . . . . . . Standard name finder illustration . . . . . Configuring mail settings . . . . . . . . . Changing the size limit for incoming messages Prevent automatic forwarding of messages . . Specifying how Notes links display in the web client . . . . . . . . . . . . . . Configuring how long mail remains in the Trash folder . . . . . . . . . . . . Deleting older email and meetings. . . . . Enabling the ActiveX control for Internet Explorer users . . . . . . . . . . . Specifying an SMTP server to route mail to the Internet . . . . . . . . . . . . Preparing to use custom mail file templates . . Handling execution security alerts caused by custom templates . . . . . . . . . . Configuring mail file templates . . . . . . . Using extension forms files to customize the look of the web client. . . . . . . . . . . . Extension forms file requirements . . . . . Preparing customized mail file ACLs . . . . . Configuring email filters and reporting . . . . Configuring email filters for inbound Internet mail . . . . . . . . . . . . . . . Enabling Junk Mail Reports . . . . . . . Customizing the text in Junk Mail Reports . . Customizing the Remove Sender from Junk List action for Notes users . . . . . . . Enabling the Report as Spam feature . . . . Reporting spam without the Report as Spam feature . . . . . . . . . . . . . . 25 26 27 27 28 29 29 29 30 30 31 31 36 42 43 45 45 47 49 51 52 54 55 55 55 56 56 57 59 60 61 63 63 64 66 68 69 70 73 74 76 79 82 iii Enabling busytime details in calendars . . . . Configuring instant messaging . . . . . . . Configuring the web client to connect to an on-premises Sametime community. . . . . Manually configuring Notes clients to connect to the service instant messaging community . Instant messaging features . . . . . . . Setting password expiration for Notes IDs . . . Enabling password synchronization . . . . . Logging activity in journal files. . . . . . . Downloading journal files . . . . . . . Format of the Notes mail journal file . . . . Format of the Notes client session journal file Configuring IMAP access . . . . . . . . . IMAP client limitations . . . . . . . . Chapter 5. Onboarding users 85 87 89 90 92 93 94 95 97 98 99 . . . . 101 Deciding whether to use the Notes client . . . . Preparing for onboarding . . . . . . . . . Preparing for the web client . . . . . . . Preparing for Notes Traveler devices . . . . Notes Traveler device settings . . . . . . Preparing for Notes clients . . . . . . . . How the Client Configuration tool configures the Notes client . . . . . . . . . . . Downloading Notes client software and other entitled software . . . . . . . . . . Connecting to cloud Activities through the Notes client sidebar . . . . . . . . . Preparing for IMAP clients . . . . . . . . Preparing to use BlackBerry devices . . . . . Settings enforced for BlackBerry smartphones Preparing communications and training . . . Mail file quota . . . . . . . . . . . . Mail file delegation . . . . . . . . . . Adding a SmartCloud Notes subscription to a user account . . . . . . . . . . . . . . . Forming a distinguished name . . . . . . Checking user provisioning status . . . . . . Helping users get started . . . . . . . . . Providing account information to users. . . . Getting started with the web client . . . . . Getting started with the Notes Traveler devices Adding a Notes Traveler subscription to a user account. . . . . . . . . . . . Removing user accounts from on-premises Notes Traveler servers . . . . . . . . Getting started with the Notes client . . . . Getting started with IMAP clients . . . . . Getting started with BlackBerry devices . . . Accepting the Research In Motion terms of use . . . . . . . . . . . . . . . Adding a BlackBerry subscription to a user account . . . . . . . . . . . . . Removing user accounts from an on-premises BlackBerry Enterprise Server . . . . . . iv 82 83 101 102 104 106 107 108 111 112 113 114 114 116 117 118 118 119 121 122 124 125 126 127 128 129 130 131 132 132 Activating a user's BlackBerry smartphone 133 Ensuring that mail encryption is available for BlackBerry smartphone users . . . . . . 135 Providing documentation to your BlackBerry smartphone users . . . . . . . . . . 136 Chapter 6. Administering user accounts . . . . . . . . . . . . . 137 Viewing assigned mail file templates . . . . . Language versions of the standard mail file template . . . . . . . . . . . . . . Changing user mail file templates . . . . . . Assigning extension forms files to users . . . . Setting a default extension forms file . . . . Explicitly assigning an extension forms file to many current users . . . . . . . . . . Explicitly assigning an extension forms file to individual current users . . . . . . . . . Resetting service login passwords . . . . . . Resetting passwords for Notes IDs . . . . . . Changing a user name . . . . . . . . . . Removing a SmartCloud Notes subscription from a user account. . . . . . . . . . . . . . Suspending a user account . . . . . . . . . Deleting a user account . . . . . . . . . . Restoring a deleted user account . . . . . . . Permanently deleting a user account . . . . . Removing the SmartCloud Notes data for a deleted user account or subscription . . . . . . . . Managing groups . . . . . . . . . . . . Viewing subscriptions . . . . . . . . . . Viewing assigned subscriptions . . . . . . Managing IBM Notes Traveler devices . . . . . Managing BlackBerry smartphones . . . . . . Reactivating a user's BlackBerry smartphone Wiping a user's BlackBerry smartphone if it is lost or stolen . . . . . . . . . . . . Setting a device password on a user's BlackBerry smartphone . . . . . . . . . Removing a BlackBerry subscription from a user account . . . . . . . . . . . . . . Frequently asked questions about BlackBerry smartphone administration . . . . . . . . 137 138 139 140 140 141 142 143 144 145 147 149 149 151 151 153 154 155 155 156 158 158 160 161 162 162 Chapter 7. Troubleshooting the service . . . . . . . . . . . . . . 165 Finding troubleshooting tips in the Support Portal 165 Contacting Support . . . . . . . . . . . 165 Chapter 8. Notices . . . . . . . . . 167 Trademarks . . . . . . . Privacy policy considerations . . . . . . . . . . . . . . 168 . 169 132 Index . . . . . . . . . . . . . . . 171 133 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Chapter 1. Overview of SmartCloud Notes IBM SmartCloud® Notes® is a multi-tenant cloud mail service. When you use the service, administrators at IBM® set up and maintain IBM Domino® mail servers for you in the cloud on external IBM servers. The service offers you the benefits of Domino mail server security features and architecture without the mail server maintenance overhead. Using the following clients, users connect to the SmartCloud Notes service over the Internet to access their mail: v Web client through a browser interface available at http://www.ibmcloud.com/ social; v Notes; v Mobile devices. Any combination of these clients can be used. At least one person at a company is designated as a company administrator. A company administrator has a user account with the Administrator role and is responsible for configuring the service and administering user accounts. The SmartCloud Notes service provides various options that are designed to help you deploy the service in a way that best satisfies your business needs. v You can deploy the service with the assistance of an IBM Software Services for Collaboration representative or a certified IBM Business Partner. Whether you choose this option depends on factors such as the type of SmartCloud Notes environment you deploy and your in-house IT expertise and priorities. v You can choose from a list of standard mail file templates that are available within the service by default, or develop a custom template for your company. You can develop a custom template in-house or contract with an IBM or a third-party representative to develop the template. Approval of a custom template requires a short service engagement with IBM Software Services for Collaboration. v A Notes Traveler subscription is available automatically. This subscription enables users to access the service through supported mobile handheld devices. Note that the ultra-light mode of the web client supports the use of some mobile devices for no additional purchase. v If you purchase a SmartCloud Notes for Hosted BlackBerry® Services subscription, users can access the service through BlackBerry® smartphones. To use BlackBerry® 10 devices, use Notes Traveler instead. v If you purchase the Connections Archive Essentials subscription, the content of user email can be captured and retained for later legal discovery. For more information about this service, see the Using Connections Archive Essentials documentation. What's new in SmartCloud Notes The following features and enhancements are new in IBM SmartCloud Notes. 1 What's new for SmartCloud Notes administrators The following features are new for IBM SmartCloud Notes administrators. Administrators can restore deleted user accounts Administrators have 30 days to restore user accounts after deleting them. The accounts are restored with complete functionality, including mail file access. Related tasks: “Deleting a user account” on page 149 When you delete a user's account, the user no longer has access to any cloud services. If you change your mind about the deletion, you have up to 30 days to restore the account to full functionality. “Restoring a deleted user account” on page 151 After you delete a user account, you have up to 30 days to restore it if you change your mind. Restoring the account returns it to full functionality, including full mail file access. What's new for SmartCloud Notes users The following features are new for IBM SmartCloud Notes users. Invitee status viewable by meeting chair on Notes Traveler devices Invitee status display is now supported on Apple, BlackBerry 10, Windows Phone, Windows Tablet, and Android devices. The meeting chair can view the status of each invitee's response to the current version of the meeting. Possible statuses are accepted, tentative, declined, and no response. Additionally, the Android client can show a status of delegated. More Windows devices are supported for Traveler IBM SmartCloud Notes Traveler users can now use Windows Phone and Windows Tablet (Windows Pro and Windows RT) devices with the service. There is no need to install client software on these devices to use them with the service. For device requirements, see the SmartCloud Notes client requirements. Related information: SmartCloud Notes client requirements Using Notes Traveler documentation Notes Traveler 9.0.1.1 features are available The IBM Notes Traveler 9.0.1.1 client provides the following new features: Calendar improvements for Android clients Local calendar information displays in IBM Notes Traveler calendar You can now add the information from your local device calendars into your IBM Notes Calendar view. Create calendar events from mail messages You can now create a calendar event while viewing mail, using the overflow menu. Calendar events created from mail messages will form with the invitees populated with the message recipients, and the event details information pre-filled with the content of the mail. 2 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Interface improvements for Android clients Action bar The action bar is a mobile feature that identifies your location within IBM Notes Traveler, as well as provides action icons and navigation modes. Navigation drawer for mail The navigation drawer is a panel that slides in from the left of the screen to display IBM Notes Traveler's main navigation options. For mail, the navigation drawer displays your user account and mail folders (inbox, outbox, sent, and personal). The navigation drawer is only available from the parent list view of a mail folder. Android Contacts application IBM Notes Traveler on Android now provides its own dedicated Contacts application, rather than utilizing the device Contacts application. New mail item list layout with thumbnail photos The mail item list has been redesigned to make it easier to consume the sender, subject, and message body where applicable. If the screen is wide enough, a person thumbnail image displays using the sender's mail address to search for available photos, either from local contacts, IBM Notes Traveler contacts, or from the new Sametime® Integration feature. New mail list selection mode A new selection mode overlays a 'Contextual Action Bar' over the existing action bar, showing the number of selected items. It also provides batch operations on the selected items, such as: Move to Folder, Discard, Mark as Read, or Mark as Unread. Only the actions which are applicable to all selected items displays. Gesture actions for mail and contacts To quickly act on mail items in a list or take action on a contact, you can now swipe the item from right to left to display a list of action buttons without having to open the mail or contact itself. Available on phones with Android 3.0 (Honeycomb) and above. Add to Contacts from mail When viewing a mail item, you can now add the sender to your contacts. Mail list person actions You can now tap a user photo from a mail message and see a list of possible actions to take with that person. The actions available depend on the information available for the person. If there is a mail address associated with the person, you can perform the following actions: v View the person's IBM Connections Profile (only if IBM Connections mobile is installed) v Chat with the person (only if IBM Sametime mobile chat is installed and connected) v Mail the person (opens the Android mail selection dialog). If there is at least one phone number associated with the person, and your device is a phone, you can also call and text the person directly. These options are only available where a person photo displays: mail, calendar and contacts. Notes Traveler 9.0.1.2 features are available The IBM Notes Traveler 9.0.1.2 client provides the following new features. Chapter 1. Overview of SmartCloud Notes 3 New reply options for mail messages in Android devices When replying to a mail message on Android devices, you can now choose to reply with or without message history and attachments. Add Notes Traveler contact from a phone number On Android phones that support the option, you can now choose to make a new Notes Traveler contact from a phone number. Setup improvements for the Notes Traveler Android client When setting up a new IBM Notes Traveler Android 9.0.1.3 client, you are no longer required to type in your datacenter URL to connect to the service. You are now automatically connected to the correct data center based on your login identity. Enhancements to supported email encoding standards for inbound internet mail IBM SmartCloud Notes web and IBM Notes Traveler clients now support the RFC 2231 standard for inbound Internet email. This standard provides email improvements, including the correct display of attachment file names that are specified in character sets other than US-ASCII. The service supports the new standard for incoming messages that are encoded to support RFC 2231. The RFC 2231 encoding is retained when a recipient replies to or forwards a message. The service does not use the new encoding in new outbound messages. Accessibility IBM SmartCloud Notes Administration, the interface that is used to administer SmartCloud Notes, is accessible. The version of this documentation that is in the Knowledge Center is accessible. All OS level keystrokes for accessibility are recognized. For the best accessibility experience, use a version of Mozilla Firefox supported by the service and the latest version of the JAWS screen reader. See the IBM Human Ability and Accessibility Center for more information about the commitment that IBM has to accessibility. Related tasks: “Enabling the accessible experience for the web client” on page 29 You can submit a request to enable the accessible experience for the web client for everyone in your organization. Mail, Calendar, Contacts, and Preferences features provided with this experience are all accessible. Related information: System Requirements Knowledge Center documentation 4 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Using SmartCloud Notes in a service-only environment When you deploy IBM SmartCloud Notes as a service-only environment, there is no integration with on-premises IBM Domino mail servers at a company site. IBM administrators administer and maintain the mail servers, and company administrators perform user management tasks through an administration interface accessed through http://www.ibmcloud.com/social. The following illustration depicts Herb Medway and Allie Singh, employees of the fictional company ZetaBank, accessing their mail servers in the service, Mail1/ZetaBank and Mail2/ZetaBank. It also depicts their company administrator accessing the service. An IBM representative can configure your SmartCloud Notes account settings, or you can do this yourself. Configuring account settings involves supplying the following information to the service: an Internet domain that is owned by your company and used for Internet mail, a name for your organization, and a base name for your mail servers. After your account is set up, you can add additional Internet domains for use with service, if you own more than one domain. After your company's account settings are configured, an IBM Customer Service Representative creates accounts for your existing users to move them to the service. Chapter 1. Overview of SmartCloud Notes 5 After your existing users have moved to the service, company administrators perform user management tasks such as the following ones through the web Administration interface on the Connections Cloud website at http://www.ibmcloud.com/social: v Adding and deleting users v Adding and managing mail list groups v Resetting passwords v Selecting mail file templates v Configuring mail settings to limit incoming message size or remove older messages v Managing mobile devices v Managing instant messaging SmartCloud Notes clients IBM SmartCloud Notes clients provide mail, personal Information Management features such as calendars, contacts, and to do lists, and with some clients, integrated collaboration features, such as embedded chat. Web client The IBM SmartCloud Notes web client provides access to mail servers through a browser. The web client is a hosted mail client; there is no client for users to install. Users simply log on to http://www.ibmcloud.com/social using their service login email address and password. The service authenticates the client and then the client is redirected to the mail file in the service. User can access the web client in either of these ways: v On a computer -- after logging on, users click Mail. v On a mobile device -- users point the browser on the device to the service, and then log on to the ultra-light mode. Users need a subscription for either SmartCloud Notes or SmartCloud Notes Entry to use the web client. Each subscription provides a full mail client with mail, calendar, and contacts, as well as to do and notebook applications. Each subscription provides access to the service through either full or ultra-light mode. v Full mode -- The full mode offers the widest range of features including mail, contacts, calendar and scheduling, as well as notebook and to do tasks. v Ultra-light mode -- The ultra-light mode is available at no extra cost on a mobile device, and on a personal computer. There is no additional setup or client install on the mobile device required. Users simply point their device browser to https://www.collabserv.com to access their mail. The ultra-light mode supports Android, as well as Apple iPhone, iPod Touch, and iPad devices. See the client requirements for details on the supported levels of device operating systems. Decide which web client subscription best fits your needs. The SmartCloud Notes Entry subscription includes many of the same features that are available with the standard SmartCloud Notes subscription, but with the following limitations: v Users are provisioned with a new mail file. There is no data migration of an existing mail file. v Users cannot access mail using either the Notes client or an IMAP client. v Users cannot access mail using Blackberry smartphones. 6 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 v User mail files have a 1 GB quota. For a list of browsers supported for use with the web client, see the client requirements. Related tasks: “Preparing for the web client” on page 104 Before you provision users who will access IBM SmartCloud Notes using the web client, prepare for the web client. Related information: SmartCloud Notes client requirements Using the web client Traveler devices A Notes Traveler subscription supports Apple, Android, Windows Phone and Windows Tablets, Windows Mobile, and BlackBerry® 10 devices. See the device requirements for details on the supported levels of device operating systems. To get started, users perform simple steps to install and configure Notes Traveler on their devices using the installation and configuration information in the SmartCloud Notes product documentation for their specific device. Related tasks: “Preparing for Notes Traveler devices” on page 106 Before enabling users to use IBM Notes Traveler mobile devices with the service, prepare your environment and the devices. Related information: Notes Traveler device requirements Using Notes Traveler Notes client Use of the IBM Notes to connect to the service is optional. A IBM SmartCloud Notes subscription entitles you to the Notes client license. Users who access mail by using a Notes client can take advantage of the many collaboration features that are available through the client. As with the web client, the Notes client provides mail, calendar, and contacts, as well as to do and notebook applications. You can manage your Inbox using full-text search, delegation, mail filtering and sorting, conversation views, and flags. The following features and applications are also available to you when you use the Notes client. v Activities - Beginning with Notes 8.5.2, if your organization has a collaboration subscription, then the sidebar is automatically configured to access Activities in the service without further authentication. v IBM Sametime - Use the embedded Sametime client to manage instant messaging contacts and initiate chats. v RSS feeds - Subscribe to RSS feeds that display in the sidebar. Keep the following in mind if your users will use the Notes client: Chapter 1. Overview of SmartCloud Notes 7 v SmartCloud Notes supports only the standard configuration of Notes, and not the basic configuration. v You should decide which supported version of the client to use in your environment. See the SmartCloud Notes client requirements for information on supported versions. Related tasks: “Preparing for Notes clients” on page 108 Use of the IBM Notes client to connect to the service is optional. If you want your users to use the Notes client, understand the steps to prepare. Related information: SmartCloud Notes client requirements Using Notes IMAP client If you enable IMAP access, users can configure third-party email clients to access mail in the service. The following IMAP clients are supported: v Apple email v Microsoft Outlook 2003, 2007 v Thunderbird There is no additional charge or subscription required to use IMAP clients. Related tasks: “Preparing for IMAP clients” on page 114 If you plan to use IMAP clients, complete these tasks to prepare. BlackBerry devices with a Hosted BlackBerry Services subscription If your company has an IBM SmartCloud Notes for Hosted BlackBerry® Services subscription, users can use BlackBerry® smartphones to access mail and personal information management features. IBM administrators set up and maintain BlackBerry Enterprise Servers for you on sites that they manage. The Blackberry subscription provides the following features: v Mail, Calendar, Task, To Do, and Contact applications v Corporate directory lookup v Smartphone management through http://www.ibmcloud.com/social. This subscription does not support BlackBerry® 10 devices. Those devices are supported by IBM Notes Traveler. Related tasks: “Preparing to use BlackBerry devices” on page 114 If you plan to use BlackBerry devices that are supported by a Hosted BlackBerry Services subscription, complete these tasks to prepare. 8 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Feature differences between Notes and Domino and the SmartCloud Notes service Some features in IBM Notes, IBM iNotes®, and IBM Domino are unavailable or have limitations within the IBM SmartCloud Notes service. For an explanation of the differences, see the following article in the IBM Connections Cloud wiki: Feature differences between Notes and Domino and the SmartCloud Notes service. Frequently asked questions about administering the service The following table provides answers to questions frequently asked about the tasks that company administrators perform in a IBM SmartCloud Notes environment. Table 1. Frequently asked questions about administering SmartCloud Notes Question Answer Do company administrators have access to user mail files? By default, administrators do not have access to user mail files. However, new users can be provisioned with mail files that have customized access control lists (ACLs). In addition, the mail delegation feature can be used to delegate management of a mail file to an administrator or to a group of administrators. For more information, see “Preparing customized mail file ACLs” on page 68 and “Mail file delegation” on page 118. Do mail files have a size limit? Currently a size limit (quota) of 25 GB is enforced on the mail files of users who were provisioned before November 22, 2014; the mail file size limit of users who are provisioned after this date is 50 GB. An exception is the mail files of SmartCloud Notes Entry users, whose mail files have a 1 GB limit. For more information, see “Mail file quota” on page 118. What options are available for managing mail file size? Company administrators can manage the size of mail files by setting limits on the size of incoming messages. Additionally, they can specify how long mail remains in mail files by enabling automatic mail deletion for older mail. For more information, see “Configuring mail settings” on page 55. Can we use a customized mail file template? Yes, company administrators can apply a customized template to user mail files. This is done through SmartCloud Notes Administration. The template must meet specific design requirements. A representative of IBM Software Services for Collaboration must approve it as part of a short consulting services engagement. For more information, see “Preparing to use custom mail file templates” on page 61. Chapter 1. Overview of SmartCloud Notes 9 Table 1. Frequently asked questions about administering SmartCloud Notes (continued) Question Answer Can users create local replicas of their mail files? IBM Notes users can create local replicas of their mail files and schedule replication between the local replicas and the server replicas. Local replicas are useful in a service-only environment to provide offline access to mail files. For more information about creating local replicas, see Getting started with replication in the Notes documentation. Are company administrators responsible for mail database maintenance? No, compacting and other mail database maintenance tasks are handled within the service for you. How does a company administrator change a Notes user's hierarchical name? In a service-only environment, company administrators change the Notes hierarchical name, as well as the service login name, by editing the service user account. For more information, see “Changing a user name” on page 145. How do I reset a user's password? There are two passwords. One is the service login password that is used to log on to the IBM Connections Cloud website at http://www.ibmcloud.com/social. Another is the Notes ID password used to log in to mail servers through Notes. Reset the service login password through the service user account. Reset the Notes ID password through the SmartCloud Notes Administration. For more information, see “Resetting service login passwords” on page 30 and “Resetting passwords for Notes IDs” on page 31 Information resources The following information resources are available for IBM SmartCloud Notes. Be sure to use these resources to keep up-to-date on technical content, known issues, and product news. Table 2. Information resources for SmartCloud Notes Resource Description IBM Connections Cloud wiki The wiki provides the following information: v Known issues and troubleshooting information v Getting started information v Technical articles by IBM employees and other community members v Links to other resources such as courseware and multi-media content 10 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Table 2. Information resources for SmartCloud Notes (continued) Resource Description SmartCloud Notes known issues This wiki article links to a comprehensive list of SmartCloud Notes technotes on the Support site. These technotes describe known issues and workarounds. The article also links to technotes about the Notes client. SmartCloud Notes Fix List This page shows a chronological list of fixes made to the SmartCloud Notes service. SmartCloud Notes Support newsletter This newsletter highlights important technotes and new technical articles and courseware. To receive automatic notification when a new edition of this newsletter is available, add SmartCloud Notes to your My Notifications subscription and include the “Product information and publications” document type in your subscription. My Notifications from SmartCloud Notes Support My Notifications enables you to receive daily or weekly announcements through e-mail, custom Web pages and RSS feeds. These customizable communications can contain important news, new or updated support content, such as publications, hints and tips, technical notes, product flashes (alerts). Support page Click Support > Technical Support from this page for information about how to contact SmartCloud Notes Support. Chapter 1. Overview of SmartCloud Notes 11 12 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Chapter 2. Planning to deploy the service To plan for the IBM SmartCloud Notes service, understand the features it offers, the deployment options that are available, and the planning considerations. Planning security and the network Answer the questions described in this topic to decide about security and network connections. About this task Table 3. Security and network planning questions Question Considerations What process does your company use to make network changes? Your company might have a review and approval process for making the network changes required by the service. Ensure that you understand the process and allow time to implement the required changes. Does your network have sufficient bandwidth and Internet connectivity? Clients connecting to mail files in the service increases network traffic to the Internet. It is important to assess whether your current network has sufficient bandwidth and Internet connectivity to handle the increased traffic. You may need to work with your Internet Service Provider to increase network bandwidth before you provision users for the service. For information, see the topics “Network capacity for the web client” on page 14 and “Network capacity for the Notes client” on page 14. Will you use federated identity management? Federated identity management allows users who are logged on to a company system to connect to the service with the web client without logging on again. To enable federated identity management, register your organization as a trusted identity provider in the IBM Connections Cloud service. Before you register, implement and test a federated identity management system that uses Security Assertion Markup Language (SAML). While you are implementing your system, you make some choices and prepare several artifacts. For more information on this option and other login options, see “Configuring logins” on page 30. 13 Table 3. Security and network planning questions (continued) Question Considerations What firewall changes are required? Your firewall must allow outbound connections to specific ports and destination host names within the service. The settings required depend on the clients that are used with the service. For more information, see “Configuring the firewall for outbound connections” on page 17. Do you use a forward proxy to control user access to the Internet? If so, you must allow network traffic to pass transparently through the proxy over port 1352 (NRPC), if you use Notes clients, as well as port 443 (HTTPS) for browser clients. Network capacity for the web client Before using the web client, have an understanding of the approximate network capacity that your Internet Service Provider will need to provide to support connections from the web clients to the service. Use the following formula as a general guideline only: number_of_clients x 2.5 Kbps where number_of_clients is the expected number of web clients and 2.5 Kbps is the average network kilobits per second required for each client to connect to the service. This formula assumes an average level of client activity based on IBM Domino mail benchmarks for server-based mail files. Your actual network capacity requirements will depend on the client usage patterns in your environment. Network capacity for the Notes client Before configuring Notes clients to connect to the service, have an understanding of the approximate network capacity that your Internet Service Provider must provide to support those connections. Use the following formula as a general guideline only: number_of_clients x 3.1 Kbps where number_of_clients is the number of Notes clients used and 3.1 Kbps is the average network kilobits per second required for each client. This formula assumes an average level of client activity based on IBM Domino mail benchmarks for server-based mail files. Your actual network capacity requirements will depend on the client usage patterns in your environment. 14 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Planning mail routing and mail settings Answer the questions in this topic to help you make decisions about Internet mail routing and mail settings. Table 4. Mail routing and mail settings questions Question Considerations What Internet domains do you own and use As part of service configuration, you verify for Internet email addresses? ownership of your company Internet domains. Verification involves creating a CNAME record in your domain DNS record. If you do not have access to the DNS record, you should allow time for your Internet Service Provider (ISP) to create the required CNAME record for you. For more information, see “Configuring Internet domains” on page 27. Do you use domain aliases so that users can The service does not support domain aliases receive email addressed to more than one in a service-only environment. A user in the Internet domain? service can have only one Internet email address. When users send mail to external users on the Internet, do you want to use an on-premises SMTP server to route the mail? By default, the service handles routing outbound mail that users address to the Internet. You can use a company-controlled SMTP server to route the mail, instead. When you use your own server, you can perform actions such as filtering and auditing before routing the mail. For more information, see the topic “Preparing to use a company SMTP server to route outbound Internet mail” on page 20. When external users on the Internet address mail to your users, do you want to use an on-premises SMTP server to route the mail service? By default, an SMTP server in the service handles routing inbound mail from the Internet that is addressed to your users. You can instead use a company-controlled SMTP server to accept the mail and route it to user mail servers in the service. For more information, see the topic “Preparing to use a company SMTP server to route inbound Internet mail” on page 19 If the service handles routing inbound Internet mail, do you want apply filters to the inbound mail? You can create filters to allow or block Internet email sent from specific domains or addresses. For more information, see “Configuring email filters for inbound Internet mail” on page 70 Do you want to use any of the optional mail You can limit the size of incoming messages, settings the service provides? prevent auto-forwarding of external messages, customize the display of Notes document links in web client mail, configure mail retention in the trash folder, and control the deletion of older email. For more information, see “Configuring mail settings” on page 55 Chapter 2. Planning to deploy the service 15 16 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Chapter 3. Preparing for the service After you have planned for a service-only environment, perform the steps in this section to prepare your environment. Related tasks: Chapter 2, “Planning to deploy the service,” on page 13 To plan for the IBM SmartCloud Notes service, understand the features it offers, the deployment options that are available, and the planning considerations. Preparing the firewall Configure the corporate firewall to allow connections to and from the service. About this task When configuring the firewall, specify the host names as described to minimize the risk of network attacks from the Internet. The risk of attack increases if you relax the host name rules. Configuring the firewall for inbound connections Configure firewall settings that allow the service to connect to a company SMTP host server. These settings are required only if you plan to use a company server to route mail that service users address to the Internet. About this task Table 5. Firewall settings to allow the service to connect to an SMTP host server Protocol Port Source Target SMTP 25 The IBM SmartCloud Notes addresses generated by the outer firewall of the service. Optional SMTP host that routes mail to the Internet. The host is specified in SmartCloud Notes Administration at Account Settings > Email Management > Manage Routing to External Internet Domains. Contact your IBM Customer Service Representative for this information. Configuring the firewall for outbound connections Configure the firewall to allow outbound connections to the service. About this task The following table describes the firewall settings required to allow connections from on-premises servers and clients to specific hosts in the service. You can substitute *.collabserv.com for the host names to represent all hosts in the service. If your current firewall settings reference the original service domain name, lotuslive.com, retain those settings and add the settings described in the table. 17 In addition to allowing connections over HTTPS port 443, you can allow connections over HTTP 80. If you do, connections over HTTP are redirected to HTTPS. Table 6. Firewall settings for outbound connections Port Host name NRPC 1352 North American data center: notes.na.collabserv.com Asia Pacific data center: notes.ap.collabserv.com European data center: notes.ce.collabserv.com Domino servers IBM Notes clients HTTPS 443 North American data center: notes.na.collabserv.com mail.notes.na.collabserv.com Asia Pacific data center: notes.ap.collabserv.com mail.notes.ap.collabserv.com European data center: notes.ce.collabserv.com mail.notes.ce.collabserv.com IBM SmartCloud Notes web HTTPS 443 North American data center: admin.notes.na.collabserv.com Asia Pacific data center: admin.notes.ap.collabserv.com European data center: admin.notes.ce.collabserv.com Web browser access to SmartCloud Notes Administration HTTPS 443 North American data center: traveler.notes.na.collabserv.com apps.na.collabserv.com Asia Pacific data center : traveler.notes.ap.collabserv.com apps.ap.collabserv.com European data center: traveler.notes.ce.collabserv.com apps.ce.collabserv.com IBM Notes Traveler devices accessing the service via WiFi IMAP 993 North American data center: imap.notes.na.collabserv.com Asia Pacific data center: imap.notes.ap.collabserv.com European data center: imap.notes.ce.collabserv.com IMAP clients (receiving mail) IMAP 465 North American data center: submit.notes.na.collabserv.com Asia Pacific data center: submit.notes.ap.collabserv.com European data center: submit.notes.ce.collabserv.com IMAP clients (sending mail) North American data center: im.na.collabserv.com Asia Pacific data center: im.ap.collabserv.com European data center: im.ce.collabserv.com IBM Notes clients that connect to the instant messaging community in the service VP (Virtual 1533 Places used for instant messaging) 18 Applicable server or client Protocol SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Table 6. Firewall settings for outbound connections (continued) Protocol Port Applicable server or client Host name VP (Virtual 1533 Places used for instant messaging) North American data center: webchat.na.collabserv.com Asia Pacific data center: webchat.ap.collabserv.com European data center: webchat.ce.collabserv.com IBM SmartCloud Notes web clients that connect to the instant messaging community in the service SMTP North American data center: smtp.notes.na.collabserv.com Asia Pacific data center: smtp.notes.ap.collabserv.com European data center: smtp.notes.ce.collabserv.com SMTP servers that route Internet mail to service users North American data center: ftp.notes.na.collabserv.com Asia Pacific data center: ftp.notes.ap.collabserv.com European data center: ftp.notes.ce.collabserv.com Temporary requirement for clients that transfer mail files to the service over FTP 25 FTP 990 PASV (FTP) 60000 - 61000 Hybrid environments only FTP 990 PASV (FTP) 60000 - 61000 North American data center: ftp.na.collabserv.com Asia Pacific data center: ftp.ap.collabserv.com European data center: ftp.ce.collabserv.com Client that downloads journal files Preparing to use company SMTP servers for Internet mail routing By default, the service handles inbound and outbound Internet mail routing. You can prepare for company SMTP servers to route Internet mail, instead. About this task You can prepare company SMTP servers to route outbound Internet mail only, to route inbound Internet mail only, or to route both outbound and inbound Internet mail. Preparing to use a company SMTP server to route inbound Internet mail By default, when external users send mail to service users over the Internet, an SMTP server in the service handles routing the mail to the service users. You can use a company SMTP server to route this mail, instead. Chapter 3. Preparing for the service 19 About this task If you use a company SMTP server to route Internet mail to your users, you are responsible for filtering the mail for viruses and SPAM. Do not perform this procedure if you want the service to route Internet mail to your users. Procedure 1. Configure the company SMTP server to accept mail for each Internet domain that contains service users. 2. Configure mail addressed to service users to be routed to one of the following SMTP hosts in the service: v If you use the United States data center: smtp.notes.na.collabserv.com v If you use the Asia Pacific data center: smtp.notes.ap.collabserv.com 3. Configure the corporate firewall to allow outbound connections over port 25 to the SMTP host that you specified in the previous step. What to do next When you configure the service, skip the procedure that describes configuring the domain MX record to deliver mail to the service. That procedure is not necessary when you continue to use a company SMTP server for inbound Internet routing. Related tasks: “Configuring the MX record for a domain” on page 28 After you verify ownership of the domain, configure your domain MX record to deliver mail to the service. Preparing to use a company SMTP server to route outbound Internet mail You can configure a company SMTP host server to route mail that service users send to external users. About this task Skip this procedure if you want the service to handle routing the mail that is sent to external users. In this case (default behavior), the service filters the messages for virus and spam before routing them to the Internet. By using a company SMTP host server for external routing, you can act on messages before routing them, for example, filter or audit messages. When you use this feature, the service filters messages for viruses and spam and then routes them directly to your designated SMTP host server. Messages addressed to any domain that is not an internal, service-verified domain are routed to the SMTP host server. The service uses Transport Layer Security (TLS) to route mail to the SMTP host server if the host server uses TLS. The connection is made using STARTTLS over SSL TCP/IP port 25. Procedure 1. Configure your SMTP host server to accept mail from one of the following SMTP host servers in the service: v If you use the United States data center: smtp.notes.na.collabserv.com 20 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 v If you use the Asia Pacific data center: smtp.notes.ap.collabserv.com v If you use the European data center: smtp.notes.ce.collabserv.com For more information on this step if you use a Domino SMTP server, see the topic about enabling a server to receive mail sent over SMTP routing in the Domino documentation. 2. Configure the corporate firewall to allow inbound connections over port 25 from the service SMTP host server specified in the previous step. For more information, see the topic “Configuring the firewall for inbound connections” on page 17. 3. If specifying a maximum message size, configure your SMTP host server to accept messages up to 100 MB in size, the maximum message size allowed by the service. For more information on this step if you use a Domino SMTP server, see the topic about restricting mail routing based on message size in the Domino documentation. 4. Configure your SMTP host server to relay mail to external Internet domains. For more information on this step if you use a Domino SMTP server, see the topic about setting inbound relay controls in the Domino documentation. 5. Configure your SMTP host server to route mail to the Internet. For more information on this step if you use a Domino SMTP server, see the topic about setting up SMTP routing to external Internet domains in the Domino documentation. What to do next When you complete the service configuration, perform the procedure “Specifying an SMTP server to route mail to the Internet” on page 60. Related concepts: “Example: Routing mail from a service user to an external user SMTP host” This example illustrates how mail is routed from a service user on the Internet when a company SMTP server routes the mail. “Example: Routing mail from a service user to an external user SMTP host” on page 22 This example illustrates how mail is routed from a service user on the Internet when the service manages the routing. Related information: using a company to an external user using a service to an external user Domino documentation Example: Routing mail from a service user to an external user using a company SMTP host This example illustrates how mail is routed from a service user to an external user on the Internet when a company SMTP server routes the mail. In this example: v The external user is in the zetabank.com domain. v The external SMTP server is smtp.zetabank.com. v The on-premises SMTP server is smtp.renovations.com. v The service user is in the renovations.com domain. v The service user’s mail server is Mail1/Renovations. Chapter 3. Preparing for the service 21 When the service user addresses mail to the external user in the zetabank.com domain, the following steps are taken to route the mail. 1. The service user’s mail server, Mail1/Renovations, routes the mail to an SMTP server in the service. 2. The SMTP server in the service routes the mail to a mail hygiene server in the service. 3. The mail hygiene server in the service scans the mail for viruses and spam and then routes the mail to the on-premises SMTP server, smtp.renovations.com. 4. The on-premises SMTP server, smtp.renovations.com, filters and audits the mail, and then routes the mail to the external SMTP server, smtp.zetabank.com. . Company-controlled SMTP server routing mail from a service user to an external user Example: Routing mail from a service user to an external user using a service SMTP host This example illustrates how mail is routed from a service user to an external user on the Internet when the service manages the routing. 22 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 In this example: v The external user is in the zetabank.com domain. v The external SMTP server is smtp.zetabank.com. v The service user is in the renovations.com Internet domain. v The service user’s mail server is Mail1/Renovations. When the service user sends mail to the external user in the zetabank.com domain, the following steps occur to route the mail. 1. The service user’s mail server, Mail1/Renovations, routes the mail to an SMTP server in the service. 2. The SMTP server in the service routes the mail to a mail hygiene server in the service. 3. The mail hygiene server scans the mail for viruses and spam and then routes the mail to the external SMTP server, smtp.zetabank.com, over the Internet. . Service routing mail from a service user to an external user Chapter 3. Preparing for the service 23 24 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Chapter 4. Configuring the service After you have prepared your environment for the service, perform the steps in this section to configure the service. Related tasks: Chapter 3, “Preparing for the service,” on page 17 After you have planned for a service-only environment, perform the steps in this section to prepare your environment. Logging on as the first company administrator An IBM Customer Service Representative creates the IBM SmartCloud Notes account for your company. This step creates a company administrator account under a name and email address provided by your company. IBM sends an email to the address confirming your purchase. To activate the account for your company, follow the URL link in this email and log on to the IBM Connections Cloud website as the company administrator. About this task Perform the following steps to activate the account for your company and log on as the first company administrator. Procedure 1. Open the email that was sent to the company administrator email address confirming your purchase. 2. Click the URL link in the email, to open the Registration page. 3. Perform the following steps on the Registration page: a. Create and confirm a service logon password. b. c. d. e. Important: The email address that is shown is the logon name for the company administrator account. Be sure to remember it and the new password. Select a country, language, and time zone. Read the terms of use and privacy practices information, and if you agree to them, click I accept the Terms of Use. Click Submit. Log on using the company administrator email logon and new password. Results You are now logged on to your home page. To log on in the future, go to http://www.ibmcloud.com/social. What to do next Configure the SmartCloud Notes service, if IBM is not configuring it for you. 25 Configuring your account settings To set up the service for your company, a company administrator or your IBM Customer Service Representative configures your company account settings. Before you begin Make sure that IBM has created the SmartCloud Notes account for your company and that you have activated it by logging on to the service as the first company administrator. About this task Perform the following steps if you are a company administrator and want to configure account settings. Procedure 1. Log on to http://www.ibmcloud.com/social as a company administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Make sure the Hybrid Environment option is not selected, and then click Set Up My Account. 5. In the next window, click Continue to confirm that you do not want to integrate the service with on-premises IBM Domino servers. Note: If you are unsure, click Back. After you press Continue, changing your account type requires the assistance of your IBM Customer Service Representative. 6. Click Begin Setup. 7. In the “Tell us your Internet domain name” window, provide a valid Internet domain name that your company owns and uses for Internet mail, for example, renovations.com, then click Next. 8. In the “Choose your organization name” window, provide a name for your organization that is at least six characters. The name becomes part of your Notes user names and is usually your company name. Use a short organization name for ease of use, for example, Renovations rather than Renovations Incorporated. Click Next. 9. In the “Choose your mail server base name” window, provide a base with which to begin the names of your mail servers. A number is added to the base so that your servers are numbered sequentially, for example, Mail1/SCN/Renovations, Mail2/SCN/Renovations. Do not specify a number as part of the base. Click Next. 10. Verify your selections and, when you are satisfied with them, click Activate My Account. What to do next When you are done configuring account settings, complete the tasks in the order shown. Service users can receive mail addressed to this domain only after the tasks are completed. v “Verifying ownership of a domain” on page 27 v “Configuring the MX record for a domain” on page 28 26 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Configuring Internet domains To enable users to receive mail addressed to an Internet domain, first verify ownership of the domain, and then configure an MX record for the domain. Verifying ownership of a domain Internet domain name verification is a standard industry practice among domain hosting services to confirm domain name ownership and to prevent abuse of user accounts. You need to verify only the domain names that correspond to Internet addresses of users that you are provisioning. About this task There are different methods to verify domain names. The service uses a CNAME record for this purpose by requiring you to create a CNAME record to prove ownership. Your domain hosting service should provide instructions for creating a CNAME record; however, if they do not, contact them directly. A CNAME record is an entry in the Domain Name System that is used to define a host name alias for an Internet domain. To prove ownership of a domain, you sign in to your domain hosting service and use the DNS Management settings to create a temporary CNAME record for the domain. Then the service uses the alias in the CNAME record to query your domain. A successful query proves that you were able to create the CNAME record and therefore that you own the domain. If you do not have the authority to create a CNAME record for your domain, extra time may be required to contact your domain hosting service and have them create the record for you. Verifying a root domain also verifies any subdomains of it that are listed. For example, verifying renovations.com verifies west.renovations.com if listed in the Internet Domain Verification window. After you verify a root domain, no other company can use it or any subdomain of it. You can perform this procedure even if you are in the process of switching domain hosting services. Perform the following steps to verify ownership. Users cannot receive mail addressed to this domain until ownership is verified. For additional information, see the exercise about verifying ownership of your domain in the IBM SmartCloud Notes in a service-only environment on-line training course. Procedure 1. Log on to http://www.ibmcloud.com/social using the email address and password of a user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. In the navigation pane, click Internet Domain Verification. 5. In the Internet Domain Verification window, click Verify Ownership next to the domain to verify. Chapter 4. Configuring the service 27 6. Sign in to your domain hosting service and use the DNS management settings to create a new CNAME record. Use the information that is shown in the Internet Domain Verification window to create the CNAME record. v Put the unique key that is shown into the first field of the CNAME record. The name of this field varies by vendor, but it is sometimes named prefix or alias. v Put collabserv.com into the second field of the CNAME record. This field is sometimes named destination or target host. 7. After you create the CNAME record, click Begin Verification to begin verification of the domain. The unique key continues to be shown in the Internet Domain Verification window until verification completes successfully. Results To verify domain ownership, the service uses the alias in the CNAME record to query your domain. For example, if the CNAME key is domino-1jkkiaojd-rules and your domain name is renovations.com, the service queries domino-1jkkiaojd-rules.renovations.com. If verification is not successful, check that the unique key shown exactly matches the one added to the CNAME record. If the values are different, do not restart verification. Rather, update the CNAME record with the correct key and simply wait again for verification to complete. Domain verification can take up to 48 hours, although usually it takes much less time. If after 48 hours domain verification has not completed, click Restart Verification. Restarting verification generates a new unique key and you must then replace the old key with the new key in the CNAME record. Only restart verification if 48 hours have passed since you clicked Begin Verification. After a domain is verified, you can remove the CNAME record you created. What to do next Next, complete the task Configuring the MX record for the domain. Configuring the MX record for a domain After you verify ownership of the domain, configure your domain MX record to deliver mail to the service. About this task A Mail eXchange (MX) record identifies an SMTP host to which mail for a domain is sent. To enable your service users to receive email addressed to the verified domain, edit or create an MX record. Configure the MX record to point to the IBM SmartCloud Notes SMTP host name. If this domain is new, create an MX record for it. Contact your domain provider for information about the steps required to create or edit MX records. When you configure the MX record, specify one of the following SMTP host names, depending on the data center that you use. v If you use the United States data center, specify smtp.notes.na.collabserv.com. v If you use the Asia Pacific data center, specify smtp.notes.ap.collabserv.com. 28 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 v If you use the European data center, specify smtp.notes.ce.collabserv.com. Delete any MX records used previously for the domain. What to do next Next, Customize settings. Configuring additional Internet domains for the service to use When you configured your company account settings, you provided the name of one domain to use for routing Internet mail to your users. If you own additional Internet domains, you can configure the service to use them too. Procedure 1. Log on to http://www.ibmcloud.com/social using the email address and password of a user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Internet Domains. 5. Click Add Internet Domain, type the domain name, for example, renovations2.com, and click Save. Note: If necessary, you can edit or delete a domain you added previously. What to do next Next, verify ownership of the domain. Customizing settings After you configure account settings and Internet domains, optionally customize settings in the service to suit your needs. Enabling the accessible experience for the web client You can submit a request to enable the accessible experience for the web client for everyone in your organization. Mail, Calendar, Contacts, and Preferences features provided with this experience are all accessible. About this task Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. Another accessible experience for the web client is the desktop ultra-light mode. For more information on this mode, see the topic about web client accessibility features in the user documentation. Both accessible experiences are supported on a computer using Mozilla Firefox 24+ ESR or higher. See the IBM Human Ability and Accessibility Center for more information about the commitment that IBM has to accessibility. Chapter 4. Configuring the service 29 Procedure To enable the accessible experience for the web client for all users in your organization, contact Support. Related information: Web client accessibility features Support Configuring logins Reset passwords, manage password expiration periods, set up federated identity management, restrict logins to an IP range, and enable application passwords. Resetting service login passwords Users can reset their own service login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset service login passwords for any user at any time. About this task Reset passwords when userd forget their passwords, or when the password might be compromised. Users that log in by clicking Use My Organization's Login are using a federated identity and can reset their passwords only by following their company's process. If administrators enable password synchronization, when users change their service login passwords, they can also use the new passwords to log in to the IBM Notes client. Follow these steps to reset any user's password: Procedure 1. Click Administration > Manage Organization. 2. Click User Accounts. 3. Select the arrow next to the user that needs the password changed. 4. Select Reset password and enter the new password. This password is a temporary password that the user enters the next time that they log in. At that time, the user is asked to create a password. You can also reset the password by editing the user account. Click the appropriate user name in User Accounts and enter a new password in the Account Login tab. 5. Notify the user of the password change. The user is not automatically notified that the password was reset. Make sure to communicate this change to the user, along with the new password if needed. What to do next Administrators can enable security settings to enforce password expiration through System Settings > Security. When s user logs in with an expired password, the user is prompted to reset that password. 30 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Setting service login password expiration By default, service login passwords do not expire. Enforcing a password expiration period helps ensure that passwords are changed frequently. Administrators can set a password expiration interval for all users. Procedure 1. Click Administration > Manage Organization 2. Click Security. 3. Click Edit Settings in the Password Settings section. Select the number of days before a password expires, how the password can be reset, and add password reset support for your users. Managing Notes IDs You can reset Notes ID passwords, set Notes ID password expiration, and synchronize Notes ID passwords with service login passwords. Resetting passwords for Notes IDs: Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. About this task This procedure applies only to passwords associated with Notes ID files used with Notes clients, and not to service login passwords. Procedure 1. Log on to http://www.ibmcloud.com/social using the e-mail address and password of a SmartCloud Notes user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. In the Search box, type the beginning characters of any of the following user values to display the user's name: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. Chapter 4. Configuring the service 31 6. Click the user's name in the search results. 7. Under Available actions for this user, click Reset IBM Notes Password. 8. Enter a new password, and then click Save Changes. The password must be at least eight characters in length. 9. Provide the new password to the user in a way that complies with your company security policies. Results After you complete this procedure, the user can log on to a SmartCloud Notes server from an IBM Notes client using the new password. After logging on with the new password, the user is prompted to change the password. Note: If the Wrong Password prompt is displayed, tell the user to re-enter the new password that you provided. If that step does not solve the problem, tell the user to delete the local ID file and then re-enter the password. The user has five days from the time you reset a password to use the password to log on to a SmartCloud Notes mail server and download the new password to the Notes client. If the 5-day limit is exceeded, the user sees the following message and you must reset the password again: Contact your company administrator to have your Notes ID password reset. Related concepts: “Notes IDs and passwords” on page 35 When users connect to their mail servers in the cloud with IBM Notes clients and Notes IDs, they are authenticated using Notes Remote Procedure Call (NRPC) authentication. Related tasks: “Resetting service login passwords” on page 30 Users can reset their own service login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset service login passwords for any user at any time. “Setting password expiration for Notes IDs” For users who access the service with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. “Enabling password synchronization” on page 33 When users change their service login passwords, password synchronization enables the users to use the new passwords when they log in to the IBM Notes client. Setting password expiration for Notes IDs: For users who access the service with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. Before you begin For information on how this feature interacts with the password synchronization feature, see “Enabling password synchronization” on page 33. 32 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 About this task If users click File > Security > User Security, the Password must be changed by field does not show the password expiration date. Perform the following procedure to set password expiration for Notes IDs. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Click Password Management 5. Click Enable password expiration for IBM Notes clients. 6. Enter the number of days a password can be used before it expires. The minimum value for this setting is 30 days; the maximum is 3650 days. Results v When password expiration is first enabled, the passwords of all current users expire on a random basis after the expiration period, regardless of when the passwords were last changed. For example, if the expiration period is 90 days, all current users are prompted to change their passwords on a random basis when first authenticating after the 90-day expiration period. v The passwords of new users also expire on a random basis after the expiration period. v Users who are logged in when this setting becomes effective are not prompted to change the password during the current login session. v Users might experience a lag time of a few seconds between the time they change their password and authentication. This lag occurs while the updated ID is synchronizing with the vault. If the synchronization does not complete, authentication can fail. In that case, users can wait a few minutes, and then try again. If the synchronization continues to fail and the user cannot access the client, reset the Notes ID using SmartCloud Notes Administration. What to do next You might want to communicate the following information to your users: v There is no warning that informs them that their password is about to expire. v How often they will be prompted to reset their passwords. v What to do if authentication fails after they change their passwords. Related tasks: “Resetting passwords for Notes IDs” on page 31 Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. Enabling password synchronization: When users change their service login passwords, password synchronization enables the users to use the new passwords when they log in to the IBM Notes client. Chapter 4. Configuring the service 33 About this task Password synchronization benefits users who are active users of both the web and Notes clients by allowing them to use one password for both clients. After you enable password synchronization, when users change their service login passwords, the new passwords are added to the Notes ID files in the ID vault. Users can then use the new passwords the next time they log in to the service from the Notes client. Password synchronization occurs whenever users change their service login passwords. Users can change the service login passwords at any time through Connections Cloud My Account Settings. They also change the passwords: v After they log in to the service for the first time with temporary passwords; v After they log in to the service after an administrator resets their service login passwords; v After they log in to the service when service login password expiration is enabled and their passwords expire. Before you enable password synchronization, be aware of the following information: v The feature does not apply to users who log in to the service with a federated identity that your organization defines. v Synchronization occurs in one direction: from the service login password to the Notes ID password. Changing the Notes ID password does not change the service login password. v When service login passwords change, Notes client users are not required to use the new passwords. Their old passwords remain valid until they use the new passwords to log in to the service from the Notes client. Because the continued use of the old password prevents ID synchronization with the ID vault, as a best practice, recommend to users that they use the new passwords on the Notes client. v Synchronization occurs after Notes clients are connected to the service. v Notes client users can change their Notes ID passwords, either by choice or because you enable the Password Expiration setting in SmartCloud Notes Administration and their passwords expire. When Notes users change the Notes ID passwords, the service login passwords do not change automatically. However, users can use Connections Cloud My Account Settings to change the service login passwords to match the new Notes ID passwords. v If you enable password expiration for Notes IDs, a Notes ID password might expire before a user logs in to Notes with a new service login password. In this case, the user can log in to the Notes client with the old Notes ID password but the user is prompted to change the password when opening mail or another application. At this point the user can provide the new service login password. To enable password synchronization, complete the following procedure. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Click Password Management. 34 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 5. In the Password Synchronization section of the page, select Enable password synchronization. 6. Click Save. Results When users change their service login passwords, they can use the new passwords to log in to the Notes client. If users change the Notes ID password, the service login password does not change automatically. What to do next Notify users that the feature is enabled. Recommend that when they change the service login passwords that they use the new passwords to log in to the Notes client. Related tasks: “Resetting service login passwords” on page 30 Users can reset their own service login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset service login passwords for any user at any time. “Setting service login password expiration” on page 31 By default, service login passwords do not expire. Enforcing a password expiration period helps ensure that passwords are changed frequently. Administrators can set a password expiration interval for all users. Related information: Federated identity management Notes IDs and passwords: When users connect to their mail servers in the cloud with IBM Notes clients and Notes IDs, they are authenticated using Notes Remote Procedure Call (NRPC) authentication. In service-only environments, and in hybrid environments that do not use on-premises security policy settings to configure password requirements, Notes ID passwords must be at least eight characters. Passwords must also have a password quality of 8, on a quality scale of 0 (weakest) to 16 (strongest). Password quality refers to the required character complexity of passwords. In hybrid environments, you can use on-premises security policy settings to control password requirements. By default, Notes ID passwords do not expire and keeping this default behavior is recommended. Nevertheless, you can configure a password expiration interval of from 30 to 3650 days through the SmartCloud Notes Administration interface. If users forget their Notes ID passwords, company administrators can use the SmartCloud Notes Administration interface to reset the passwords to temporary values. The users use the temporary passwords to log in to the service from a Notes client and then are prompted to change the passwords. Chapter 4. Configuring the service 35 The Notes shared login feature is supported in hybrid environments. This feature allows users to log in to Microsoft Windows and then use the Notes client without providing a Notes ID password. A benefit of this feature is there are no Notes ID passwords to use or remember. The Notes client can connect automatically to the cloud service instant messaging community and to cloud service Activities through the client sidebar. (Access to service Activities requires a collaboration subscription). After users log on to the service mail server from the Notes client, a single-sign on capability enables them to access these cloud services during the session without providing their cloud service account login credentials. A Notes client can be configured to connect to both on-premises and cloud instant messaging servers or Activities servers through the sidebar. In this case, users must provide their cloud service login credentials to access the cloud servers. Related tasks: “Resetting passwords for Notes IDs” on page 31 Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. “Setting password expiration for Notes IDs” on page 32 For users who access the service with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. Setting up federated identity management When you set up federated identity management, users log on to the service using your on-premises authentication mechanism. About this task Federated identity management provides the following benefits: v It allows your company to control the type of authentication and authentication options. For example, you might restrict access to specific networks, use VPN connections, define custom password strength or password expiration periods, use smartcards, or require two-factor authentication. v Users can use their familiar, on-premises credentials to access the cloud service. v While users are logged on to the on-premises identity provider, they can access a cloud service without being re-prompted for credentials. After you implement federated identity management, you must accommodate users of mobile apps. If all of your mobile users have one or more IBM mobile apps such as Connections, Chat, Meetings, or most versions of IBM Notes Traveler, you have the following options: v Set up an additional, separate federated identity management endpoint for the IBM mobile apps. For more information about this, see the Flow models section of “SAML federated identity concepts” on page 37. v Use the partial authentication type when setting up federated identity management, which allows you to specify a group of users to whom federated identity management does not apply. In this case, you would specify your mobile device users. For more information about the partial authentication type, see the Authentication types section of “SAML federated identity concepts” on page 37. v Use application passwords. For information about application passwords, see “Enabling application passwords” on page 43. 36 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 All other mobile apps must use application passwords when federated identity management is implemented. Notes Traveler version 9.0.1.3 or greater for Android is an exception to the rule. It can connect to the same federated identity management system that non-mobile apps use. Note: Users to whom federated identity management applies cannot connect to the service with IMAP clients or FTP clients. SAML federated identity concepts: Learn about the federated identity process as implemented in the cloud service, the flow models that are supported, and the authentication types. Overview of the process using SAML Cloud services rely on SAML to provide the SSO services. In this implementation, your organization is the identity provider, and the cloud service is the service provider. You can use either SAML 1.1 or SAML 2.0. As the identity provider, your organization authenticates users. The authentication can be by a login with a user name and password, or by some other method. For mobile apps, the authentication must be by a login with user name and password. When a user gains access to your intranet and attempts to use a cloud service, a SAML assertion is sent from your organization to the SAML endpoint in the cloud service. The SAML assertion securely identifies the user. The cloud service uses the SAML assertion to decide whether the user can access it. Flow models Two flow models exist in federated identity management. One model is the identity provider initiated model (IdP-initiated), and the other is the service provider initiated model (SP-initiated). Mobile apps use the SP-initiated model. Normally, the SP-initiated flow model is not available in SAML 1.1 because SAML 1.1 does not support Identity Provider Discovery Profile. However, the cloud services use a hybrid version of SP-initiated that allows both SAML 1.1 and SAML 2.0. As a result, Identity Provider Discovery Profile is not required by cloud services, and is not implemented. The cloud services implement the Browser/POST profile that is used in SAML 1.1 and is compatible with the Web Browser SSO profile in SAML 2.0. Other profiles are not supported at this time. The following outlines describe the two flows: IdP-initiated 1. The user gains access to your intranet via your organization's authentication mechanism. 2. The user navigates to a web page on your intranet that contains a link to a cloud product such as Connections Cloud or SmartCloud Notes web. 3. The user clicks the link. Chapter 4. Configuring the service 37 4. The SSO process is initiated. A SAML assertion is sent to the cloud endpoint via HTTP POST. If the user has a valid account, access is granted. 5. The user interacts with the cloud product. SP-initiated hybrid 1. The user navigates to the cloud service login page. 2. The user clicks Use My Organization's Login. 3. The user enters the email address that is associated with the user’s account. 4. The cloud service looks up the email address and then redirects the user to your organization’s authentication mechanism. 5. The flow continues from Step 4 of the IdP-initiated model. The SP-initiated hybrid flow model also applies to mobile apps. Before using a mobile app, the user must do a one-time setup of the mobile app to use a cloud server. The setup process is different for each mobile app; instructions are included in the documentation of each app. The following outline describes the flow for mobile apps: SP-initiated hybrid for mobile apps 1. A mobile app initiates a connection to a cloud service. 2. The cloud server looks up the email address and then responds with the mobile login URL of your organization’s mobile authentication mechanism. 3. The mobile client issues a basic authentication request to the mobile login URL with the user's email address and password. 4. If the basic authentication is successful, a SAML assertion is returned to the mobile app. 5. The mobile app sends the SAML assertion to the cloud endpoint via HTTP POST. If the user has a valid account, access is granted. 6. The mobile user interacts with the cloud product. Authentication types Four types of federated identity management are available: Federated, Modified, Partial, and Non-federated. By default, all users in your organization are assigned the Non-federated type unless you enable one of the other types. Federated Users must authenticate with your organization before they can access cloud services. Users do not have a user name or password in the cloud user account. If they go to the service login page, they must click Use My Organization's Login. The Federated type applies to all users in your organization. The Federated type is convenient for your users who normally work from the office. They can log on to your system and use cloud services without needing a separate user name and password combination. However, if any of your users work from home or work while traveling, your directory servers must be accessible from the Internet. Also, because your users cannot log in with a name and password that is defined in the service, services such as chat and IMAP are not available. 38 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 If you choose the Federated type, you must implement the SP-initiated flow model. Modified Users have the option of authenticating with your organization before accessing the cloud-based services, or using a name and password defined in the service to log on. The Modified type applies to all users in your organization. The Modified type allows your users to access cloud services from the Internet, but you do not need to make your directory servers accessible from the Internet. Your users can use the single sign-on services when they are in the office, and the cloud service login when they are outside the office. Partial Each user in your organization is assigned one of the previously listed types: Non-federated, Federated, or Modified. If you do not specify a type for a particular user, the user is assigned the Non-federated type. Use the Partial type if you have one group of users who normally work in the office, and another group of users who normally work from home or who travel frequently. For example, the office workers can be assigned the Federated type, and the traveling sales team can be assigned the Modified type. You can also use the Partial type to group users by the services that are available to them. Users with the Federated type do not have access to chat or POP/IMAP, but users of the Modified type do have access to chat and POP/IMAP. If you choose the Partial type, you must implement the SP-initiated flow model to support users with the Federated type. Non-federated The login for the cloud service is independent of, and separate from, your organization's login procedure. Users must log on using the name and password defined in the service to use the cloud-based services. The Non-federated type is the default type, and is the simplest and easiest type to set up because it requires no action on your part. After one of the federation types is implemented, you can change to one of the other types by contacting your customer services representative. The customer services representative will advise you on the process. If you are using the Partial type, you can change individual users from one type to another without the need to contact your customer services representative. Preparing for federated identity management: The difficulty of getting your system ready for federated identity management depends on both the state of your system, and on your knowledge and experience with SAML, SSO, LDAP, and related technologies. Before contacting your IBM customer service representative to enable federated identity management, review the following checklist: v Choose the version of SAML that you want to use. You can use either SAML 1.1 or SAML 2.0. Chapter 4. Configuring the service 39 v Choose the type of federation that you want to employ: Federated, Modified, or Partial. See the topic SAML federated identity concepts for more information. v Review the IdP-initiated flow model and the SP-initiated hybrid flow model. See the topic SAML federated identity concepts for more information. v Implement SAML on your web server. You can use Tivoli® Federated Identity Manger, OpenSAML, Active Directory Federation, or some other federated identity manager. v If you are setting up federated identity for users of mobile apps, create a second endpoint that accepts basic authorization. The mobile apps work with the SP-initiated flow model only. v Retrieve or create the private/public key pair that will be used in digital signatures. v Integrate your directory server with your SAML service. Administration is easier if all of your users are on the same directory server. v Implement and test the SAML Browser/POST profile in either SAML 1.1 or SAML 2.0. v Create a dummy service provider and conduct an IdP-initiated single sign-on test to make sure that everything is working correctly. v Create a SAML metadata file to transmit your identity provider metadata to the IBM customer service representative. If you are using SAML 1.1, you have the option of transmitting most of the information in an email or by some other means that you negotiate with the IBM customer service representative. However, in this case you must transmit the public key inside a Java™ keystore. Enabling federated identity management: When your system is ready for testing with the cloud system, contact an IBM customer services representative. Before you begin Before you start the enablement process, review the following list: 1. Implement and test a federated identity management system that uses SAML. Make sure that your system is configured to send the user’s email address as the subject in a SAML assertion. 2. Test your system to make sure that it is configured for the type and flow model that you have chosen. See the topic SAML federated identity concepts for more information. 3. Complete the checklist in the topic Preparing for federated identity management Procedure To enable federated identity management: Send an email to cloudcsg@us.ibm.com. In the email, request to have federated identity management enabled for your organization. An IBM customer services representative will contact you with instructions and provide details of the process. What to do next After federated identity management is enabled, notify users of IBM mobile apps such as Traveler, Chat, or Meetings that they must generate application passwords. Users enter the application password instead of their regular login passwords 40 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 when logging in with a mobile app. In the notification, include the following link, which has instructions for generating application passwords: https:// apps.na.collabserv.com/help/topic/com.ibm.cloud.welcome.doc/ logins_application_passwords.html Configuring the Sametime rich client for SAML and downloading: Your users can chat using the IBM Sametime Connect rich client. About this task If your organization uses a standard login, your users can use any standalone Sametime Connect client at version 8.5.1 or later. They can also use the embedded version in Notes 9.0 or later. If your users log in with your organization's authentication credentials and use SAML token authentication for federated identity management, you can create a pre-configured installation package for Sametime Connect or for Notes. SAML support in Sametime and in Notes uses the Form based user/password login type. Alternatively, Users can download the SAML-enabled Sametime client that is available in SmartCloud and configure it themselves. Instructions to do this are in the user help https://apps.na.collabserv.com/help/topic/com.ibm.cloud.chat.doc/ imb_download_saml.html. However, users will need SAML IDP information from you to complete the configuration. Procedure To create a pre-configured installation package: 1. Locate the plugin_customization.ini file. The file is in one of the following locations, depending on the operating system: Windows Inside the deploy folder of the package root. RedHat Linux Inside the RedHat .rpm package at one of the following locations: For Sametime Connect: \opt\ibm\Sametime\framework\rcp\deploy For Notes: \opt\ibm\notes\framework\rcp\deploy MacOS Inside sametime-*.pkg\Contents\deploy. 2. Add the following configuration lines in the plugin_customization.ini file, based on your company's Sametime community and SAML IDP information. Note: To fit the width of this page, some records are shown on more than one line. In the plugin_customization.ini file, each record is a single line. # ";" is used to separate multiple communities com.ibm.collaboration.realtime.community/saml_communities=<Sametime # IDP server url com.ibm.collaboration.realtime.community/<Sametime community server <SAML authentication login URL> # login type of IDP server com.ibm.collaboration.realtime.community/<Sametime community server # html tag id or tag name of the user name field in IDP web page. com.ibm.collaboration.realtime.community/<Sametime community server community server host name> host name>.idp= host name>.idp.type=form host name>.idp.form.username.tag= Chapter 4. Configuring the service 41 <form_username_field_id> | <form_username_field_name> # html tag id or tag name of the user password field in IDP web page. com.ibm.collaboration.realtime.community/<Sametime community server host name>.idp.form.password.tag= <form_password_field_id> | <form_password_field_name> # html tag id or tag name of the submit field in IDP web page. com.ibm.collaboration.realtime.community/<Sametime community server host name>.idp.form.submit.tag= <form_submit_field_id> | <form_submit_field_name> # Optional. The default value is "false". If "true", all on-premises communities are deleted com.ibm.collaboration.realtime.community/<Sametime community server host name>.primary=false # Optional. The default value is "false". if "true", the SmartCloud community can be # removed from the communities preference page com.ibm.collaboration.realtime.community/<Sametime community server host name>.editable=false Sample: Note: To fit the width of this page, some records are shown on more than one line. In the plugin_customization.ini file, each record is a single line. com.ibm.collaboration.realtime.community/saml_communities=im.na.collabserv.com com.ibm.collaboration.realtime.community/ im.na.collabserv.com.idp=https://www.example.com/FIM/sps/SAML20/logininitial? PartnerId=https://apps.na.collabserv.com/sps/sp/saml/v2_0& TARGET=https://apps.na.collabserv.com&PROTOCOL=POST com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.type=form com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.form.username.tag=Intranet_ID com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.form.password.tag=password com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.form.submit.tag=ibm-submit 3. Replace the existing plugin_customization.ini file in the Sametime installation package or in the Notes installation package with the file that you updated. 4. Distribute the updated Sametime installation package or Notes installation package to your users. The SAML configuration information is automatically populated when your users install the client. Note: The installation package that you distribute to Mac users must be digitally signed by IBM. Before distributing the installation package to Mac users, email your modified plugin_customization.ini file to support@collabserv.com. A signed installation package will be created and returned to you. Restricting the IP address range To ensure that users log in from an approved network connection, administrators can define an approved range of IP addresses. About this task By restricting the IP addresses that have access to your organization, you provide a level of protection against user's credentials being stolen or phished. If IP ranges are restricted to your network, an attacker would need to authenticate to the server from within your network to access any stolen credentials. If your company uses SMTP, POP or iMAP protocols, restrictions are not applied. Also, restrictions are not applied to SmartCloud Notes Notes Remote Procedure Calls (NRPC). Procedure 1. Click Administration > Manage Organization 2. Click Security. 3. Click Add Range in the IP Address Ranges section to enter the beginning and ending IP addresses. You must specify the IP address at which you are currently logged in. 42 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Results Enabling IP address restrictions might block mobile user access to your organization. For example, Blackberry users must authenticate through a Blackberry Enterprise Server (BES) which authenticates both the mobile device and the user. Because the IP address for the authenticated user is that of the BES server, IP address restrictions can block access, depending on the range specified. Use VPN tools on the mobile device to route traffic to your organization using your network What to do next You can use IP address restrictions as a secondary authentication mechanism in combination with SAML single sign-on authentication. Enabling application passwords Application passwords can be used to provide a secure login for applications that do not support forms-based authentication. For example, they can be used to access applications that require passwords on a mobile device or for organizations that use federated identity and service login passwords are not used. When you enable application passwords, you also have the option of requiring the use of application passwords, and of allowing mobile users to bypass IP restrictions. About this task If you require an application password, then the service login password is disabled for the application, and users must log in using the application password. For example, users would be required to use the application password to log in to the service on a mobile device or in a browser. However, they could still use the service login password to log in to the service web site and for other applications. If you do not require an application password, then users can continue to log in from a browser, for example, using their service login password. If you allow mobile users to bypass IP restrictions, application passwords provide an additional layer of password strength. This is due in part to their length (16 characters) and because they are generated using a strong random number generator. If a mobile device is lost or stolen, you can then disable the IP restriction bypass which prevents access to the application outside your organization's designated IP range. Note: If you enable application passwords and select the Ignore IP range restrictions for applications setting to allow users to bypass IP restrictions, the setting does not apply to Windows Phone or Windows Tablet users. If you restrict login to a specific IP range, Windows Phone and Windows Tablet users must log in from network locations within the range. You can also disable the use of application passwords at any time. Then, if users have created an application password, the application cannot be accessed because the password is no longer effective. Tip: Users can also prevent access to the application by revoking their application password, which they can do at any time. Organizations that do not use federated identity can disable the use of the standard service password for mobile applications. Chapter 4. Configuring the service 43 Procedure 1. 2. 3. 4. Select Administration > Manage Organization. In the navigation pane, under System Settings, click Security. Under Password Settings, click Edit Settings. Select Allow users to generate application passwords. 5. Select any of the following options that apply, and then click Save Changes. Table 7. Application Password Options Option Result Expiration Select a password expiration interval or select No expiration if you do not want application passwords to expire. Ignore IP range restrictions for applications Users will be able to access applications from outside the organization's designated IP range. However, they cannot access it using the service login, they must use an application password instead. For more information about specifying IP address ranges, refer to “Restricting the IP address range” on page 42 Require applications to use application passwords to access this site This option restricts the supported authentication flow to application passwords. It prevents users from logging to this site using their service login password. This option does not display for organizations that use federated identity. Results After you enable this feature, users can create and manage application passwords in My Account Settings in the service. General information about how users manage their application passwords is listed here. v If enabled, users can generate an application password for the IBM Notes Traveler. v Application passwords can be shared across mobile products, including IBM Traveler, IBM Sametime, and Connections Cloud. v If you did not select the option Require applications to use application passwords to access this site, then using an application password is optional for users. However, if you have IP range restrictions enabled, they will not be able to log in using their service password unless they are within the IP range. v Application passwords are generated by the service when requested by users. The generated passwords displays to the user only once, and cannot be recovered. v Users can revoke and generate a new application password at any time. There is no limit to the number that can be generated. v Passwords are generated using cryptographically strong random number generator. They are 16 characters long, and not case sensitive. Users should enter the password once into their device and allow the device to save the password. v If there are ten failed login attempts, the account is locked for three minutes. 44 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 What to do next If you selected Applications must use the generated password to access this site, or if you allowed users to bypass the specified IP range, instruct them to generate application passwords. For information on how users generate application passwords see Application passwords for mobile access. Authentication methods by client The following table lists the authentication methods supported for each type of IBM SmartCloud Notesclient. Table 8. Authentication methods by SmartCloud Notes client Authentication method Supported clients Cloud service account identity and password v SmartCloud Notes web v IMAP clients v IBM Notes Traveler devices v FTP client that is used to connect to the integration server to download journal files or to upload change files to manage user accounts SAML Federated Identity v SmartCloud Notes web v Notes Traveler Android 9.0.1.3 and higher client Cloud service account identity with application password Notes Traveler devices NRPC IBM Notes Research in Motion data center authentication BlackBerry® devices that access the service through Hosted BlackBerry subscriptions Password rules by authentication method The following table summarizes the password rules and settings for each supported IBM SmartCloud Notes client. Chapter 4. Configuring the service 45 Table 9. Password rules and settings by authentication method Authentication method Cloud service account identity and password Password rules Password expiration1 Password changes v At least eight characters v Disabled by default v At least four alphabetic characters v Administrators can enable a password expiration interval of 30, 60, 90, 180, or 365 days. v At least one non-alphabetic character v By administrator v By user v No spaces v No more than two consecutive characters v No match of any of the eight previous passwords v Cannot contain user name or email address SAML Federated Identity Controlled by company 16 characters Cloud service account identity and (non-case sensitive) application password NRPC Controlled by company Controlled by company v Disabled by default v Password changes not allowed v Administrators can v Administrators or enable users can revoke passwords and users then generate new ones In service-only v Disabled by v By administrator environments, and in default v By user hybrid environments v Administrators can that do not use enable through policy security SmartCloud settings to configure NotesAdministration password requirements, IBM Notes ID passwords must be at least eight characters and have a password quality of 8, on a password quality scale of 0 (weakest) to 16 (strongest). 1 While it may seem that requiring passwords to expire provides more security, most security experts believe the opposite is true. Password expiration often leads to the use of simpler, more easily-guessed passwords, and to users writing down passwords to remember them. A better policy is to use more complex password phrases that do not expire, whenever possible. In addition to providing better 46 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 security, this policy also reduces the number of help desk calls generated from users who forget their ever-changing passwords. Configuring the name finder Complete this procedure to configure how users find names in a directory. Before you begin Read the topic “Standard and Advanced Name Finder options” on page 49for details about and a comparison of the Standard and Advanced name finder options. About this task The name finder settings control how users find names in a directory. For example, the settings are used when users find names by clicking the To link in a new mail message or the Required link in a new meeting invitation. Name Finder settings are not related to type ahead addressing, the feature that automatically finds matches to names that users type in address fields. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Name Finder. 6. Select options, as described in the following table: Option Description Basic The name finder lists all names in a directory, in alphabetical order by surname. Users type the first few characters of the surname they are looking for, and the cursor moves to the first matching name. From there, users can use the scroll bar to find the name. This setting is the default and it applies to Notes users and web client users. Chapter 4. Configuring the service 47 Option Description Basic Quick Search Only The name finder shows no names in a directory, initially. Users type the first few characters of a given name or surname and click Search. The name finder then shows directory entries whose surnames or given names begin with the characters searched for. For example, a search for Jack can return the names Jackie Roberts or Tony Jackson but not Tony Blackjack. This setting provides more flexibility for finding names in large directories. This setting applies to Notes users and web client users. Standard Users search for names and search results show directory entries that match. Unlike the Basic and Basic Quick Search Only options, users can sort the search results and see details about the user entries that are returned in search results. This search capability applies to web client users only. Advanced Users get the name finder capabilities of the Standard option. In addition, they are able to narrow search results by manager, department, job title, location. This option is available for hybrid environments only. This search capability applies to web client users only. Show user photos Search results show user photos. In service-only environments, the photos come from IBM Connections Cloud user profiles. In hybrid environments, the photos can come from IBM Connections Cloud user profiles or from Person documents in an on-premises directory. To use an on-premises directory, clear the Use SmartCloud Engage photos field. This option is available when you select the Standard or Advanced options. The feature applies to web client users only. 48 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Option Description Browse corporate hierarchy Users can browse a directory by hierarchy categories that you assign to Person documents in an on-premises Domino directory. This option is available for hybrid environments when you select the Standard or Advanced options. The feature applies to Notes users and to web client users. Browse corporate hierarchy > Used ranked sort order Users can browse a directory by ranked categories that you define in an on-premises Domino directory by using the Domino Japanese Extension (DJX) tool. This option is available for hybrid environments when you select the Standard or Advanced options. The feature applies to Notes users and to web client users. Results The change usually takes effect within 15 minutes or less. Standard and Advanced Name Finder options The Standard and Advanced Name Finder configuration options provide several features to help users to find names in directories. The Standard option is available for service-only environments and hybrid environments. The Advanced option is available for hybrid environments only. The following table compares the features that are provided by each option. All of these features are available for the web client. The features currently available for the IBM Notes client are the browse features only. When you enable the Standard or Advanced option, the Basic Quick Search Only search option is put in effect for Notes client users. Table 10. Comparison of the Standard and Advanced Name Finder configuration options Feature Standard Name Finder Advanced Name Finder Name search Users can search by: Users can search by: v First name v First name v Last name v Last name v Notes full name v Notes full name v Internet address v Internet address v Short name v Short name v Alternate name v Alternate name (if value populated in directory) v Phonetic name v Phonetic name (if value populated in directory) Chapter 4. Configuring the service 49 Table 10. Comparison of the Standard and Advanced Name Finder configuration options (continued) Feature Standard Name Finder Advanced Name Finder Search conditions to narrow the results of name searches Not available Users can narrow name searches by: v Manager v Department v Job Title v Location Each condition added narrows results further. These fields must be populated in Person documents in the on-premises directory. Maximum search results returned 200 200 Sort entries in search results All users can sort results by: All users can sort results by: v Last name, first name v Last name, first name v First name, last name v First name, last name v Directory v Directory Users in hybrid environments can sort results by the following information, if the corresponding fields are populated in Person documents: Users can sort results by the following information, if the corresponding fields are populated in Person documents: v Manager v Job Title v Job Title v Department v Department v Location v Manager v Location Show details about names in search results Show user photos from IBM Connections Cloud user profiles in search results 50 All users can see the following details: All users can see the following details: v User name v User name v Internet address v Internet address v Domain v Domain v Directory v Directory Users in hybrid environments can see several additional details, if the fields are populated in Person documents. Users can see several additional details, if the fields are populated in Person documents. This feature requires users to have a collaboration subscription in addition to a SmartCloud Notes subscription. This feature requires users to have a collaboration subscription in addition to a SmartCloud Notes subscription. SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Table 10. Comparison of the Standard and Advanced Name Finder configuration options (continued) Feature Standard Name Finder Advanced Name Finder Shows user photos from on-premises Person documents Available in hybrid environments only and requires a change to the Domino directory design to support photos in Person documents. Requires a change to the Domino directory design to support photos in Person documents. Browse entries in a directory by categories that are defined by use of the Domino Corporate Hierarchy feature Available in hybrid environments for directories with Person documents that are assigned corporate hierarchy categories. For more information, see the topic about categorizing a user by corporate hierarchy in the Domino documentation. Available for directories with Person documents that are assigned corporate hierarchy categories. For more information, see the topic about categorizing a user by corporate hierarchy in the Domino documentation. Browse entries in a directory by ranking Available in hybrid environments. You use the Domino Japanese Extension tool (DJX) to configure the directory to support this option. You use the Domino Japanese Extension tool (DJX) to configure the directory to support this option. Basic name finder illustration The following pictures illustrate finding names in a directory when the Basic name finder option is enabled. Chapter 4. Configuring the service 51 Basic Quick Search Only name finder illustration The following pictures illustrate finding names in a directory when the Basic Quick Search Only name finder option is enabled. 52 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Chapter 4. Configuring the service 53 Standard name finder illustration The following pictures illustrate finding names in a directory when the Standard name finder option is enabled. 54 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Configuring mail settings There are several settings related to mail that you configure from SmartCloud Notes Administration. Changing the size limit for incoming messages The service does not deliver inbound messages that are larger than 100MB, by default. You can specify a different inbound message size limit. The limit applies to all mail that is sent to users in the service. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Email Management. 5. Under Limit Message Size, specify the size limit for incoming messages. Prevent automatic forwarding of messages You can prevent users from using mail rules to automatically forwarding email to external addresses. About this task Users can create mail rules that include the action send copy to, which automatically forwards a copy of the email to other users. Select this option so that mail addressed to users in domains that are not owned by your company are ignored when the message is forwarded. Users can still forward email to any address manually. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. Chapter 4. Configuring the service 55 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Email Management. 5. Under External Forwarding, select Do not allow automatic forwarding to external addresses. Specifying how Notes links display in the web client You can specify how IBM Notes links, such as doc links, application links, and view links, display in web client email. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Email Management. 5. Under Link Style, select how Notes document, view, and application links display when users read mail in a browser: Table 11. Link Style Options and Icons Style Description Web links only The default. Uses web addresses (https://...). In email, the address displays as an Internet icon: Document link View link Application link Notes links only Uses Notes URLs (notes://...). In email, the address displays as a Notes icon: Document link View link Application links Notes and web links Uses both web and Notes addresses, and includes both icons to represent each link. Example of a link to a document: Configuring how long mail remains in the Trash folder When a user deletes a message from a mail file on a cloud server or the service automatically deletes an older message, the message is moved to the Trash folder where it remains for 14 days, by default. After 14 days, the message is permanently deleted. You can change how long deleted mail remains in the Trash folder. You can also prevent users from emptying the Trash folder themselves. 56 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 About this task Documents that are deleted from the Trash folder cannot be recovered. While deleted mail is in the Trash folder, users can restore it to its original folder. The Trash folder can contain a maximum of 32,768 messages. If this limit is reached, each message added to the Trash folder causes a message that has been in the Trash folder the longest to be permanently deleted. This deletion occurs even if a message has been in the Trash folder less time than the specified deletion interval. Premature deletion from Trash stops when either manual or automatic deletion of messages causes the number of messages in the Trash folder to fall below the limit. This behavior is not common but can occur in mail files where many messages are frequently received and deleted. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Email Management. 5. Under Configure Mail Retention in the Trash Folder, complete these fields to manage mail in the Trash folder. Table 12. Trash Folder Mail Retention Settings Option Description Retain deleted messages for how many days? Enter a number from 14 - 90. The default value is 14. If you decrease an interval that was previously set, then all messages that meet the new criteria are deleted. For example, if you decrease the interval from 20 days to 16 days, then mail in the Trash folder older than 16 days is deleted. Allow users to empty the Trash folder When this option is selected, users can permanently delete messages from the Trash folder by clicking Empty Trash or by selecting a message and deleting it. This option is enabled by default. To prevent users from deleting mail from the Trash folder, deselect the option. Then, mail remains in the Trash folder for the duration specified in Retain deleted messages for how many days? before being permanently deleted. Note: If you prevent users from deleting mail in the Trash, IBM Notes client users can still delete mail from the Trash on local mail replicas. However, the deletion does not carry over to the server mail file replicas. Deleting older email and meetings You can reduce the size of mail files and improve email usability by automatically deleting older email messages and meetings. By default, email messages and meetings remain indefinitely unless users delete them. Chapter 4. Configuring the service 57 About this task When you enable email deletion, you can: v Control how many days messages and meetings remain before they are processed for deletion. v Exclude messages in user-created folders from automatic message deletion. v Send reports of automatically deleted messages and meetings to specific user addresses. v Exclude the mail files of specific users from the automatic deletion. Non-mail documents added by web client users, such as Person documents, are not deleted. Messages that are flagged for follow-up are not deleted, except for messages that are flagged by the sender before being sent, which are deleted. When email deletion is enabled, the service takes the following steps to delete older messages and meetings: 1. Messages that are older than the Delete email after how many days? value are moved temporarily to a folder created by the service. Meetings are moved to the temporary folder when it is longer than the specified number of days since the meetings occurred. Repeat meetings are processed based on the date of the last meeting. 2. The default name of the folder to which deleted messages and meetings are moved temporarily is *To Be Deleted*. You can specify a different name. Users can prevent messages in this folder from being deleted by moving them to a folder that is exempted from automatic deletion. 3. Messages and meetings are moved weekly from the temporary folder location to the Trash folder. The service staggers this processing so that not all mail files are processed at the same time. Users can prevent messages and meetings in the Trash folder from being deleted by moving them to a folder that is exempted from automatic deletion. 4. Messages and meetings are deleted from the Trash folder after 14 days, by default. You can use the Retain deleted messages for how many days? setting in the Configure Mail Retention in the Trash Folder section of the Email Management window to change the number of days messages remain in the Trash folder. After messages are deleted from the Trash folder, they cannot be recovered. The value of Delete email after how many days? plus the value of Retain deleted messages for how many days? determine when messages are deleted from mail files. For example, if the value of Delete email after how many days? is 365 and the value of Retain deleted messages for how many days? is 90, messages are permanently deleted from mail files after one year and three months (455 days). Perform the following steps to enable and configure automatic deletion of older email. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 58 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 4. Click Account Settings and then click Email Management. 5. Under Delete Older Email, select Enable email deletion. 6. Use the following settings to specify how to manage older email deletion: Table 13. Mail Deletion Settings Option Description Delete email after how many days? Specify the number of days email messages remain before being processed for deletion. If no value is specified, 14 days is the default value. Keep email that is filed in folders. Select this option to prevent mail that is stored in all user-created folders from being deleted. Keep email only if it is in one of these folders or their subfolders Select this option to keep mail only messages in specific folders or subfolders from being deleted. In the Exempt Folders box, specify the folder names, one name per line. To specify a single subfolder, enter parentfolder\subfolder. For example, enter Suppliers\Tools to prevent messages in the \Tools subfolder from being automatically deleted, but to allow messages in the Suppliers parent folder and any other of its subfolders to be deleted. Folder name Specify the name of a folder to temporarily store messages that are targeted for deletion. If the folder does not exist, the service creates it. Messages remain in this folder for a week and then are moved to the Trash folder. If you do not specify a folder name, the name *To Be Deleted* is used. Send email report of the number of emails deleted to the following addresses List the addresses of users you want to receive email deletion reports. Do not delete the email of the following users List the names of users you want to exempt from mail deletion. Enabling the ActiveX control for Internet Explorer users The Internet Explorer ActiveX control provides mail enhancements to IBM SmartCloud Notes web users who use Internet Explorer. About this task You enable use of the ActiveX control through SmartCloud Notes Administration Account Settings. ActiveX is disabled by default to allow and encourage more secure web browser configurations. If you enable ActiveX to provide additional mail features to Internet Explorer users, be aware that doing so might result in less secure browser configurations. If you enable ActiveX, when users who use Internet Explorer log in to the SmartCloud Notes service, they see prompts that allow them to install the ActiveX control. The prompts refer to the ActiveX control as the IBM iNotes control. Chapter 4. Configuring the service 59 After users install the control, they can do the following tasks: v Make SmartCloud Notes web the default email client through Preferences. v Send email from Windows Explorer, the desktop, or the Start menu. v Create new email messages by clicking a Mailto:// link from external web pages. v Select multiple files to attach to an email, detach and save multiple attachments, open attachments by double-clicking without having to save them first, and drag multiple attachments to Windows Explorer or the desktop. v Copy an image to the clipboard and then press Ctrl+V or click the image icon in the message toolbar to paste the image into an email. Note: Running Internet Explorer in Protected Mode can prevent users from being able to save attachments, drag attachments from mail to the desktop, or set the default mail client. For information about options to resolve this issue and about Protected Mode, see IBM Technote 1655831. One option is to resolve the issue by adding the mail server or domain as a trusted site. If you use this option, as the trusted site, specify notes.<dc>.collabserv.com (where dc is your data center) or *.collabserv.com. Users might occasionally be prompted to install updates to the ActiveX control when enhancements to the control are deployed in the service. If users do not install an update, features that require the control are no longer available during the current session. Users are prompted again to install the update when they next log in to the service. Complete the following steps to enable all web users who use Internet Explorer to download and use the ActiveX control. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Email & Calendar Options. 6. Select Enable ActiveX attachment control. Related information: IBM Technote 1655831 Specifying an SMTP server to route mail to the Internet By default, the service routes mail that service users send to external users over the Internet. You have the option to route this mail through a company-controlled SMTP host server instead. Before you begin Prepare your on-premises environment. For more information, see “Preparing to use a company SMTP server to route outbound Internet mail” on page 20. 60 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 About this task Skip this procedure if you want the service to handle routing the mail that is sent to external users. In this case (default behavior), the service filters the messages for virus and spam before routing them to the Internet. By using a company SMTP host server for external routing, you can act on messages before routing them, for example, filter or audit messages. When you use this feature, the service filters messages for viruses and spam and then routes them directly to your designated SMTP host server. Messages addressed to any domain that is not an internal, service-verified domain are routed to the SMTP host server. The service uses Transport Layer Security (TLS) to route mail to the SMTP host server if the host server uses TLS. The connection is made using STARTTLS over SSL TCP/IP port 25. Perform the following steps to specify the name of your SMTP host server in Account Settings. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings > Email Management. 5. In the SMTP server field under Manage Routing to External Internet Domains, enter an SMTP host name to use for routing. 6. Click Save. Preparing to use custom mail file templates You can apply a custom mail file template to mail files of service users. The template must meet design requirements that minimize the risk and impact to your users and to the service. You submit the template for approval to an IBM Software Services for Collaboration representative. About this task The template design development can be done in-house or through a contract with a third-party developer or an IBM representative. A short professional services engagement with IBM Software Services for Collaboration is required to approve a custom template. A custom mail file template allows you to customize the design of user mail files. It is also used to customize the mail file access of new mail files to enable administrators or server-based agents to access them. Customized mail file access is strongly recommended; without it only mail file owners and mail file delegates can access mail files. The following steps outline the high-level tasks and identify who is responsible for developing and applying a custom template. Procedure 1. Customer Contacts an IBM Software Services for Collaboration representative to procure a statement of work. Chapter 4. Configuring the service 61 This step should be done as soon as it is determined that the business requires a custom mail template. This prior notice ensures that they are prepared to validate the template soon after receiving it 2. Developer Reviews the design requirements for custom mail templates. To be approved for use with the service, a custom mail template must meet specific design requirements. For example, a custom template must contain specific design elements from the standard mail template of a IBM Notes version supported by the service. For information about template design requirements, see the wiki article SmartCloud Notes Template Validation Requirements. 3. Developer Designs and implements the template changes in the on-premises environment. When preparing a custom template that is already in use, the developer should: v Assess and document the current customizations. v Compare each customization to the standard mail template. Determine whether each is still needed or if it can be deleted. If a customization is still needed, determine whether it requires modification. v Document the requirements for the new version of the custom template. 4. Customer Tests the template in the on-premises environment. You are responsible for testing the template in your company environment to ensure that it functions as intended. 5. Customer Emails a request to customization.analyzer@collabserv.com to be set up for the Mail Analyzer application. The email should include the Customer ID and also be sent to the IBM Software Services for Collaboration representative. The customer receives a confirmation email when setup is complete. The Mail Analyzer application is used to do preliminary checks of the custom template. 6. Customer After receiving notification that the Mail Analyzer application setup is complete, the customer emails the custom template to customization.analyzer@collabserv.com to perform an automated analysis. The customer receives an email summary of the results. This step can be repeated as often as needed during the development and testing cycle. 7. Customer Submits the template to an IBM representative for a final manual validation. Template validation requires a short professional services engagement with IBM Software Services for Collaboration. 8. IBM representative Validates the template and report results to the customer. This step ensures that the template meets the template validation requirements. The IBM representative sends the customer a short, written report summarizing the assessment, and indicating approval or rejection. 9. IBM representative Loads the template to the service, after approval of the template. 10. Company administrator Applies the template to user accounts. When the template is approved, a company administrator for the service uses SmartCloud Notes Administration to apply the template to the accounts of new or existing users. Alternatively, the template can be applied through the integration server and a user provisioning change file. For more information, see the topic on creating user provisioning change files in the integration server documentation. Related tasks: 62 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 “Preparing customized mail file ACLs” on page 68 An important reason to customize mail file access is to allow administrators or server-based agents to access mail files. Without customized mail file access, only mail file owners and mail file delegates can access mail files. “Configuring mail file templates” Configure which mail file templates can be applied to user mail files and configure a mail file template to use by default. “Changing user mail file templates” on page 139 You can change the mail file template assigned to a user. For example, change the mail template if the IBM Notes client of a user is upgraded to a new version. Related information: Integration server documentation Handling execution security alerts caused by custom templates The service signs a custom mail file template with a unique customer signature. IBM Notes users that use a custom mail file template see an execution security alert if the Execution Control List (ECL) on the client does not allow access to the signature. About this task The first time Notes users authenticate with the service after the application of a custom template, they see an execution security alert. The alert states that the template signer, customerID LotusLive Template Signer/customercertifier, is attempting to perform an ECL update action. Selecting Start trusting the signer prevents all future alerts for the template signature. For more information about execution security alerts, see the topic about the execution control list in the Domino documentation. Related information: Domino documentation Configuring mail file templates Configure which mail file templates can be applied to user mail files and configure a mail file template to use by default. About this task The service provides standard mail file templates to apply to user mail files. Custom mail file templates that are designed for your company and approved by an IBM Software Services for Collaboration representative might also be available for use. Apply the mail file template after user provisioning. Procedure 1. Log on to http://www.ibmcloud.com/social as a user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. From SmartCloud Notes Administration, click Mail Templates. 5. Perform any of the following template management tasks. Chapter 4. Configuring the service 63 Table 14. Mail template management tasks Task Steps Additional information Select a mail template to apply to new user accounts by default. 1. Click Custom Mail Templates or Standard Mail Templates. If you do not select a default template, the most recent English version of the standard template is used as the default. 2. Select a template. 3. Click Set as default You can change the mail template after you add a new user, as necessary. Download a template to 1. Click Custom Mail Templates make design changes to or Standard Mail Templates. it. 2. Select a template. 3. Click Download. Remove a custom 1. Click Custom Mail Templates. template from the list of 2. Select a template. available templates. 3. Click Delete Selected. When the design changes are complete, you must submit the template to an IBM Software Services for Collaboration representative for approval before it can be applied to user mail files. Remove a template if it is no longer used. If you remove a template that is currently assigned to a user, you should assign a new one. Be careful when removing a template. If you change your mind, you must contract the services of IBM Software Services for Collaboration to add it back. Related tasks: “Changing user mail file templates” on page 139 You can change the mail file template assigned to a user. For example, change the mail template if the IBM Notes client of a user is upgraded to a new version. “Preparing to use custom mail file templates” on page 61 You can apply a custom mail file template to mail files of service users. The template must meet design requirements that minimize the risk and impact to your users and to the service. You submit the template for approval to an IBM Software Services for Collaboration representative. “Viewing assigned mail file templates” on page 137 You can view the mail file template that is assigned to a service user. Using extension forms files to customize the look of the web client You can use an extension forms file to customize the visual theme, fonts, the action bar, and other aspects of the web client. For example, you can add graphics, change colors, and add new menu items. Before you begin Read the topic “Extension forms file requirements” on page 66. 64 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Note: IBM reserves the right to disable any extension forms file that causes a degradation in the service. About this task Deploying an extension forms file in the service requires a brief service contract with an IBM Software Services for Collaboration representative. The representative validates extension forms files to ensure that they comply with requirements that reduce risk to your users and to the service. Once approved, the IBM representative uploads the extension forms file to the service for your use. You can deploy more than one extension forms file and apply each to different users. Extension forms files must be based on the IBM iNotes 9.0 Social Edition forms9_x.ntf template that is downloaded from the service. To deploy an extension forms file in the service, perform the following steps. Procedure 1. Download the extension forms template or a currently deployed extension forms file from the service: a. Log in to the service as an administrator. b. If your account has the user role, click Admin > Manage Organization. c. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. d. Click Extension Forms Files. e. Perform one of the following steps: v To use the default design as a starting point, click Extension Forms Templates and download the template file. v To download an extensions forms file that is already deployed, select the file in the Extension Forms File page and click Download. 2. If you download the extension forms template in the previous step, use the template to create the extension forms file. 3. To transfer changes in an extension forms file currently used at your company to the extension forms file used in the service: v Assess and document the design changes in the on-premises extension forms file. v Note any design changes that are no longer needed and can be deleted. v Determine whether the remaining design changes in the on-premises extension forms file are supported in the service or need modification. v Document the changes to the new extension forms file that are required. 4. Make the design changes to the extension forms file to be used in the service. 5. Test the design changes on an IBM Domino iNotes server in the on-premises environment: Note: You might want to install and set up a test server for this purpose. a. In a Mail Settings document applied to a policy, click IBM iNotes and in the Basics tab, add the name of the extension forms file to the Extension Forms File Name field. This step is needed only if the extension forms file name is not Forms9_x.nsf, or if you want to use a policy to enable the forms file for specific users. Chapter 4. Configuring the service 65 b. Use the following server command to flush the server database cache: dbcache flush c. Copy the extension forms file to the iNotes directory under the server data directory. d. Use the following server command to stop and restart the HTTP task: tell http restart e. Start a web browser and clear the browser cache. f. Test the changes from the browser. 6. Submit the extension forms file to an IBM Software Services for Collaboration representative for validation. The IBM representative validates the extension forms file and sends you a summary report that indicates whether the extension forms file is approved. After it is approved, the IBM representative uploads the extension forms file to the service. What to do next Assign the extension forms file to users. Related tasks: “Assigning extension forms files to users” on page 140 After an IBM representative uploads an approved extension forms file to the service, you can assign the forms file to users. Extension forms file enable you to customize the visual theme, fonts, the action bar, and other aspects of the web client. “Preparing to use custom mail file templates” on page 61 You can apply a custom mail file template to mail files of service users. The template must meet design requirements that minimize the risk and impact to your users and to the service. You submit the template for approval to an IBM Software Services for Collaboration representative. Extension forms file requirements Before you develop an extension forms file to customize the web client, be aware of the requirements. You can use multiple extension forms files, each applied to different sets of users. v Extension forms files must be based on the IBM iNotes 9.0 Social Edition forms9_x.ntf template that you download from the service. v Extension forms files can reference only mail files within the IBM SmartCloud Notes service. In particular, they cannot reference IBM Notes databases on on-premises servers or images on web servers outside the service. v Customization must be self-contained. Any resources, such as images, style sheets and JavaScript, must be included in the Extension Forms File. References to external sources are not allowed. Customization such as ActiveX controls or Java classes where the source code cannot be inspected are also not allowed. v Local encryption must be disabled on extension forms file databases: 1. From Notes, open the extension forms file database. 2. Click File > Application > Properties. 3. Click Encryption Settings. If the text Current encryption strength : None is shown in the dialog box, the database is not encrypted. If the database is encrypted, complete the remaining steps. 4. Click Do not locally encrypt this database. 5. Close the extension forms file database. 66 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 6. Open the database. A progress bar is shown as the database is unencrypted. 7. Repeat steps 2 and 3 to verify that the database is unencrypted. You can use an extension forms file to make the following types of changes to the web client: v Modify the visual theme in the following ways: – Override CSS styles. v v v v – Override gradient fill color specifications. – Replace images. New images must be in the extension forms file. Add fonts to the rich text editor that is used when users create email messages, calendar entries, and so forth. Add fields to documents such as mail messages and calendar entries. Add, remove, or modify items in the action bar menu. Use global settings to extend the session information, for example, override a preference setting or read a profile note field. v Add JavaScript code to the document save function to verify items when documents are saved or sent. You can customize the following subforms in an extension forms file: Table 15. Subforms that can be customized Subform Purpose Custom_Common_Utils Adds functions that are called from Custom_JS. Custom_CSS Adds new CSS styles. Custom_JS Contains callback functions to use to add or remove action bar items, add code when pages are displayed or submitted. This subform is used for forms that use an older architecture. Most of the code uses the newer forms, however a few older forms remain. Custom_JS_Edit Adds fonts to the rich text editor. Custom_Name_Lite The code to display names in Korean format. Custom_Page_Dictionary Adds new variable values for use with the Custom_CSS subform. Custom_WelcomePage Adds choices for the Welcome Page. Custom_Page_Dictionary Adds variable values that are available for use in the Custom_CSS subform. Custom_xxx_Dictionary These custom dictionary subforms are included with each main area form, Mail, Calendar, ToDo, and so forth, to allow easier inclusion of new NotesFields and NotesVars. Custom_LazyLoad_Subforms Adds custom code to the lazy load table. Custom_Logout Adds custom code that runs on logout. Custom_About Displays the forms file version and a user-specified file version number in the client console log when the client starts. Custom_SessionInfo Add items to the iNotes session info object. Chapter 4. Configuring the service 67 Preparing customized mail file ACLs An important reason to customize mail file access is to allow administrators or server-based agents to access mail files. Without customized mail file access, only mail file owners and mail file delegates can access mail files. About this task To customize mail file access, modify the access control list (ACL) in a custom IBM Notes mail file template. Then, apply the custom template to the new mail files when you provision users for the service. Using a custom mail file template requires a short service contract with IBM Software Services for Collaboration to approve and upload the template to the service. Important: It is important to customize mail file ACLs before users are provisioned. After users are provisioned, you can no longer use the ACL to change access to their mail files. At that point, the mail file ACL is changed only indirectly in the following circumstances: v A user is given access to a mail file through mail file delegation. v A user's name changes, which causes the name to change in the mail file ACL. (Renaming a group does not update a group name in the ACL.) Note the following additional restrictions to ACLs of mail files in the service: v You cannot use the following ACL group entries that are seen in traditional IBM Domino environments: LocalDomainAdmins, LocalDomainServers, and OtherDomainServers. If you add these entries, they are stripped from ACLs. v To allow administrators to access mail files, add a group to the directory that includes their names, and then add the group to mail file ACLs. v Editor access is the highest level of access that is allowed for any ACL entry. If you give a user or group Manager or Designer access, the access is lowered to Editor. The user or group does not become a mail file delegate. v The mail file owner always has Editor access and you cannot change this access. You can give another user or group Editor access. In this case, they become mail file delegates, by default. You can prevent people with Editor access from becoming delegates. To do so, assign them the [ExcludeDelegate] role in the ACL. v You can use the following types of ACL entries: Person, Person group, Server group, Mixed group, or Unspecified. v Server type entries are not allowed. If you add them, they are stripped from ACLs. v You cannot customize the -Default- and Anonymous entries. These entries are always set to No Access. To use a custom mail file template to modify mail file ACLs, add entries that are enclosed in brackets [ ] to the ACL of the custom mail file template. The ACLs of the new mail files in the service inherit the entries in brackets. For example, to give Editor access to the group SCN Administrators, add [SCN Administrators] to the ACL, select Editor access and the type Person group or Mixed group . If you apply the custom mail file template when you provision Samantha Daryn/Renovations with a brand new mail file in the service, her mail file ACL includes the following entries: 68 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 -Default- (No Access) Anonymous (No Access) Samantha Daryn/Renovations (Editor) SCN Administrators (Editor) SaaSLocalDomainServers1 Mail1/SCN/Renovations2 1 This group is reserved for use in the service. Do not create a group by this name on-premises, or a group that begins with the characters SaaS. 2 This entry is the name of a user's home mail server in the service. Related tasks: “Configuring mail file templates” on page 63 Configure which mail file templates can be applied to user mail files and configure a mail file template to use by default. “Preparing to use custom mail file templates” on page 61 You can apply a custom mail file template to mail files of service users. The template must meet design requirements that minimize the risk and impact to your users and to the service. You submit the template for approval to an IBM Software Services for Collaboration representative. Related information: Using server-based agents in a SmartCloud Notes hybrid environment SmartCloud Notes Template Validation Requirements Configuring email filters and reporting Use email filter and reporting features to control and manage the delivery of specific inbound Internet mail. About this task The following table summarizes the filter and reporting features that are available. The table briefly describes each feature, indicates which clients support each feature, and indicates the method to enable each feature. These features apply to Internet mail that is addressed to a domain owned by your company for which the service manages inbound routing. In a service-only environment, the service manages inbound routing for all of your company’s verified Internet domains. Table 16. Summary of email filter and reporting features Feature Description Supported clients Method to enable Email filters for inbound Internet mail Use filters to control All clients the delivery of mail from specific addresses, mail with newsletter content, or mail that matches the service Spam filter. SmartCloud Notes Administration Junk Mail Reports Send periodic reports All clients to users that list messages recently delivered or moved to the Junk folder. SmartCloud Notes Administration Chapter 4. Configuring the service 69 Table 16. Summary of email filter and reporting features (continued) Feature Description Supported clients Method to enable Customized Junk Mail Reports Customize or translate text in Junk Mail Reports. All clients Custom mail file template ¹ Customized Remove sender from Junk list option For specific senders, allow users to override a filter that delivers the senders' mail to the Junk folder. Notes client, web client Notes client: Custom mail file template ¹ Report as Spam option. Provides a menu option to use to report spam. Notes client, web client Web client: Available automatically, no enablement needed Notes client: Custom mail file template ¹ Web client: SmartCloud Notes Administration ¹ This option requires a short service contract with an IBM Software Services for Collaboration representative to deploy a custom mail file template in the service. Related tasks: “Preparing to use custom mail file templates” on page 61 You can apply a custom mail file template to mail files of service users. The template must meet design requirements that minimize the risk and impact to your users and to the service. You submit the template for approval to an IBM Software Services for Collaboration representative. Related information: IBM Software Services for Collaboration web page Configuring email filters for inbound Internet mail Configure email filters to allow users to receive email from people whose messages would otherwise be blocked or to block email that is not normally blocked but that your users do not want to receive. About this task You can create address filters that filter based on sender address. You can also create keyword filters that filter based on email category. Newsletter is the only keyword category currently supported. You can create multiple address filters but just one newsletter filter. In addition to creating filters, you can customize the service spam filter by allowing email that matches the filter to be delivered to the Inbox or the Junk folder. Delivering email that matches the service spam filter to the Inbox is not recommended unless your company applies its own filtering software to mail before it is routed to the service. The number of all filters, excluding the spam filter, cannot exceed 100. The service malware and anti-virus filters are not configurable and take precedence over all other filters. Perform the following steps to configure email filters for inbound Internet mail. 70 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and click Email Filters. 5. To create a filter: a. Click a type of filter: Table 17. Types of filters Filter type Description Address Filter Use to filter by sender address. To allow or block email for a specific user, type the user's address, for example, branney@renovations.com. To allow or block email for multiple addresses in a domain, use an address expression that contains one or more asterisks (*), for example, *@renovations.com. To separate multiple address entries in a filter, type a comma (,) or press Enter. Each address or address expression must contain one at sign (@). Keyword Filter Use to filter by email category. The category that is currently supported is newsletter, which filters newsletters and other automated email. You can enable one newsletter filter. By default, the service delivers newsletters to the Inbox. b. Click a delivery option. Table 18. Filter delivery options Filter delivery option Description Allow Deliver mail that matches the filter to the Inbox. Filter Deliver mail that matches the filter to the Junk folder. Block Prevent delivery of mail that matches the filter. c. Click OK. 6. To control the delivery of mail that matches the service spam filter, click System Filter, click Edit, and then click Allow, Filter, or Block. By default, the service blocks mail that matches the spam filter. Chapter 4. Configuring the service 71 Note: The Allow option is intended for companies that apply their own filtering software to mail before it is routed to the service. 7. If you configure more than one filter, drag them or use the arrows to order them by precedence. The service evaluates the list of filters from top to bottom. The first filter that matches a particular message is applied to it, and that message is not evaluated further. 8. Click Save Changes. Results The changes take effect immediately. Effort is taken to avoid the inclusion of legitimate email such as order and flight reservation confirmations, invoices, or other mail lists in the newsletter filter. However, if users consider an email that matches the newsletter filter or another filter to be legitimate, and you configure the filter to deliver matching email to the Junk folder, users can use the Remove Sender from Junk List option. Selecting this option delivers future email from a sender to the Inbox. Example The following table provides examples of addresses that match and do not match rules in address filters. Table 19. Examples of matching and non-matching addresses Address rule Matching addresses Non-matching addresses branney@renovations.com branney@renovations.com b.ranney@renovations.com branney@ny.renovations.com *ranney@renovations.com ranney@renovations.com branney@renovations.com b_ranney@renovations.com wm.ranney@renovations.com branney@ny.renovations.com *.ranney@renovations.com b.ranney@renovations.com wm.ranney@renovations.com b.ranney@ny.renovations.com branney@renovations.com b_ranney@renovations.com *@renovations.com branney@renovations.com s.daryn@renovations.com asingh@bos.renovations.com cfield@ny.renovations.com *@*.renovations.* asingh@bos.renovations.com cfield@ny.renovations.com asingh@bos.renovations.net cfield@ny.renovations.us branney@renovations.com s.daryn@renovations.com The following table provides an example filter configuration that blocks spam and then blocks the delivery of email that is sent from asingh@bos.renovations.com and cfield@ny.renovations.com. Table 20. Example of filter configuration that blocks spam and then blocks email from specific addresses 72 Number Filter name Rule Action 1 Spam: System Filter Spam as defined by the service Block 2 Addresses: Two renovations addresses asingh@bos.renovations.com cfield@ny.renovations.com Block SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 The following table provides an example filter configuration that blocks spam, then blocks email from any subdomain of renovations.com (for example, email from cfield@ny.renovations.com but not branney@renovations.com), and then allows newsletters to be delivered to the Junk folder. Table 21. Example of filter configuration that blocks spam and blocks email from a subdomain and allows newsletters Number Name Rule Action 1 Spam: System Filter Spam as defined by the service Block 2 Addresses: Renovations subdomains *@*.renovations.com Block 3 Keywords: Newsletters Newsletters as defined by the service Filter (deliver to Junk folder) The following table provides an example filter configuration that blocks email from branney@renovations.com and s.daryn@renovations.com, then allows all other email from the renovations.com domain, and then delivers spam to the Junk folder. Email from renovations.com that matches the spam filter is delivered to the Inbox because in this case processing stops after the second filter is applied. Table 22. Example of filter configuration that blocks email from specific addresses in a domain, allows other addresses in the domain, and then delivers spam to the Junk folder. Number Filter name Rule Action 1 Addresses: Two renovations addresses branney@renovations.com s.daryn@renovations.com Block 2 Addresses: Renovations *@renovations.com Allow (deliver to Inbox) 3 Spam: System Filter Spam as defined by the service Filter (deliver to Junk folder) Enabling Junk Mail Reports Enable Junk Mail Reports to send users periodic email reports that list the messages that were recently added to the Junk folder. Before you begin Optionally customize the text in Junk Mail Reports by deploy a custom mail template. About this task Junk Mail Reports report messages that the service delivers to the Junk folder. For example, if you configure the newsletter filter to deliver newsletter-type email to the Junk folder, the newsletter emails are reported. Junk Mail Reports also report messages that users move to the Junk folder, either manually or through other means such as mail rules. Junk Mail Reports list and link to messages added to the Junk folder since the last report. Reports identify messages by delivery date and time, sender, and subject. Reports include the following introductory paragraph, by default: The following messages have recently been put in the Junk folder. From the Junk folder you can move messages to your Inbox, delete them, or remove senders from the junk list. Chapter 4. Configuring the service 73 You configure how frequently to send reports. Reports can be sent as frequently as every hour or as infrequently as once a week. All users receive Junk Mail Reports, regardless of the client they use. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Email Filters. 6. Select Send periodic junk mail reports to all users. 7. Specify a reporting interval, in hours. You can specify a value from 1 hour to 168 hours (once a week). 8. Click Save Changes. Related tasks: “Customizing the text in Junk Mail Reports” If you enable periodic Junk Mail Reports to be sent to users, you can optionally use a custom Notes mail template to translate or customize the text in the reports. This custom template can be applied to the mail file of any SmartCloud Notes user, regardless of the client used. Customizing the text in Junk Mail Reports If you enable periodic Junk Mail Reports to be sent to users, you can optionally use a custom Notes mail template to translate or customize the text in the reports. This custom template can be applied to the mail file of any SmartCloud Notes user, regardless of the client used. Before you begin Understand the process for deploying customized mail templates. For information, see the topic “Preparing to use custom mail file templates” on page 61. About this task To customize the text in Junk Mail Reports, you use IBM Domino Designer to add a hidden form, (JunkReport), to the mail template. Then you add customized text strings to the form. This form is used only to generate the custom text and is not displayed to users. Customizing the mail template requires a short service contract with an IBM Software Services for Collaboration representative. The representative validates the design changes you make and then uploads the approved template to the service for you to use. The IBM representative provides a custom Notes 8.5.3 template, mail85_esm1018.ntf, that has the required design changes. You can use the template as a reference and copy design elements from it. If you do not customize the text in Junk Mail Reports, the English default text is used. Note: The following procedure assumes that you customize a Notes 8.5.3 template. You can customize a different version of the template as long as it is for a version 74 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 of Notes that the service supports. The procedure to customize a different version of the template might be slightly different. Procedure 1. Download the mail template to use as the starting point for making the design changes: v If you do not currently used a custom version of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Standard Mail Templates, browse the list of templates and select the StdR85Mail template for version 8.5.3 in the desired language, and click Download. v If you currently use a custom version of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Custom Mail Templates, select the custom template, and click Download. 2. From Domino Designer, open the mail85_esm1018.ntf template given to you by the IBM representative. Double-click Forms. Right-click (JunkReport) and click Copy. Open the 8.5.3 mail template that you downloaded from the service. Double-click Forms. Right-click anywhere in the list of forms and click Paste to add the (JunkReport) form. 8. When asked if you want the form to be automatically updated, click No. 9. Perform the following steps to customize or translate each text field in the form: 3. 4. 5. 6. 7. a. Double-click the (JunkReport) form. b. Click a text field and edit the default value shown in the programmer pane. v Expand the programmer pane if you do not see it. v Keep quotations marks (") around the text. The following table describes the text fields that you can customize. Table 23. Text fields to customize in a Junk Mail Report Text to customize Default text Text field Label for the subject of the report Junk Mail Report junkTitleLabel Introductory text in the report The following messages have recently been put in the Junk folder. From the Junk folder you can move messages to your Inbox, delete them, or remove senders from the junk list. JunkGreetingLabel JunkGreetingLabel2 Label for the sender of each reported email. Sender junkSenderLabel Label for the subject of each reported email. Subject junkSubjectLabel Each field has a 256-character limit. Use JunkGreetingLabel2 if your text exceeds 256 characters. The content of the two fields is concatenated without a space. Add a space if necessary. Chapter 4. Configuring the service 75 Table 23. Text fields to customize in a Junk Mail Report (continued) Text to customize Default text Text field Label for the document link to each reported email Link to email in the Junk folder junkDocLinkLabel 10. Click File > Save. What to do next Submit the customized 8.5.3 template to an IBM Software Services for Collaboration representative to validate the template and then upload the approved template to the service. After the custom template is uploaded, you can apply it to users. Related information: IBM Software Services for Collaboration web page Customizing the Remove Sender from Junk List action for Notes users You can customize the Remove Sender from Junk List option for IBM Notes users. The customized option allow users to override email filters that deliver mail to the Junk folder, on a per-sender basis. About this task This feature is useful if your email filter configuration causes mail to be delivered to the Junk folder. The feature requires a custom mail file template. The design changes apply only to Notes users. The feature is automatically available to web client users. The feature is not available to users who access mail through IMAP clients or mobile devices. Customizing the mail template requires a short service contract with an IBM Software Services for Collaboration representative. The representative validates the design changes you make and then uploads the approved template to the service for you to use. The IBM representative provides a custom Notes 8.5.3 template, mail85_esm1018.ntf, that has the required design changes. You can use the template as a reference and copy design elements from it. Note: The following procedure assumes that you customize a Notes 8.5.3 template. You can customize a different version of the template as long as it is for a version of Notes that the service supports. The procedure to customize a different version of the template might be slightly different. The following table compares the junk mail feature in the standard 8.5.3 template to the feature in the customized template. 76 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Table 24. Comparison of the standard template and the custom template Task Remove selected email from the Junk folder and deliver future mail from the sender to the Inbox. Steps when the standard template is used Steps when the custom template is used 1. From the Junk folder, click More > Remove sender from Junk list. 1. From the Junk folder, click the Remove sender from Junk list action. 2. At the prompt Do you want to remove sender from the Junk Mail List?, click Yes. 2. At the prompt Do you want to stop sending mail from this user to the Junk folder? sender, click Yes. These steps do not affect filtered email that the service These steps do affect filtered email that the service delivers to the Junk folder. delivers to the Junk folder. Remove addresses from the list of addresses whose mail is sent to the Junk folder. From the Junk folder, click the Manage Junk Mail Sender’s List action. From the Junk folder, click More > Manage Junk Mail Sender’s List. Procedure 1. Download the mail template to use as the starting point for making the design changes: v If you do not currently used a custom version of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Standard Mail Templates, browse the list of templates and select the StdR85Mail template for version 8.5.3 in the desired language, and click Download. v If you currently use a custom version of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Custom Mail Templates, select the custom template, and click Download. 2. Add the (AllowUser) subform: a. From Domino Designer, open mail85_esm1018.ntf. b. Double-click Shared Elements > Subforms. c. Right-click (AllowUser) and click Copy. d. Open the 8.5.3 mail template. e. Click Shared Elements > Subforms. f. Right-click and select Paste. g. When asked if you want the subform to be automatically updated, click No. h. Optional: To translate the text displayed by this subform, double-click the (AllowUser) subform and in the field dspTxt in the programmer pane, change the content of the sentenceTxt: variable. i. Click File > Save. 3. Modify the (JunkUser) subform: a. From the 8.5.3 mail template, double-click Shared Elements > Subforms. b. Double-click (JunkUser). c. For consistency, in the static text string, change Junk Mail Folder to Junk folder. The status text then becomes: Mail from this address will be delivered directly to your Junk folder. d. Click File > Save. 4. Import a modified version of the blockUserRule script library: Chapter 4. Configuring the service 77 a. Click File > Preferences, click Domino Designer > LotusScript Editor, clear the Use Eclipse-based LotusScript editor setting, and click Apply and OK. b. Open mail85_esm1018.ntf. c. Double-click Code > Script Libraries. d. Double-click the BlockUserRule library. e. Click once in the programmer pane next to the line that reads Option Public. f. Click File > Export. g. In the File Name box, type c:\library.lss and click Export. h. When prompted, click All objects and click OK. i. Open your 8.5.3 mail template. j. Double-click Code > Script Libraries. k. Double-click the blockUserRule library. l. Click once in the programmer pane next to the line that reads Option Public. m. Look at the Use "Rules" text after Option Public. If the text includes a language tag, write down the text or copy it to the clipboard. Examples of text with language tags are Use "Rules-GR" or Use "Rules_el_translated". n. Click File > Import. o. In the File Name box, type c:\library.lss and click Import. p. When prompted, click Yes to All. q. If you wrote or copied rules text containing a language tag in step 3m, replace the Use "Rules" text with rules text containing the language tag. r. Click the ESC button on your keyboard and click Yes to save the changes. s. Click Tools > Recompile All LotusScript and click OK. t. When compiling is complete, click OK. The compiling takes a few minutes. 5. Optional: If your template is not the English version, perform the following steps to translate text strings in the updated blockUserRule script library: a. Open the blockUserRule script library. b. Click the (Declarations) event. c. Find the text Function GetString. d. Translate all the strings under that function. e. Click File > Save. 6. Delete the existing Not Junk Mail action from the ($JunkMail) folder; the action is not currently used: a. Open the 8.5.3 mail template. b. Double-click Folders and double-click ($JunkMail). c. In the Actions pane, right-click Not Junk Mail and click Delete. 7. Change the location of the Remove sender from Junk List action: a. In the 8.5.3 mail template, double-click the ($JunkMail) folder. b. Click the More action to expand it. c. Drag the Remove sender from Junk List action and place it directly below the Delete All action, as shown in the following screenshot: 78 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 8. Change the location of the Manage Junk Mail Sender’s List action in the ($JunkMail) folder: a. Drag the Manage Junk Mail Sender’s List action to the More menu, directly below the double bar, as shown in the following screenshot: 9. Click File > Save to save the modified ($JunkMail) folder. What to do next Submit the customized 8.5.3 template to an IBM Software Services for Collaboration representative to validate the template and then upload the approved template to the service. After the custom template is uploaded, you can apply it to users. Related tasks: “Preparing to use custom mail file templates” on page 61 You can apply a custom mail file template to mail files of service users. The template must meet design requirements that minimize the risk and impact to your users and to the service. You submit the template for approval to an IBM Software Services for Collaboration representative. Related information: IBM Software Services for Collaboration web page Enabling the Report as Spam feature Enabling the Report as Spam feature provides users with a menu option for reporting spam. About this task Because the nature of spam changes frequently, forms of new spam can slip past the spam filters in the service and be delivered to a user. If you enable the Report as Spam feature, users can report spam by selecting the spam email and clicking More > Report as Spam. The message is reported and then moved to the Junk folder. A user can click More > Deliver Sender's Mail to Junk to ensure that mail from the sender of the spam is automatically delivered to the Junk folder in the future. Chapter 4. Configuring the service 79 The service evaluates reported spam to determine whether to include it in the list of spam filters. Reporting spam can help reduce its occurrence in the future. The service does not treat newsletters and event invitations as spam. To enable the Report as Spam feature for web client users, use SmartCloud Notes Administration. To enable the feature for IBM Notes users, use a custom Notes mail template. The Report as Spam feature is not available to users who access mail through IMAP clients or mobile devices. Users can report spam without using the Report as Spam feature by saving a message as an .eml file and mailing the file to a specific address in the service. Enabling the Report as Spam feature for web client users: Use a setting in SmartCloud Notes Administration to enable the Report as Spam feature for web client users. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Email Filters. 6. Select Display Report as Spam control to end users. 7. Click Save Changes. Results Web client users can see the More > Report as Spam option the next time they log in to the service. Enabling the Report as Spam feature for Notes users: You can enable the Report as Spam feature for IBM Notes users through the use of a custom Notes mail template. About this task Customizing the mail template requires a short service contract with an IBM Software Services for Collaboration representative. The representative validates the design changes you make and then uploads the approved template to the service for you to use. The IBM representative provides a custom Notes 8.5.3 template, mail85_esm1018.ntf, that has the required design changes. You can use the template as a reference and copy design elements from it. Note: The following procedure assumes that you customize a Notes 8.5.3 template. You can customize a different version of the template as long as it is for a version of Notes that the service supports. The procedure to customize a different version of the template might be slightly different. 80 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Procedure 1. Download the mail template to use as the starting point for making the design changes: v If you do not currently used a custom version of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Standard Mail Templates, browse the list of templates and select the StdR85Mail template for version 8.5.3 in the desired language, and click Download. v If you currently use a custom version of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Custom Mail Templates, select the custom template, and click Download. 2. From Domino Designer, open mail85_esm1018.ntf. 3. If the action pane is not open, click View > Action Pane. 4. Click Code and double-click Shared Actions. 5. Right-click the Report as Spam.. action and click Copy. 6. Open the 8.5.3 mail template that you downloaded from the service. 7. Paste the Report as Spam action into your mail template: a. Click Code and double-click Shared Actions. b. Click anywhere in the list of shared actions and click Paste. 8. Insert the Report as Spam action into the ($Inbox) folder: a. Click Folders and double-click ($Inbox). b. In the action pane, expand More and right-click Views-Deliver Sender's Mail to Junk. c. Click Insert Shared Action. d. Select Report as Spam.. and click Insert. e. Click File > Save. 9. Insert the Report as Spam action into the ($JunkMail) folder: a. Click Folders and double-click ($JunkMail). b. In the action pane, expand More and right-click Views-Deliver Sender's Mail to Junk. c. Click Insert Shared Action. d. Select Report as Spam.. from the list, click Insert, and click Done. e. Click File > Save. 10. Insert the Report as Spam action into the ($All) (All Documents) view: a. Click Views and double-click ($All). b. In the action pane, expand More and right-click Views-Deliver Sender's Mail to Junk. c. Click Insert Shared Action. d. Select Report as Spam.. from the list, click Insert, and click Done. e. Click File > Save. 11. Copy the (ReportSpam) agent to the 8.5.3 mail template: a. From mail85_esm1018.ntf, click Code and double-click Agents. b. In the list of agents, right-click (ReportSpam) and click Copy. c. From the 8.5.3 mail template, click Code and double-click Agents. d. Right-click anywhere in the list of agents and click Paste. e. When asked if you want the agent to be automatically updated, click No. Chapter 4. Configuring the service 81 f. Optional: To translate the agent, double-click the agent and translate the English text in the following statements in (Declarations): v SUBJECT_VALUE v PROMPT_TITLE v PROMPT_MESSAGE_SINGLE v PROMPT_MESSAGE_MULTI v MSG_SUCCESS v MSG_SUCCESS_MOVED v MSG_CANCEL v MSG_ERR_SEND g. Click File > Save. What to do next Submit the customized 8.5.3 template to an IBM Software Services for Collaboration representative to validate the template and then upload the approved template to the service. After the custom template is uploaded, you can apply it to users. Related tasks: “Preparing to use custom mail file templates” on page 61 You can apply a custom mail file template to mail files of service users. The template must meet design requirements that minimize the risk and impact to your users and to the service. You submit the template for approval to an IBM Software Services for Collaboration representative. Related information: IBM Software Services for Collaboration web page Reporting spam without the Report as Spam feature If you do not enable the Report as Spam feature, you can provide these instructions to users for reporting spam manually. Procedure 1. Perform one of the following steps to save the spam message as an .eml file: v From the web client, select the spam message, click More > Show MIME Full, select all, copy the entire contents to a text file, and save the file with the extension .eml. v From the Notes client, drag the spam message to the desktop. The message is automatically saved as an .eml file. 2. Attach the .eml file to a new message. 3. Mail the new message to one of the following addresses: v If you want to receive a confirmation email from the service, mail the message to spam.smartcloud.feedback@kassel.ibm.com. v If you do not want to receive a confirmation email from the service, mail the message to spam.smartcloud@kassel.ibm.com. Enabling busytime details in calendars You can enable IBM Notes users and web client users to see busytime details in calendars. 82 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 About this task If you enable this feature, when users schedule a meeting or use a group calendar, they can click a block of busytime in someone's calendar to see details about the calendar entry. Users can see calendar details only if users grant them this access to their calendars. The following types of detailed information can be seen: v Type of calendar entry, for example, meeting or appointment v Optionally assigned calendar category v Meeting chair v Location v Room This feature is disabled, by default. When it is disabled, users can still see the blocks of time when users are busy, they just cannot see details about those blocks of time. Complete the following steps to enable busytime details. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Email & Calendar Options. 6. In the Calendar Details section, select Enable calendar detail collection. Results When Notes client users and web client users schedule a meeting or use a group calendar, they can click a block of busytime in a calendar to see details if they are given the access to do so. Users control who can see their calendar information and whether detailed calendar information is visible or only users' availability. To control access to their calendars, web client users click Preferences > Delegation > Schedule. Notes users click More > Preferences then Access and Delegation > Access to Your Schedule. Configuring instant messaging Use the Instant Messaging settings in IBM SmartCloud Notes Administration to specify whether to enable an instant messaging community in clients automatically. Instant messaging enables users to chat with and see the availability of other users in the service. You can automatically enable use of the service instant messaging community. For web users, you can automatically enable an on-premises IBM Sametime community managed by your company. About this task By default, web users automatically connect to the instant messaging community in the service if the Enable instant messaging preference is selected on the client. By default, IBM Notes 8.5.2 or later clients automatically connect to the instant messaging community in the service if the clients are installed with the Sametime (integrated) option. Users are also logged on to the community automatically. Chapter 4. Configuring the service 83 You can change the default setting and allow web users to instead connect automatically to an on-premises Sametime community at your company site. You must use a Sametime Proxy Server 8.5.2 (IFR1 or later) and configure it to support this capability. Notes clients can also connect to an on-premises community if you configure the clients to connect to the community yourself. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings 5. Click Instant Messaging. 6. In the Instant Messaging Integration window, select an option described in the following table and then click Save. If you switch from one option to another, the service pushes the change to the clients immediately. Table 25. Instant messaging configuration options Option Result - web users Enable the service instant messaging community for IBM Notes and SmartCloud Notes web users Web users are logged on to the service instant messaging community if they perform the following steps from the Inbox: Result - Notes Notes users who use Notes 8.5.2 or later installed with the Sametime (integrated) option are logged on to the service instant messaging 1. Click More > Preferences community. 2. Under Instant messaging, select Enable instant messaging. Multiple communities are not supported. The connection to the service community overwrites any pre-existing embedded connection to an on-premises Sametime community. Notes 8.5.1 clients are not affected by this option. To enable them to access the service instant messaging community, manually configure the clients to connect to the community. Enable an on-premises IBM Web users can connect to an Sametime community for on-premises Sametime SmartCloud Notes web users community managed by your company after you configure the on-premises environment. Disable instant messaging integration 84 Notes users can use instant messaging, but you must configure the clients manually to connect to communities. Web users cannot use instant Notes users can use instant messaging. messaging, but you must configure the clients manually to connect to communities. SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Configuring the web client to connect to an on-premises Sametime community Complete this procedure to configure IBM SmartCloud Notes web clients to connect to an IBM Sametime community at your company site. Before you begin The following Sametime server components must be installed on-premises. For instructions, see the Sametime documentation. v Sametime Server 8.0.2, or Sametime Community Server 8.5 or later. For installation instructions, see the Sametime documentation. v Sametime Proxy Server 8.5.2IFR1. For installation instructions, see the Sametime documentation. v The Sametime Proxy Server requires the latest hot fix, which is available on IBM Fix Central. The hot fix includes installation instructions. This link retrieves the list of fixes for Sametime 8.5.2 IFR1 for all operating systems; find the latest fix for the Sametime Proxy Server on the operating system you use. Note: The Sametime System Console is not used in this deployment. About this task Allowing the web client to connect to the on-premises Sametime community requires that users be able to access the Sametime Proxy Server from the same location where they access SmartCloud Notes. If your organization chooses to restrict access to the Sametime Proxy Server to users inside the corporate network, then all users must connect to that corporate network in order to access Sametime functionality in SmartCloud Notes. If your organization wants to allow users to access Sametime functionality in SmartCloud Notes from locations outside the corporate network, you must ensure that requests to https://Server_name:Port_number/ are correctly forwarded to the Sametime Proxy Server, regardless of where they originate. To support external connections, the following requirements must be satisfied: v Server_name must be listed in the public DNS (domain name server). v The firewall must allow connections to Server_name on Port_number. v You must create network routes that allow connections to reach the Sametime Proxy Server. Procedure 1. Configure the on-premises Sametime Proxy Server to allow connections from the SmartCloud Notes domain by completing the following steps: a. On the computer where the Sametime Proxy Server is installed, open the stproxyconfig.xml file that is stored in the deployment manager's profile: The deployment manager's stproxyconfig.xml file is typically located in the following directory: WebSphere_AppServer_install_root/profiles/Deployment_Manager_Profile_Name/ config/cells/Cell_Name/nodes/Node_Name/servers/STProxyServer/ For example, on IBM AIX® or Linux: /opt/IBM/WebSphere/AppServer/profiles/dmgr/config/cells/STProxyCell1/nodes/ STProxyNode1/servers/STProxyServer On Microsoft Windows: Chapter 4. Configuring the service 85 C:\Program Files\IBM\WebSphere\AppServer\profiles\dmgr\config\cells\ STProxyCell1\nodes\STProxyNode1\servers\STProxyServer b. In the stproxyconfig.xml file, look for the closing </server> tag and add the following statement immediately after it: <domainList>Your_organization_domain_name,SmartCloud_Notes_domain_name </domainList> Specify your own organization's domain name for Your_organization_domain_name. To determine the SmartCloud Notes domain your company uses, open the Inbox and look at the domain name that is shown in the browser URL. For example, in the following browser URL, the SmartCloud Notes domain is notes.na.collabserv.com: https://mail.notes.na.collabserv.com/livemail/iNotes/Mail/?OpenDocument Note: The server, mail, is not part of the domain name. Specify one of the following values for the SmartCloud_Notes_domain_name: v If you use the North America data center: notes.na.collabserv.com v If you use the Asia Pacific data center: notes.ap.collabserv.com For example, if the Renovations company uses the North America data center, the statement looks like the following line: <domainlist>renovations.com,notes.na.collabserv.com</domainlist> c. Copy the new statement so you can use it again, and then save and close the file. d. On the same computer, open the copy of the stproxyconfig.xml file that is stored in the Sametime Proxy Server's profile: The Sametime Proxy Server node's copy of stproxyconfig.xml file is typically located in the following directory: WebSphere_AppServer_install_root/profiles/Sametime_Proxy_Profile_Name/ config/cells/Cell_Name/nodes/Node_Name/servers/STProxyServer/ For example, on IBM AIX or Linux: /opt/IBM/WebSphere/AppServer/profiles/STPAppProfile/config/cells/ STProxyCell1/nodes/STProxyNode1/servers/STProxyServer On Microsoft Windows: C:\Program Files\IBM\WebSphere\AppServer\profiles\STPAppProfile\config\ cells\STProxyCell1\nodes\STProxyNode1\servers\STProxyServer The Sametime Proxy Server's path looks very similar to the deployment manager's path, but references the Sametime_Proxy_Profile_Name instead of the Deployment_Manager_Profile_Name. e. Add the same new statement to the Sametime Proxy Server's copy of the stproxyconfig.xml file (after the closing </server> tag as before), and then save and close the file. f. Restart the Sametime Proxy Server. 2. If web clients do not have VPN access to the Sametime Proxy Server, provide external access to the server. 3. If your Sametime server restricts access to certain types of clients, allow access to web clients by adding the following value to the VPS_ALLOWED_LOGIN_TYPES setting in the [Config] section of the sametime.ini file: 14A4 For more information, see Technote 1114318. 4. Complete the following steps to enable the service to connect to the on-premises community: a. Log on to the service as an administrator. 86 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 b. Click Administration > Manage Organization. c. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. d. Click Account Settings. e. Click Instant Messaging. f. Click Enable an on-premises IBM Sametime community for SmartCloud Notes web users. g. Provide the Sametime Proxy Server URL, for example, https:// stproxy01.renovations.com. 5. Instruct Internet Explorer users to modify the browser trusted sites list as follows: a. Click Tools > Internet Options b. Click Security. c. In the Select a Zone to view or change security settings section, click Trusted sites and then click Sites. d. Add the following sites to the Websites box: *.lotuslive.com *.collabserv.com In addition, add the Sametime Proxy Server URL, for example: https://stproxy01.renovations.com. 6. Instruct users to complete the following steps from their SmartCloud Notes web Inbox: a. Click More > Preferences b. Click Instant messaging > Enable instant messaging. Related information: Sametime documentation Manually configuring Notes clients to connect to the service instant messaging community If you performed the procedure “Configuring instant messaging” and selected the option Enable an on-premises IBM Sametime community for SmartCloud Notes web users or the option Disable instant messaging integration, IBM Notes clients are not configured automatically to connect to the instant messaging community in the service. This topic describes how to configure Notes clients to connect to the service instant messaging community yourself if you selected either of these options. Before you begin Notes must be installed with the Sametime (integrated) option selected. About this task Perform this procedure for any of the following reasons. v You want to allow Notes 8.5.1 clients to connect to the service instant messaging community. v You want to allow Notes clients to connect to an on-premises Sametime community and to the service instant messaging community. You will configure the service instant messaging community as a secondary community. Chapter 4. Configuring the service 87 Note: To provide dual-community enablement, the on-premises IBM Sametime server must be configured to support IBM Sametime Standard clients. You must purchase the Sametime Standard license separately, as the SmartCloud Notes entitlement supports IBM Sametime Entry only. v You want to allow some, but not all, Notes 8.5.2 or later clients to connect to the service community as the primary community. If you want all Notes 8.5.2 or later clients to connect to the service instant messaging community as the primary community, instead perform the procedure “Configuring instant messaging” and select the option Enable the service instant messaging community for IBM Notes and SmartCloud Notes web users. Perform the following steps to configure a Notes client to connect to the service instant messaging community. Procedure 1. Start Notes. 2. Click File > Preferences. 3. Click Sametime. 4. Click Server Communities. 5. Perform the following steps to add the service instant messaging community to the sidebar: a. Click Add New Server Community. b. Complete the fields in the Add Sametime Server Community window as described in the following table, and then click OK. Tab Field Field value Not applicable Server community type Sametime Not applicable Server community name Provide a name that identifies the new community. Log in User name Service login name, for example, sdaryn@renovations.com Log in Password SmartCloud Notes web logon password Do not specify the Notes client login password. Log in Use token based single sign on Do not select Server Host server im.na.collabserv.com (if your company uses the North American data center) im.ap.collabserv.com (if your company uses the Asia Pacific data center) im.ce.collabserv.com (if your company uses the European data center) Server 88 Server community port 1533 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Tab Field Field value Server Send keep alive signal 60 (default) after the following number of seconds Connection Connection Direct connection (default) Options Use this server for awareness status lookup Select (default) Options Use canonical names for status lookup Do not select (default) 6. If the client also connects to an on-premises community, make sure the service community is not the default community. 7. Click OK to save your changes. Instant messaging features The table in this topic summarizes the instant messaging features that are available through the service instant messaging community. Note: If IBM Notes clients connect to an on-premises IBM Sametime community and to the service community, the version of Sametime that is used on-premises determines the features that are available for both communities. Table 26. Features supported by the service instant messaging community Feature Available Online presence status; availability status icons; custom status message X Not available The web client shows online presence status for names in the sidebar but not for names in documents or views. This limitation does not apply if an on-premises Sametime community is used. Automated geographic awareness X Telephony status X Set alerts when users are available; privacy lists, selective do not disturb X Business card display X The name and email address are displayed but not other information, such as title and telephone number. Primary, frequent, and recent X contact list views There is a 500-contact limit. Public groups are not supported. The web client supports only the primary contact list. Chapter 4. Configuring the service 89 Table 26. Features supported by the service instant messaging community (continued) Feature Available Initiate chats with users not in your contact list X Not available Security-rich one-on-one text X chat and multi-way text chat. Rich text formatting; spell check; emoticons and emoticon palettes X Time and date stamps; chat history X Log in to multiple communities X Screen capture tool; file transfers X The web client does not support chat history. Supported by Notes clients only. Supported by Notes clients only. Note: To provide dual-community enablement, the on-premises IBM Sametime server must be configured to support IBM Sametime Standard clients. You must purchase the Sametime Standard license separately, as the SmartCloud Notes entitlement supports IBM Sametime Entry only. Instant screen share X Zero-download browser chat X client Supported by web clients only. Online meetings X Voice and video X Community collaboration features, such as instant polls, broadcast chats, and persistent group chat X Mobile use X Telephony integration X Setting password expiration for Notes IDs For users who access the service with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. 90 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Before you begin For information on how this feature interacts with the password synchronization feature, see “Enabling password synchronization” on page 33. About this task If users click File > Security > User Security, the Password must be changed by field does not show the password expiration date. Perform the following procedure to set password expiration for Notes IDs. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Click Password Management 5. Click Enable password expiration for IBM Notes clients. 6. Enter the number of days a password can be used before it expires. The minimum value for this setting is 30 days; the maximum is 3650 days. Results v When password expiration is first enabled, the passwords of all current users expire on a random basis after the expiration period, regardless of when the passwords were last changed. For example, if the expiration period is 90 days, all current users are prompted to change their passwords on a random basis when first authenticating after the 90-day expiration period. v The passwords of new users also expire on a random basis after the expiration period. v Users who are logged in when this setting becomes effective are not prompted to change the password during the current login session. v Users might experience a lag time of a few seconds between the time they change their password and authentication. This lag occurs while the updated ID is synchronizing with the vault. If the synchronization does not complete, authentication can fail. In that case, users can wait a few minutes, and then try again. If the synchronization continues to fail and the user cannot access the client, reset the Notes ID using SmartCloud Notes Administration. What to do next You might want to communicate the following information to your users: v There is no warning that informs them that their password is about to expire. v How often they will be prompted to reset their passwords. v What to do if authentication fails after they change their passwords. Related tasks: “Resetting passwords for Notes IDs” on page 31 Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. Chapter 4. Configuring the service 91 Enabling password synchronization When users change their service login passwords, password synchronization enables the users to use the new passwords when they log in to the IBM Notes client. About this task Password synchronization benefits users who are active users of both the web and Notes clients by allowing them to use one password for both clients. After you enable password synchronization, when users change their service login passwords, the new passwords are added to the Notes ID files in the ID vault. Users can then use the new passwords the next time they log in to the service from the Notes client. Password synchronization occurs whenever users change their service login passwords. Users can change the service login passwords at any time through Connections Cloud My Account Settings. They also change the passwords: v After they log in to the service for the first time with temporary passwords; v After they log in to the service after an administrator resets their service login passwords; v After they log in to the service when service login password expiration is enabled and their passwords expire. Before you enable password synchronization, be aware of the following information: v The feature does not apply to users who log in to the service with a federated identity that your organization defines. v Synchronization occurs in one direction: from the service login password to the Notes ID password. Changing the Notes ID password does not change the service login password. v When service login passwords change, Notes client users are not required to use the new passwords. Their old passwords remain valid until they use the new passwords to log in to the service from the Notes client. Because the continued use of the old password prevents ID synchronization with the ID vault, as a best practice, recommend to users that they use the new passwords on the Notes client. v Synchronization occurs after Notes clients are connected to the service. v Notes client users can change their Notes ID passwords, either by choice or because you enable the Password Expiration setting in SmartCloud Notes Administration and their passwords expire. When Notes users change the Notes ID passwords, the service login passwords do not change automatically. However, users can use Connections Cloud My Account Settings to change the service login passwords to match the new Notes ID passwords. v If you enable password expiration for Notes IDs, a Notes ID password might expire before a user logs in to Notes with a new service login password. In this case, the user can log in to the Notes client with the old Notes ID password but the user is prompted to change the password when opening mail or another application. At this point the user can provide the new service login password. To enable password synchronization, complete the following procedure. 92 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Click Password Management. 5. In the Password Synchronization section of the page, select Enable password synchronization. 6. Click Save. Results When users change their service login passwords, they can use the new passwords to log in to the Notes client. If users change the Notes ID password, the service login password does not change automatically. What to do next Notify users that the feature is enabled. Recommend that when they change the service login passwords that they use the new passwords to log in to the Notes client. Related tasks: “Resetting service login passwords” on page 30 Users can reset their own service login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset service login passwords for any user at any time. “Setting service login password expiration” on page 31 By default, service login passwords do not expire. Enforcing a password expiration period helps ensure that passwords are changed frequently. Administrators can set a password expiration interval for all users. Related information: Federated identity management Logging activity in journal files You can log different types of activity in journal files that you then download from the service. Before you begin Before you complete this procedure, you must request integration server enablement from an IBM Connections Cloud customer services representative (CSR). When you do so, you provide an account identity to use to connect to the FTP site to download the journal files. You are notified when your enablement request is complete. For more information, see Requesting integration server enablement in the Connections Cloud integration server documentation. About this task The following types of journal files are available for Notes: v Notes mail delivery, which records each email message that service users send. Chapter 4. Configuring the service 93 v Notes client session, which records each attempt to log in to the service from a Notes client to access an application such as mail or the company directory. The journal service produces gzip-compressed journal files about every 24 hours. You use an FTP client to download the journal files from the IBM Connections Cloud integration site. Files are removed from the integration site after seven days. Journal files are available for other Connections Cloud services, as well. For more information, see the Connections Cloud journaling documentation. After you are notified that your request for integration server enablement is complete, complete the following steps to enable journaling through SmartCloud Notes Administration. Procedure 1. Log on to the service as an administrator. 2. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 3. Click Account Settings. 4. Click Journaling Options. 5. Select any of the following options to specify the type of journal files to generate: v Notes mail delivery v Notes client sessions 6. Click Save. What to do next You can begin downloading journal files in about 24 hours. Related information: Connections Cloud journaling documentation Downloading journal files You can begin to download journal files about 24 hours after you enable journaling. Before you begin Request integration server enablement, then enable journaling options in SmartCloud Notes administration. For more information, see “Logging activity in journal files” on page 93. Make sure that your corporate firewall allows outbound connections to the following hosts over FTP port 990 and FTP PASV port range 60000 - 61000: v North America data center: ftp.na.collabserv.com v Asia Pacific data center: ftp.ap.collabserv.com v European data center: ftp.ce.collabserv.com 94 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Procedure 1. From an FTP client, specify the following connections settings: Setting Value Host If you use the United States data center: ftp.na.collabserv.com If you use the Asia Pacific data center: ftp.ap.collabserv.com If you use the European data center: ftp.ce.collabserv.com Protocol FTP Port 990 Encryption Implicit FTP over TLS User and password Account name and password that is used to connect to the FTP site. 2. Connect to the FTP host. 3. Change to the journal directory. 4. Select and download the following files: v If you enabled Notes mail journaling, download files named <date>.NOTESMAIL.txt.gz v If you enabled Notes client session journaling, download files named<date>.NOTES_NRPC_SESSION.txt.gz. <date> is the file creation date. Related tasks: “Configuring the firewall for outbound connections” on page 17 Configure the firewall to allow outbound connections to the service. Related information: Integration server documentation Format of the Notes mail journal file A Notes mail journal file records each message that users send. File name The name of the compressed file that you download is <date>.NOTESMAIL.txt.gz, where <date> is the file creation date , in YYYY-MM-DD format. For example: 2012-12-23.NOTESMAIL.txt.gz. Syntax Each record in a Notes mail journal file conforms to the following syntax: date user name (id=customerId, customerId=customerId) performed ACTION [on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] [targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] with outcome OUTCOME [REASON][(EXTRA)] Each record in a journal file is contained in a single line. Parameters date Chapter 4. Configuring the service 95 A date and time, for example, 2012-12-18T13:23:47+0000. One of the following values is logged: v The date and time that a user sends a message to another user at the company v The date and time that a message failed to be delivered to a user at the company v The date and time that a user sends a message to an external user at another company name The user’s Notes name, if an internal user sends the message, for example, CN=Samantha Daryn/O=Renovations. An Internet email address, if an external user sends the message. customerId The unique number that identifies the company subscription in the service. ACTION SENT_MAIL TYPE The type of object or target. The object type is always MAIL_MESSAGE. The target type is always RECIPIENT. OBJECTID The unique identifier of the mail message that is sent. name The name of the OBJECTID or the TARGETID. The name for the OBJECTID is always MAIL. The name for the TARGETID is the email address of the recipient. TARGETID The unique identifier for the recipient. This value is always null because the email address specified in the name parameter uniquely identifies the recipient. OUTCOME The result of the action, either SUCCESS or FAILURE. If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores. For example: FAILURE “USER_NOT_FOUND”. EXTRA Contains the size of the message in kilobytes. Examples Note: The following example records are shown on multiple lines. In the journal file, each record is a single line. 1. Samantha Daryn sends a message to another internal user at the company, Allie Singh. Allie receives the message. 2012-12-30T19:03:01+0000 user CN=Samantha Daryn/O=Renovations (id=20076547, customerId=20076547) performed SENT_MAIL on object (type=MAIL_MESSAGE, id=<OFF0EBF61D.5CAAD94F-ON85257A 96 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 78.005C2BF7-85257A78.005C3063@LocalDomain>, name=“MAIL”, customerId=20076547) targeted at (type=RECIPIENT, id=, name=“CN=allie singh/O=renovations@renovations.com”, customerId=20076547) with outcome SUCCESS (size=“1”) 2. Samantha Daryn sends a message to another internal user at the company, Allie Singh. Allie’s name is not found in the directory and the message is not delivered. 2012-12-28T15:02:01+0000 user CN=Samantha Daryn/O=Renovations (id=20076547, customerId=20076547) performed SENT_MAIL on object (type=MAIL_MESSAGE, id=<OF0645EB2C.8B339FE8-ON00257A9B.0054F723-00257A9B.0054F726@LocalDomain>, name=“MAIL”, customerId=20076547) targeted at (type=RECIPIENT, id=, name=“CN=allie singh/O=renovations@renovations.com”, customerId=20076547) with outcome “FAILURE RECIPIENT NOT FOUND IN COMPANY DIRECTORY” (size=“2”) 3. Samantha Daryn sends a message over the Internet to an external user, branney@zetabank.com. 2012-12-28T15:02:01+0000 user CN=Samantha Daryn/O=Renovations (id=20076547, customerId=20076547) performed SENT_MAIL on object (type=MAIL_MESSAGE, id=<OF8E758E11.39C4D326-ON00257A9B. 00550042-00257A9B.00550046@LocalDomain>, name=“MAIL”, customerId=20076547) targeted at (type=RECIPIENT, id=, name=“branney@zetabank.com”, customerId=20076547) with outcome SUCCESS (size=“1”) Format of the Notes client session journal file A Notes client session journal file records information about each IBM Notes client login session within the service. File name The name of the compressed file that you download is <date>.NOTES_NRPC_SESSION.txt.gz, where <date> is the file creation date, in YYYY-MM-DD format. For example: 2012-12-23.NOTES_NRPC_SESSION.txt.gz. Syntax Each record in a Notes client session journal file conforms to the following syntax: date user name (id=customerId, customerId=customerId) performed ACTION [on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] [targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] with outcome OUTCOME [REASON][(EXTRA)] Each record in a journal file is contained in a single line. Parameters date The date and time a Notes client user logs in to the service or attempts to log in, for example, 2012-12-18T13:23:47+0000. name The user’s Notes name, for example, CN=Samantha Daryn/O=Renovations customerId The unique number that identifies the company subscription in the service. ACTION NRPC_SESSION Chapter 4. Configuring the service 97 TYPE The type of object or target. The object type is always NRPC_SESSION. The target type is always USER. OBJECTID A unique session ID name The name of the OBJECTID or the TARGETID. The name for the OBJECTID is always NRPC_SESSION. The name for the TARGETID is the user’s Notes name, for example, CN=Samantha Daryn/O=Renovations. TARGETID The unique identifier for the user. This value is always null because the name parameter uniquely identifies the user. OUTCOME The result of the action, which is always SUCCESS. EXTRA The following information is provided: v Number of databases accessed v Number of documents that are read and written v Time to connect to the service, in seconds v The client versions being used Examples Note: The following example records are shown on multiple lines. In the journal file, each record is a single line. 1. Samantha Daryn logs in to the mail server in the service successfully from Notes. 2013-04-09T14:35:12+0000 user CN=Samantha Daryn/O=Renovations(id=20076547, customerId=20076547) performed NRPC_SESSION on object (type=NRPC_SESSION, id=02E31600, name=“NRPC_SESSION”, customerId=20076547) targeted at (type=USER, id=, name=“CN=Samantha Daryn/O=Renovations”, customerId=20076547) with outcome SUCCESS (DBs accessed=“1”, docs read=“0”, docs written=“0”, connect time=“302”, client version=“90010”,) Configuring IMAP access You can allow users to access IBM SmartCloud Notes from third-party email clients using IMAP. By default, the option Disable IMAP for all users is selected, but you can enable it for all users. About this task After you enable IMAP access, service users can configure their mail clients for IMAP access using information provided by the service. The following IMAP clients are supported: v Apple email v Microsoft Outlook 2003, 2007 v Thunderbird 98 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click IMAP Email Access. 5. Select Enable IMAP for all users, and then click Save. Results If you enabled IMAP for all users, then service users can set up their IMAP clients for IMAP access to SmartCloud Notes mail. Related information: Setting up IMAP clients IMAP client limitations There are a few limitations when using an IMAP client to access IBM SmartCloud Notes. Folder limitations The following restrictions apply to folders used with IMAP: v A single folder name cannot exceed 64 bytes. v An unlimited number of nested folders is allowed, but the combined length of all nested folder names (including delimiters) cannot exceed 129 bytes. View limitations The service provides IMAP clients access to folders in user mail files but not to views. The Drafts, Sent, and Trash views in mail files therefore are not available through IMAP clients. To work around this limitation, IMAP client users can create folders that correspond to these views and put messages in the folders instead. IBM Notes or web client users must open these folders to see the messages in them. Return receipt The service does not support the use of return receipts with IMAP clients. If you request a return receipt and the recipient opens the message using the IBM Notes or web client, no return receipt is generated. Chapter 4. Configuring the service 99 100 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Chapter 5. Onboarding users Onboarding refers to all the steps that are done to get users up and running with mail files and mail servers in the cloud. Before you begin Before you onboard users, configure the service and, optionally, customize settings. Deciding whether to use the Notes client IBM SmartCloud Notes web is the mail client that is available automatically to all IBM SmartCloud Notes users through a browser. Before you prepare to onboard users, decide whether you want them to use the optional IBM Notes client in addition to or instead of SmartCloud Notes web. About this task For the following reasons, many companies decide to use SmartCloud Notes web and not the Notes client: v Users get access to new features automatically as they are available in the service. v IT departments save money by avoiding the need to upgrade and maintain Notes clients. v SmartCloud Notes web is easy to use and the interface is similar to that of recent versions of IBM iNotes and Notes. There might be little or no training needed. v Most Notes clients features are available in SmartCloud Notes web. A recommended approach is to start all users in the service with SmartCloud Notes web. After users become familiar with it, you have a better sense of which users, if any, still need the Notes client. The following table describes some reasons to use the Notes client, as well as alternative options. Table 27. Reasons you might use the Notes client Reason Considerations and alternatives Users need access to IBM Domino applications on-premises. The Notes Browser Plug-in is an alternative option to the Notes client. This plug-in provides access to on-premises Notes applications through a browser. Users need access to mail when disconnected from the network. Currently, only the Notes client supports local, disconnected access to mail. Local mail file access is provided through managed mail replicas (in hybrid environments) or standard local mail file replicas (in service-only environments). Before you choose the Notes client for this reason, consider that with the increased use of mobile devices, some users might no longer require offline access through notebooks or desktops. 101 Table 27. Reasons you might use the Notes client (continued) Reason Considerations and alternatives Internet connections are slow. In hybrid environments, users with slow Internet connections, for example, users with limited bandwidth connections, see better performance if they use managed mail replicas on Notes clients. In service-only environments, these users benefit from using standard local mail file replicas on Notes clients. Users are starting with new mail files in the Currently, accessing mail that is archived service and want access to old mail archived on-premises requires a Notes client. on-premises. Users want features that are available only with the Notes client. For a feature comparison, see the technote “Comparison tables of features between IBM Notes, IBM iNotes, and IBM SmartCloud Notes web”. In hybrid environments, users want to manage (be delegates for) the mail files of on-premises users. Managing on-premises mail files of users who are not provisioned for the service requires the Notes client. Related information: Technote: Comparison tables of features between IBM Notes, IBM iNotes & IBM SmartCloud Notes web Notes Browser Plug-in IBM SmartCloud Notes client requirements Preparing for onboarding To prepare for onboarding, complete these tasks to prepare users, clients, and mail files. Before you begin Before you prepare for onboarding, complete the following tasks: v Chapter 4, “Configuring the service,” on page 25 v “Deciding whether to use the Notes client” on page 101 About this task Table 28. Tasks to prepare for onboarding Task Create a detailed provisioning schedule and require your project team to sign off on it. 102 Why the task is important Additional information This step ensures that provisioning happens in planned stages that take into account factors such as pilot users, work schedules, geographic locations, and clients used. Delegates of mail files must provisioned to manage mail files of provisioned users. For more information see “Mail file delegation” on page 118. SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Complete? Table 28. Tasks to prepare for onboarding (continued) Task Prepare communications and training. Why the task is important Additional information Complete? This step allows for a “Preparing smooth transition to communications and training” on page 117 the service and reduces help desk calls. Develop a method to This step helps you track provisioning. understand at what stage users are at in the transition to the cloud and is also useful for providing status reports to executive management. Contact Support to determine whether users at your company have trial accounts. Request removal of trial accounts. Provisioning can fail for users who have trial accounts. In hybrid environments, if users will not use the IBM Notes client with the service, verify that the users have Notes ID files to which they or administrators have local access. Though not required,Notes ID files enable users to sign email, read encrypted email, and to recall mail messages. ID files are typically required to enable administrators to change users' Notes names. Customize mail file access. This step is required “Preparing if you want to allow customized mail file ACLs” on page 68 people who are not the owners of mail files to access mail files without being delegates. Typically this access is provided by adding a customer-specific administrator group to mail file ACLs. Familiarize yourself with password requirements for logging in to the service The password requirements might be different from ones that are currently used in your on-premises environment. “Password rules by authentication method” on page 45 Chapter 5. Onboarding users 103 Table 28. Tasks to prepare for onboarding (continued) Task Why the task is important Additional information In hybrid environments only, verify that users’ Person documents comply with service requirements. This step helps to ensure a smooth transition to the service. (Optional) In hybrid environments only, configure multiple Internet addresses for users This step applies only if users have more than one Internet email address, for example, if users have two email addresses as a result of a company merger. (Optional) Ensure that a custom mail template is uploaded to the service, if you plan to use one. You can apply the custom template during user provisioning so that users see the custom design when they first use the service. See “Preparing to use custom mail file templates” on page 61. (Optional) Set up batch user provisioning with the integration server. This step allows you to use comma-separatedvalue (CSV) files to provision batches of users. See the section on user provisioning and identity management in the Integration server documentation. Prepare for specific clients. There are special v “Preparing for the considerations for web client” each type of client v “Preparing for that can be used with Notes Traveler the service. devices” on page 106 Complete? v “Preparing for Notes clients” on page 108 v “Preparing for IMAP clients” on page 114 Preparing for the web client Before you provision users who will access IBM SmartCloud Notes using the web client, prepare for the web client. Before you begin Read about the web client. 104 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 About this task Table 29. Tasks to prepare for the web client Task Why the task is important Additional information Complete? Prepare for onboarding. There are tasks to “Preparing for prepare that apply to onboarding” on page all or most clients. 102 Review the supported browsers and browser versions, decide which to use, and upgrade browsers if necessary. Using a supported browser version ensures the best experience for your users. SmartCloud Notes web requirements If users currently use IBM iNotes, compare the features that are supported for SmartCloud Notes web. Most IBM iNotes features are supported in the cloud. Making your users aware of the few differences can reduces help desk calls and improve user satisfaction. Technote: Comparison tables of features between IBM Notes, IBM iNotes & IBM SmartCloud Notes web Assess network capacity. “Network capacity This step ensures that your site has the for the web client” on page 14 network capacity to support the number of web client users you plan to have If the Notes client is used with shared login enabled, but the client won't be used in the cloud, disable the shared login feature before you provision users. This step enables administrators or web client users to upload Notes ID files to the vault in the service manually after provisioning. An ID enabled for shared login cannot be uploaded to the service ID vault manually by a web client user or an administrator. It can only be uploaded automatically through the use of a Notes client. For more information on shared login, see the Securing section of the Domino documentation. (Optional) Deploy an extension forms file to customize the web client Use an extension forms file if you want to customize the visual theme, fonts, the action bar, and other aspects of the web client. “Using extension forms files to customize the look of the web client” on page 64 Chapter 5. Onboarding users 105 Table 29. Tasks to prepare for the web client (continued) Task Disable on-premises IBM iNotes login redirection, if used. Why the task is important Additional information This step ensures that users are not redirected to their on-premises mail servers after the move to the cloud. For information on Using iNotes IBM iNotes redirect, see the Domino documentation. Complete? An IBM Software Services for Collaboration representative can provide a custom redirector for cloud login. Preparing for Notes Traveler devices Before enabling users to use IBM Notes Traveler mobile devices with the service, prepare your environment and the devices. Before you begin Read about Notes Traveler devices. About this task Before you provision users with a Notes Traveler subscription, complete the tasks in the following table to prepare. Table 30. Tasks to prepare for Notes Traveler devices Why the task is important Additional information Prepare for onboarding. There are tasks to prepare that are not client-specific. “Preparing for onboarding” on page 102 Ensure that your firewall configuration allows devices to access the service over WiFi. Connections to hosts in the service over Port 443 are required for WiFi access. “Configuring the firewall for outbound connections” on page 17 Review the Notes Traveler device memory and operating system requirements. Notes Traveler Using a mobile device that complies requirements for the cloud. with these requirements ensures the best experience for your users. Task 106 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Complete? Table 30. Tasks to prepare for Notes Traveler devices (continued) Why the task is important Additional information If you plan to use BlackBerry 10 devices, first verify that your wireless carrier supports the minimum operating system level that is required in the cloud. Some carriers might not support the minimum required Blackberry 10 operating system level. Notes Traveler requirements for the cloud. Enable cookies in device browsers. Cookies must be enabled to connect to the service and to sync mail on devices. Review Notes Traveler device policy settings. Be aware of policy settings that the service enforces that might be different than your current settings. “Notes Traveler device settings” Review device limitations in the cloud. This step makes you aware of any changes that users might see after the move to the cloud. Notes Traveler Troubleshooting, known limitations, and restrictions. (Optional) Enable application passwords. This step is required v “Enabling only if your application company enables full passwords” on federated identity page 43 authentication and v “Setting up Android devices that federated identity run Notes Traveler management” on 9.0.1.3 or a higher page 36 are not used. Task Complete? Notes Traveler device settings The service enforces the following device settings. v Device passwords of at least 4 characters are required. v Device lockout occurs after 30 minutes of inactivity. v There is no limit to the number of incorrect password attempts. v On Android, Apple, Windows Tablet, and BlackBerry 10 devices, there is no size limit to attachments in received emails. Attachments are always downloaded during device syncs. v On Windows Mobile devices, there is a 4 MB limit to attachments in received emails. When the combined attachment size exceeds the limit, attachments are removed from emails that are synced to the device. Note: Windows Tablet requires a device password of at least eight characters. The password must include at least three of the following types of characters: upper case, lower case, number, special character. Chapter 5. Onboarding users 107 Preparing for Notes clients Use of the IBM Notes client to connect to the service is optional. If you want your users to use the Notes client, understand the steps to prepare. Before you begin Read about the “Notes client” on page 7 and decide whether to use it. About this task Skip this task is you do not plan to use the Notes client. Table 31. Tasks to prepare for the Notes client Task 108 Why the task is important Additional information Prepare for onboarding. There are tasks to “Preparing for prepare that apply to onboarding” on page all or most clients. 102 Compare the features that are supported for the on-premises client to the featured that are supported in the cloud. Most features are also supported in the cloud, but there are some differences to be aware of. Technote: Comparison tables of features between IBM Notes, IBM iNotes & IBM SmartCloud Notes web SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Complete? Table 31. Tasks to prepare for the Notes client (continued) Task Why the task is important Additional information Evaluate your currently deployed clients. If necessary, upgrade to newer versions of the client. A version of Notes (Standard configuration) that is supported in the cloud is required. To ensure a smooth transition, leave plenty of time to complete client upgrades, and, if necessary, related hardware upgrades, before you provision users for the cloud. Complete? There are various upgrade methods available, including desktop push technology, Notes Smart Upgrade, and end-user controlled upgrades. v Technote: SmartCloud Notes client requirements v Upgrade Central: Planning your upgrade to IBM Notes and Domino 9.0 Social Edition v Search for “Using Notes Smart Upgrade” in the IBM Domino documentation. . Use an on-premises policy to configure managed mail replicas. Complete this step before you provision users so that you can resolve any issues specific to this feature ahead of time. In hybrid environments, configure managed mail replicas Managed mail replicas are recommended to provide Notes users quick, local access to their mail when connected or disconnected from the service. Assess network capacity “Network capacity This step ensures that your site has the for the Notes client” on page 14 network capacity to support the number of Notes client users that will connect to the cloud. Chapter 5. Onboarding users 109 Table 31. Tasks to prepare for the Notes client (continued) Task (Optional) Use a custom mail file template to customize the mail file design. Why the task is important Additional information If you prepare a custom mail file template in advance, you can apply the custom template during user provisioning so that users' first experience with the cloud is with the custom design. A short contract with IBM Software Services for Collaboration is required to test and approve the template design. For more information on requirements and steps, see “Preparing to use custom mail file templates” on page 61. In hybrid Be aware of policy environments, review settings that the policy settings service enforces that might be different than your current settings. Also, optionally customize settings. 110 (Optional) In hybrid environments, if you are not transferring mail files, export contacts, and calendar entries that have future dates. After users move to the cloud, they can import the contacts and calendar entries into their new mail files. Exporting calendar entries allows users to save calendar entries in local .ics files. After users are provisioned, they can import the files into their new mail files in the service. Contacts are imported along with the saved calendar entries. For more information, see the topic about exporting and importing calendars in the Notes client help. (Optional) In hybrid environments, if you are not transferring mail files, create mail archives on-premises before the move to the cloud. Mail archives provide users with access to old mail content after the move to the cloud. Note: Users cannot create local archives of their on-premises mail after the move to the cloud. You can use Domino policies to archive mail. For information, see the topic about understanding mail archiving and policies in the IBM Domino documentation. Alternatively, you can use a third-party archiving application. SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Complete? Table 31. Tasks to prepare for the Notes client (continued) Task (Optional) Install the IBM Connections Activity Plug-in Why the task is important Additional information If your company purchases a collaboration subscription, this step provides access to cloud Activities from the Notes client sidebar. “Connecting to cloud Activities through the Notes client sidebar” on page 113 Complete? How the Client Configuration tool configures the Notes client To set up the IBM Notes client for use with the service, users download and run the Client Configuration tool (config.nsf) from their workstations. The tool performs the following configuration checks and tasks on the client. v Checks for the following information: – The client is a version supported for IBM SmartCloud Notes access. – The config.nsf file contains information needed to perform the configuration. – The downloaded data is less than 24 hours old. If it is older than 24 hours, an message informs users. They can continue to use the tool if they choose. v Performs other small consistency tests, such as checking that the current Location document can be located. v Creates a wildcard Connection document that the client will use to connect to a mail server in the service through the proxy server in the service. The server name in the Connection is */your_certifier, where your_certifier is the name of the OU certifier you provided for your mail servers during service configuration. v If the user is already using the Notes ID that they will use in the service, tests connectivity to their new mail server on port 1352. v If the tool needs to close the Notes client to force a download of the user ID file, it attempts to find an Offline location: – If an Offline location is found, the tool switches to it to prevent the client from doing a final replication when it closes. – If no Offline location is found, the tool creates an Offline location (named Offline) for this purpose. – If a location named Offline already exists, but is not suitable for configuration purposes, a the tool creates a location named “Temporary location for cloud mail setup - safe to delete”. Note: If the tool closes the Notes client for reasons other than to download the Notes ID an Offline location is not needed. v Creates a Location document called SmartCloud for username, or updates it if it already exists and is incorrect. v If the user has Connection documents (Contacts > Advanced view) that restrict which locations can be used, and the list includes the current location, then the tool updates those connections to allow the cloud location document. This is necessary so that users can continue to access on-premises application servers using the new cloud location. Chapter 5. Onboarding users 111 v If the user has Account documents (Contacts > Advanced view) that restrict which locations can be used, and one of the locations is the current location, the tool updates the Account documents so that they can be used from the cloud location. v If the user is not yet using the Notes ID file they will use in the service, the tool sets the Notes client to download the new ID the next time the user logs in to the Notes client. This is done by assigning values to the following Notes.ini settings: – Location – – – – – – KeyFileName KeyFileName_Owner MailServer MailFile ID VaultLastServer ID VaultLastFlushTime Note: The IDVault settings are cleared. Then when the user logs in to the Notes client using the service Notes ID, they are prompted to change their password (in most cases). When they do, the client immediately updates the Notes ID in the Connections Cloud ID vault. v Depending on the configuration tasks that have been completed at this time, the tool might shut down the Notes client. If so, a message informs the user, and provides instruction for what to do next (for example, restart Notes and enter the password for your SmartCloud Notes ID, to download the ID file). Again note that sometimes the shutdown is done for purposes other than downloading an ID file. Downloading Notes client software and other entitled software You can easily access the IBM Software Download Center to download IBM Notes and other software to which your company is entitled. Software entitlement is governed by the service Terms of Use and applicable License documents. About this task You can access the site if you have the Administrator account role. You can use the site to download software before or after user subscriptions are activated. To access the Download Center, complete the following steps: 1. Log in to the service as an administrator. 2. Click Apps > Downloads and Setup. 3. In the Software Entitlements section, click View available software to get to the Download Center. 112 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 4. In the Software Downloads page, type the partial or full name of the entitled software in the Find by search text box. Then, click the search icon. Search filter options are available to narrow product results by language and operating system. For more information, see Technote 1674504. Related information: Technote 1674504 Connecting to cloud Activities through the Notes client sidebar Users with collaboration subscriptions in addition to SmartCloud Notes subscriptions are automatically logged in to the cloud Activities server through the Activities sidebar. About this task The Activities sidebar must be installed on the client. To install the Activities sidebar in Notes 8.5.2 or later 8.5x versions, select the IBM Connections Notes installation option. Chapter 5. Onboarding users 113 To install the sidebar in IBM Notes 9.0 Social Edition or later versions, install the IBM Connections Plug-ins. For more information, see the wiki article Where is the Activities Sidebar for Notes 9.0 Social Edition? Activities integration is not supported for Notes 8.5.1. Preparing for IMAP clients If you plan to use IMAP clients, complete these tasks to prepare. Before you begin Read about IMAP clients. About this task Table 32. Tasks to prepare for IMAP clients Task Prepare for onboarding. Why this task is important Additional information Complete? There are tasks to “Preparing for prepare that apply to onboarding” on page all or most clients. 102 Verify that users have Using a supported a supported IMAP client is required client installed. because it provides the best experience for users. IMAP client requirements Be aware of the IMAP client limitations. This information can help with troubleshooting. IMAP client limitations Open the firewall ports that are required for IMAP access. Ports 993 and 465 must be open to allow connections to the service via IMAP. “Configuring the firewall for outbound connections” on page 17 Enable IMAP access IMAP access is not in IBM SmartCloud enabled by default. NotesAdministration. “Configuring IMAP access” on page 98 Preparing to use BlackBerry devices If you plan to use BlackBerry devices that are supported by a Hosted BlackBerry Services subscription, complete these tasks to prepare. Before you begin Read about “BlackBerry devices with a Hosted BlackBerry Services subscription” on page 8. 114 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 About this task Table 33. Tasks to prepare for BlackBerry devices Task Why this task is important Additional information Complete? Prepare for onboarding. There are tasks to “Preparing for prepare that apply to onboarding” on page all or most clients. 102 Verify that this subscription supports the BlackBerry devices that you want to use. The Hosted BlackBerry Services subscription does not support BlackBerry 10. An IBM SmartCloud Notes for Hosted BlackBerry Services subscription enables users to access the service through BlackBerry devices that run operating system versions 4.0 through 7.x. Users who use BlackBerry 10 devices require SmartCloud Traveler for Notes subscriptions instead. For more information about device requirements for each of these subscriptions, see the client requirements. Plan for time that is required to accept and process the Research in Motion terms of use agreement. This step must be complete before you can provision users and can take three to four weeks. After your company purchases a Hosted BlackBerry Services subscription, you must accept the Research in Motion terms of use agreement. Then, wait for an IBM representative to indicate that your subscription setup is complete. Chapter 5. Onboarding users 115 Table 33. Tasks to prepare for BlackBerry devices (continued) Why this task is important Additional information Ensure that devices are set up to use an Enterprise data plan. An enterprise data plan is required to activate the BlackBerry devices for the service. If users currently use personal plans such as BlackBerry Internet Service, they must convert to enterprise data plans. Allow time for users to contact the phone company to make the change and to set up the new plans on their devices. Users should know that they can no longer use personal accounts in the cloud. When users switch from personal plans to enterprise plans, you are likely to see increased costs that are associated with purchasing the new plans and with data usage. Be aware of the BlackBerry device settings that are enforced in the service, such as password requirements. These setting requirements might be different from ones that are currently implemented at your company. If your current policies are different from the cloud policies, communicate this change to users. For more information, see “Settings enforced for BlackBerry smartphones.” Task BlackBerry browser is You can notify users not supported if this behavior is different from what they are accustomed to. Complete? Access to web applications in your corporate intranet or on the Internet through the device is not supported. Settings enforced for BlackBerry smartphones This topic describes the settings that the service currently enforces for BlackBerry® smartphones. Table 34. Settings enforced for BlackBerry smartphones Policy Value Allow users to send outbound messages No through services other than IBM SmartCloud Notes 116 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Table 34. Settings enforced for BlackBerry smartphones (continued) Policy Value The maximum size of a single native attachment that can be downloaded to a smartphone 10240 (KB) The total size of all native attachments that can be uploaded from a smartphone 5242880 (Bytes) The maximum size of a single native attachment that can be uploaded from a smartphone 3145728 (Bytes) Allow users to disable smartphone passwords No Password pattern checks At least 1 alphabetic character and 1 numeric character Number of days after which a smartphone password expires and the smartphone prompts the user to set a new password 90 The number of minutes of inactivity allowed 30 before the smartphone is locked and the user must provide a password to unlock it. Minimum smartphone password length 8 characters Smartphone password required Yes The number of previous passwords that are prevented from being used as new passwords 8 Reset smartphone to factory default settings when smartphone is wiped Yes Allow users to place calls while the smartphone is locked Yes Preparing communications and training Prepare a communications and training plan to help your users, administrators, and help desk personnel make the transition to the service. About this task Prepare to communicate to your users the benefits of the service, the changes to expect, and the steps to take to make the transition. Ensure that your help desk personnel are aware of the communications plan and are prepared to help users follow instructions that are provided in it. For several client-specific sample communications to use as a starting point, see the wiki article Preparing communications about the transition to SmartCloud Notes. Consider use of the following training resources to help users, help desk personnel, and administrators become familiar with the clients and features available with the service: v Preparing training for IBM SmartCloud Notes wiki article v Technote 7040248: Comparison tables of features between IBM Notes, IBM iNotes & IBM SmartCloud Notes web v IBM Multimedia Library for IBM Notes, affordable and proven resource for Notes client training Chapter 5. Onboarding users 117 v Getting started with SmartCloud Notes clients, getting started resources that are provided through the wiki Mail file quota Currently a size limit (quota) of 25 GB is enforced on the mail files of users who were provisioned before November 22, 2014; the mail file size limit of users who are provisioned after this date is 50 GB. An exception is the mail files of SmartCloud Notes Entry users, whose mail files have a 1 GB limit. The sizes of the following mail file elements are factored into the quota calculation: v design elements v documents v view index v Domino Attachment and Object Store (DAOS) element v white space v attachments Full-text index size is not a factor in the quota calculation. Users do not receive warning notifications if they are approaching their mail quota. However, web client users and Notes client users can see how close they are to quota by clicking the quota status bar that is shown near their name in the mail file. When a user’s mail file quota is reached, the user cannot receive mail and the sender of a message receives a delivery failure notification. Some clients continue to allow mail to be sent when quota is reached, as described in the following table. When a user with an over-quota mail file sends a message that cannot be delivered, the user does not receive a delivery notification failure. The service retries sending the delivery failure notification for about a day, and if not successful, deletes the notification. Table 35. Send mail behavior when quota is reached Client Sending mail without saving a copy Sending mail and saving a copy Notes Mail is sent. Mail is sent but not saved. web client Mail is sent. Mail is not sent or saved. Notes Traveler Not supported. Mail is not sent. Mail stays in the Outbox and the client tries to resend. BlackBerry® smartphone Mail is sent. Mail is not sent. Mail stays in the Sent folder and can be resent later. Mail file delegation Using delegation preferences, users can allow other users to manage their mail, calendar, contacts, and to do items. Depending on which client is used, there are some differences in how delegation works with IBM SmartCloud Notes. 118 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Notes client Delegation works in the following way for users who access their mail using the IBM Notes client: v To set up delegation, users set a Mail > Access & Delegation preference. Once set, this preference applies to both the Notes client and the web client. v In the Notes client, users can also delegate management of their Calendar, Contacts, and To Do tasks. v A delegate cannot assign other delegates to a mail file. Web client Delegation works in the following way for users who access mail using the web client: v To set up delegation, users set a Delegation user preference. Once set, this preference applies to both the Notes client and the web client. v In the web client, users can also delegate management of their Calendar, Contacts, To Do tasks, and Notebook. v A delegate cannot assign other delegates to a mail file. Reassigning delegation after a user name change If a delegate’s Notes user name changes, then the owner of the mail file must reassign delegation to the new name. Doing so updates the mail file ACL (access control list) with the new name, which allows the user access to the database. Related tasks: “Changing a user name” on page 145 When the name of a user changes, you edit the user account to change the name in one or more fields that include the user name. After you change the name, a multi-step process occurs. Many of the steps occur asynchronously, so there is no set time by which the rename process completes, although renames generally complete within one day. Adding a SmartCloud Notes subscription to a user account Perform the steps in this procedure to add a IBM SmartCloud Notes subscription to a user account. Adding a subscription is also referred to as provisioning. Before you begin Prepare for onboarding. About this task If you want to add subscriptions for many users at once, you can instead use provisioning change files and the Connections Cloud integration server. Note: In the Account Login section described in this procedure, if you do not provide a distinguished name when you create an account, a system-generated one is created. It is recommended that you allow the system to create this name for you. Doing so ensures that the formula is applied correctly. Note, however, that when the system generates the distinguished name, it does not display in the Distinguished Name field. The distinguished name for each user must be unique. If the system-generated name is already in use, then you are prompted to create Chapter 5. Onboarding users 119 one manually. To determine the text to add to the user's name to form the Distinguished Name, complete the task Forming a distinguished name. Procedure Log on to the service as an administrator. If your account also has the User role, click Admin > Manage Organization. In the navigation pane, click User Accounts. Perform one of the following steps: v If the user already has an account, select the user name and click Edit User Account. v If the user does not have account yet, click Add User Account. 5. If this is a new account, complete the User Information fields. Otherwise, continue to the next step. 1. 2. 3. 4. Table 36. User Information Field Steps Given Type the users' given name, which is sometimes referred to as the first name. Surname Type the user's surname, which is sometimes referred to as the last name. Language Select a language. The language you select here must be the same language as the user's mail file template. Department Optionally provide information such as a department name or organizational code. Role Select one or more of the following roles: v AppDeveloper -- Select this role to give developers sufficient access to create extensions or add internal applications. v User -- This role is required for subscriptions. v Administrator -- Select this role if the user will perform administrative tasks. If you also want to the administrator to have subscriptions, select the User role as well. v Admin Assistant -- An admin assistant can reset logon passwords for a user. If you also want to the admin assistant to have subscriptions, select the User role as well. Important: You cannot assign both the Administrator and the Admin Assistant role to a user. v e-Discovery administrator -- If your company purchased the IBM SmartCloud Archive Essentials subscription, select this role to enable the user to perform e-Discovery administrator tasks. v e-Discovery user -- If your company purchased the IBM SmartCloud Archive Essentials subscription, select this role to enable the user to perform e-Discovery user tasks, such as working with searches. 6. Click Next and in the Subscriptions page select IBM SmartCloud Notes as the mail subscription. Select any other subscriptions that are available that you want to assign to the user. 7. Click Next and complete the Account Login fields: 120 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Table 37. Account Login Field Steps Notes email or Email Complete the following steps to specify the user's Internet mail address. 1. Determine the correct field to use: v If the user account is new, enter the address in the Email field. The value of this field is used as the user's Internet mail address and as the web client login identity. v If the user account already existed, enter the address in the Notes email field. In this case, the value of the Notes email field is used for the user's Internet mail address and the value of the Email field is used as the web client login identity. 2. Enter the first part of the user's SmartCloud Notes Internet email address, typically based on the user's name. For example, for Samantha Daryn you might enter sdaryn. 3. If your company uses more than one Internet domain, select the domain in which the user resides, for example, renovations.com. Distinguished Name Leave this field blank so the system generates a Notes distinguished name. If the system-generated name is in use, you see a prompt. In this case, you must provide a different distinguished name manually, following the rules described in the topic Forming a distinguished name. Initial password for user If this is a new user account, create and confirm a temporary password. This is the password users will use when they log on to the service with the web client for the first time. Important: Make a note of this password to provide to the user. 8. Click Finish. What to do next Check user provisioning status to determine when provisioning is complete or if any provisioning errors occur. Related tasks: “Checking user provisioning status” on page 122 After you add IBM SmartCloud Notes subscriptions to user accounts, check the provisioning status of the users. Related information: Integration server Forming a distinguished name A distinguished name is a unique name that is associated with a IBM Notes ID file. It is used to authenticate a Notes client user, and is seen in Notes mail messages, directories, in database ACLs, and in other groups used by the service. When you create a new user account, the Add User form includes a Distinguished Name field. In most instances you will not complete this field; you can leave it blank and the system will generate a distinguished name for the account based on the user's Chapter 5. Onboarding users 121 name and other information you provide. However, if you decide to create the distinguished name yourself, or if the system-generated one is already in use, you must use the correct formula to create it. About this task It is recommended that you allow the system to create a distinguished name for you. Doing so ensures that the formula is applied correctly. However, the distinguished name for each user must be unique. If the system attempts to generate a name and finds that it is already in use, then you are prompted to create one manually. In this scenario, the formula is provided for you, and you can simply change the user name portion. When the name of a user changes, you can update the information in the Distinguished Name field. Again, you are prompted to create a different one if the name you enter is already in use. Note: System-generated distinguished names do not display in the Distinguished Name field on the Add User or Edit User forms after they are created. Only names you provide display in this field. Use these steps to determine how to form the distinguished name. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. In the SmartCloud Notes Administration window, click Account Settings. 5. When the Account Setup window displays, look at the IBM Notes Names field. This field identifies how your Notes names are formed: Your IBM Notes Names are: User Name/Renovations@Renovations 6. To form the distinguished name, begin with the common name, for example: Samantha Daryn Next add the forward slash (/). Now the example looks like this: Samantha Daryn/ And finally, use the text after the slash but before the at sign (@) to complete the formula. Here is the distinguished name, for this example: Samantha Daryn/Renovations Checking user provisioning status After you add IBM SmartCloud Notes subscriptions to user accounts, check the provisioning status of the users. Before you begin Complete the procedure “Adding a SmartCloud Notes subscription to a user account” on page 119. 122 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. In the Provisioning section of the SmartCloud Notes Administration window, click Provisioning Status. 5. Display the names of the users whose status you want to check. In the Search box, type the beginning characters of any of the following user values: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 6. In the Status field, select one of the following options: Option Description In Progress Show all users in the search results who are in the process of being provisioned. The service is setting up mail files and doing other steps to prepare user accounts. Users that are shown in this view cannot use the SmartCloud Notes service yet. Note: It is possible for user accounts to be in a Held state. This state can be seen only in IBM Connections Cloud user accounts by clicking Home and then User Accounts. The Held state indicates that service is performing routine checks. It does not indicate that there is a problem. Do not delete and then re-add the account. Resolution often takes a few hours or less; however, on some occasions it can take a few days. If you are concerned that the Held state is not changing, contact customer support. Chapter 5. Onboarding users 123 Option Description Done Show all users in the search results who are successfully provisioned. The service has finished preparing the mail files and accounts of these users, and the users can use the service. One of the following states is shown for each user: v Pending: This state indicates that a user has not yet logged in to the SmartCloud Notes service and accepted the terms of use. v Active: this state indicates that a user has logged in to the service and accepted the terms of use. Error Show all users in the search results who cannot be provisioned because of an error. If you see a user in this state, contact support to help you resolve the error. What to do next When users are listed in the provisioning status page as Done and in the Pending state, complete the following steps: 1. If you do not want users to use the default IBM Notes mail file template, assign the users a mail file template. 2. If your company uses extension forms files and you do not want users to the default forms file, assign users an extension forms file. 3. Help users get started with the service. Related tasks: “Changing user mail file templates” on page 139 You can change the mail file template assigned to a user. For example, change the mail template if the IBM Notes client of a user is upgraded to a new version. “Assigning extension forms files to users” on page 140 After an IBM representative uploads an approved extension forms file to the service, you can assign the forms file to users. Extension forms file enable you to customize the visual theme, fonts, the action bar, and other aspects of the web client. “Helping users get started” After user provisioning is complete, help users get started with their mail in the cloud. Helping users get started After user provisioning is complete, help users get started with their mail in the cloud. Before you begin Check user provisioning status; users in the Pending state are ready to begin to use the service. 124 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Providing account information to users After you add a IBM SmartCloud Notes subscription to user account, provide the user with the information that is required to log in to the service. Before you begin Complete the procedure “Checking user provisioning status” on page 122 and verify that users are listed in the provisioning status page as Done and in the Pending state. About this task Users must log in to the service from a browser within 30 days after being assigned a SmartCloud Notes subscription. After logging in, users can begin to use the web client immediately. Users who want to use the IBM Notes client must download and run the SmartCloud Notes client configuration tool to connect the client to the mail server in the service. This tool is available within the service after logging in from a browser. A version of the Notes client that is supported by the service must be installed and set up. The Notes client is available for download from the IBM Notes product page. A SmartCloud Notes subscription includes a license for the client. Note: If a user sees the error ID in vault has expired download time when attempting to connect to the service for the first time from a Notes client, reset the Notes ID password and instruct users to log in again with the new password. Procedure Provide the following information to each user: v The login URL – http://www.ibmcloud.com/social. v The web login name – The value of the Email field in the Account Login tab of the user's Connections Cloud user account. To see user accounts, log in to the service as an administrator, click Administration > Manage Organization, and click User Accounts. v The temporary password -- The first time users log on, they use a temporary password that is created for them at the time their account is created. They are asked to change this password the first time they log on. Note: If users already use another Connections Cloud service, they use the existing web login password. Results When users log in from the browser, they are presented with the Account Updates form. They must click Submit to complete the user registration and activate their account. What to do next Help users get started with the clients they will use in the cloud. Related tasks: Chapter 5. Onboarding users 125 “Getting started with the web client” Complete the following tasks to help users get started with the web client. “Getting started with the Notes Traveler devices” on page 127 Complete the following tasks to help users get started in the cloud with IBM Notes Traveler devices. “Getting started with the Notes client” on page 130 If the IBM Notes client is used with the service, complete the following tasks to help users get started. “Getting started with IMAP clients” on page 131 If IMAP clients are used, complete the following tasks to help users get started with them. Getting started with the web client Complete the following tasks to help users get started with the web client. Before you begin Complete the procedures “Providing account information to users” on page 125 and “Preparing for the web client” on page 104. About this task Table 38. Getting started with the web client Task Why this task is important Additional information Point users to the web client documentation. Users can refer to the SmartCloud Notes web documentation documentation as they begin using the client. Prepare to troubleshoot any login problems. If any user has trouble logging in to the service, you can quickly resolve the problem. See Technote 1496881: SmartCloud Notes user cannot log on (Optional) If instant messaging is enabled for your company, make sure that users also enable it in client preferences. Instant messaging must be enabled in client preferences and in SmartCloud Notes Administration. To enable instant messaging in the web client, users click More > Preferences > Instant Messaging and select Enable instant messaging. For information on configuring instant messaging in SmartCloud Notes Administration, see “Configuring instant messaging” on page 83. 126 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Complete? Table 38. Getting started with the web client (continued) Task (Optional) In hybrid environments, install and configure the IBM Notes Browser Plug-in Why this task is important Additional information The plug-in allows web client users to access Notes applications on on-premises Domino servers. v Notes Browser Plug-in requirements Complete? v Notes Browser Plug-in documentation for the service Getting started with the Notes Traveler devices Complete the following tasks to help users get started in the cloud with IBM Notes Traveler devices. Before you begin Complete the procedures “Providing account information to users” on page 125 and “Preparing for Notes Traveler devices” on page 106. About this task Table 39. Getting started with Notes Traveler devices Why this task is important Additional information If you did not add the Notes Traveler add-on subscription during user provisioning, add it now. This subscription must be added for users to access their mail in the cloud through mobile devices that are supported by the Notes Traveler service. “Adding a Notes Traveler subscription to a user account” on page 128 Uninstall any previous Notes Traveler accounts from devices. This step prevents devices from attempting to continue to get mail from an on-premises server. Remove user accounts from any on-premises Notes Traveler servers. This step prevents the on-premises servers from attempting to connect to mail files in the service to which they no longer have access. “Removing user accounts from on-premises Notes Traveler servers” on page 129 Point users to the Notes Traveler documentation. The documentation describes how to get started with each of the supported devices. Notes Traveler documentation Task Complete? Chapter 5. Onboarding users 127 Table 39. Getting started with Notes Traveler devices (continued) Why this task is important Additional information (Optional) On the Apple iPhone, recommend that users enable the Ask Before Deleting setting. This setting helps prevent users from deleting messages by mistake. On the phone, select Settings > Mail, Contacts, Calendars > Ask Before Deleting Prepare to troubleshoot. You can quickly resolve any problems. Refer to the following section of the Notes Traveler documentation: Troubleshooting, known limitations, and restrictions Task Complete? Related tasks: “Managing IBM Notes Traveler devices” on page 156 For each user with an IBM Notes Traveler subscription, you can view information about the user's mobile device. You can also wipe the device to remove sensitive data from it, for example, if the device is lost or stolen. Adding a Notes Traveler subscription to a user account To enable a user to connect to the service through a mobile device supported by IBM Notes Traveler, add the subscription to the user’s account. About this task The following steps describe how to add a subscription to the account of a user who already has a Notes Traveler subscription. You can also add the subscription when you first add the user account. For information about adding user accounts, see the topic Administering user accounts. Procedure 1. 2. 3. 4. Log on to the service as an administrator. If your account also has the User role, click Admin > Manage Organization. In the navigation pane, click User Accounts. Click the arrow next to a user's name and select Edit User Account. 5. Click Next. 6. In the Subscription Add-ons section, select the Notes Traveler subscription. 7. Click Save. What to do next The user can now set up the mobile device to connect to the service. For information, see theNotes Traveler documentation. Related tasks: Chapter 6, “Administering user accounts,” on page 137 Though IBM is responsible for the administration and maintenance of the mail servers, there are tasks that you perform through an administration interface at http://www.ibmcloud.com/social. Related information: 128 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Notes Traveler Removing user accounts from on-premises Notes Traveler servers After a user sets up a device to connect to the service, if you use a hybrid environment, remove all accounts the user has on on-premises IBM Notes Traveler servers. About this task To remove users’ on-premises Notes Traveler accounts, deny users access to the on-premises Notes Traveler server as described in the topic "“Restricting access using server document access fields”." Then delete the users from the Notes Traveler server. In addition, remove any previous on-premises Notes Traveler client software or account from mobile devices. Restricting access using server document access fields: Deny service users access to on-premises IBM Notes Traveler servers. Procedure 1. From the Domino Administrator client, select the IBM Notes Traveler Server document. 2. Click Edit Server. 3. Click the IBM Notes Traveler tab. 4. Populate either the Access Server or Not Access Server field with the names of users and groups. Users defined as Domino 'Full Access Administrators' have access regardless of how the Not Access Server or Access Server fields are configured. Users denied access to Domino through the Domino Not Access Server or Access Server fields under the Security tab of the server document cannot access Notes Traveler. Table 40. Server access fields Field Description Access Server Select the option users listed in all trusted directories to allow access to Notes Traveler only to people that have person documents in either the primary directory of this server or any secondary directories that trusted credentials using Domino directory assistance. You can also select individual names of users and groups to allow access to this Notes Traveler server. A blank entry means that all users can access Notes Traveler except any who are listed in the Not Access Server field. Chapter 5. Onboarding users 129 Table 40. Server access fields (continued) Field Description Not Access Server Select the names of users and groups that should be denied access to this Notes Traveler server. A blank entry means that no users are denied access. Note: Entering names in the Access Server field automatically denies access to those names not listed. 5. Click Save & Close. What to do next Delete users from on-premises Notes Traveler servers. Deleting a user from Notes Traveler servers: Remove service users from all on-premises IBM Notes Traveler servers. Procedure 1. Run the following command: tell traveler delete * <username> 2. Run the following command: tell traveler security delete * <username> Note: If the user has already been deleted from the Domino directory, then the full user name must be specified. For example: tell traveler delete * "CN=John Doe/OU=Raleigh/O=IBM" The previous two steps should completely remove the user, but you can verify with these additional steps: 3. Open the Notes Traveler administration application and verify that there are no entries for the user. 4. Open ntsclcache.nsf and verify that there are no entries for the user. Getting started with the Notes client If the IBM Notes client is used with the service, complete the following tasks to help users get started. Before you begin Complete the procedures “Providing account information to users” on page 125 and “Preparing for Notes clients” on page 108. 130 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 About this task Table 41. Getting started with the Notes client Why this task is important Additional information Users require instructions to download and run the client configuration tool to connect to a mail server in the cloud. For more information, see the Notes section of the IBM SmartCloud Notes user documentation. Prepare to troubleshoot any problems. If a user has trouble connecting the Notes client to the cloud mail server, you can quickly resolve the problem. Technote: Could not connect to server when running IBM SmartCloud Notes liveConfig application (config.nsf) (Optional) If users exported contacts and calendar entries from their original mail files, import the entries into the new mail files in the cloud. If mail files are not transferred to the service, this step enables users to preserve their existing calendar and contacts. For more information, see the topic about exporting and importing calendars in the Notes client help. (Optional) Manually configure the client to connect to the service instant messaging community. One reason to do this is if you want users to be able to connect to both an on-premises community and the service community. “Manually configuring Notes clients to connect to the service instant messaging community” on page 87 Task Point users to the documentation. Complete? For complete documentation on using Notes, see the help that comes with the client. Getting started with IMAP clients If IMAP clients are used, complete the following tasks to help users get started with them. Before you begin Complete the procedures “Adding a SmartCloud Notes subscription to a user account” on page 119 and “Configuring IMAP access” on page 98. Chapter 5. Onboarding users 131 About this task Table 42. Getting started with IMAP clients Why this task is important Additional information Point users to the documentation. The documentation describes how to get started with each supported IMAP client. Enabling IMAP access Read the documentation on IMAP client limitations. This information can be helpful with troubleshooting. IMAP client limitations Task Complete? Getting started with BlackBerry devices If BlackBerry devices supported by a Hosted BlackBerry Services subscription are used, complete the following tasks to begin using the devices with the service. Before you begin Complete the procedures “Providing account information to users” on page 125 and “Preparing to use BlackBerry devices” on page 114. About this task Note: If BlackBerry 10 devices are used, see “Getting started with the Notes Traveler devices” on page 127, instead. Accepting the Research In Motion terms of use An authorized person from your company must accept the Research In Motion® terms of use. This person receives an email notification with instructions that include a link to the terms of use document. About this task After you accept the Research in Motion terms of use, you must wait to receive a notification from an IBM Customer Service Representative indicating that your company’s BlackBerry® subscription setup is complete. You must receive this notification before you can add BlackBerry subscriptions to user accounts. Related tasks: “Preparing to use BlackBerry devices” on page 114 If you plan to use BlackBerry devices that are supported by a Hosted BlackBerry Services subscription, complete these tasks to prepare. Adding a BlackBerry subscription to a user account To enable a user to connect to the service through a BlackBerry® smartphone, add a SmartCloud Notes for Hosted BlackBerry® Services subscription to the user account. 132 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Before you begin Before you can add BlackBerry® subscriptions to user accounts, you must receive a notification from an IBM Customer Service Representative that the subscription for your company has been set up. About this task The following steps describe how to add the subscription to a user account that has already been created with a SmartCloud Notes subscription. You can also add the subscription at the same time you create the user account. Procedure 1. 2. 3. 4. Log on to the service as an administrator. If your account also has the User role, click Admin > Manage Organization. In the navigation pane, click User Accounts. Click the arrow next to a user's name and select Edit User Account. 5. Click Next. 6. Under Subscription Add-ons, select SmartCloud Notes for Hosted BlackBerry Services. 7. Click Next and then Finish. Related tasks: “Adding a SmartCloud Notes subscription to a user account” on page 119 Perform the steps in this procedure to add a IBM SmartCloud Notes subscription to a user account. Adding a subscription is also referred to as provisioning. Removing user accounts from an on-premises BlackBerry Enterprise Server If your company uses a hybrid environment and you have transferred user mail files to the service, before you activate devices for the service, remove all accounts users have from any on-premises BlackBerry® Enterprise Servers, and then wipe the user devices. If you do not complete these steps, obsolete on-premises information can be provided to the service. Completing these steps is also important to prevent on-premises servers from consuming resources by repeatedly attempting to access mail files in the service to which they no longer have access. About this task For information on removing accounts, see BlackBerry Knowledge Base document KB04169. Related information: BlackBerry Knowledge Base document KB04169 Activating a user's BlackBerry smartphone After you add a BlackBerry® subscription to a user account, the user's smartphone must be activated to enable it to be used with the service. Before you begin The user's wireless carrier plan must be an Enterprise plan rather than a Personal plan. A smartphone cannot be activated for the service when a Personal plan is used. Chapter 5. Onboarding users 133 Complete the procedures “Adding a BlackBerry subscription to a user account” on page 132 and “Removing user accounts from an on-premises BlackBerry Enterprise Server” on page 133. About this task To begin the activation process, a one-time activation password is created in the service. You can create this activation password, or the user can create it. After creation of the activation password, the user's smartphone is ready to be activated. To activate the smartphone, the activation password and the user's service Internet email address are entered on the smartphone using the Enterprise Activation option. The following steps are performed to activate a user's smartphone. You can perform these steps, or the user can perform them as described in Using your BlackBerry smartphone with SmartCloud Notes. Procedure 1. If the smartphone has been used before, perform the following steps. a. Back up any existing data. For instructions, see the BlackBerry Knowledge Base article How to back up the data on a BlackBerry smartphone. b. Wipe the smartphone. For instructions, see the BlackBerry Knowledge Base article How to delete all data and applications from the BlackBerry smartphone using the Wipe Handheld option. 2. To begin the activation process, perform the following steps to create an activation password: a. Log on to the service as an administrator. b. If your account has the user role, click Admin > Manage Organization. c. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. d. Under User and Groups, click Users. e. In the Search box, type the beginning characters of any of the following user values to display the user's name: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 134 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 f. Click the user's name in the search results. g. Click Manage BlackBerry Smartphone. h. Click Activate Now, create a one-time activation password, and then click Set Password. Note: Alternatively, the user can create the activation password through the service web site. 3. To activate the smartphone, refer to the following table and perform the steps that are shown for the operating system (OS) version of the smartphone. Activation can take from a few minutes to an hour, depending on the size of the mail file. After performing these steps, look for the Activation Complete message on the smartphone, which indicates that activation is successful. OS version Steps to activate OS4, OS5 1. From the Home screen of the smartphone, click Manage Connections and then enable your Mobile Connection. 2. From the Home screen of the smartphone, click Options > Advanced Options > Enterprise Activation. 3. Enter your SmartCloud Notes Internet email address, for example sdaryn@renovations.com. 4. Enter the activation password. 5. Click the track ball and select Activate. Note: Leave the Activation Server Address field blank, if you see it. OS6, OS7 1. From the Main screen of the smartphone, click Options > Device > Advanced System Settings > Enterprise Activation. 2. Enter the SmartCloud Notes Internet email address, for example sdaryn@renovations.com. 3. Enter the activation password. 4. Click the Activate button. 4. If you backed up data before activating, restore the data now. For information, see the BlackBerry Knowledge Base article How to use BlackBerry Desktop Software to restore data to a BlackBerry smartphone from a backup file. Related tasks: “Providing documentation to your BlackBerry smartphone users” on page 136 BlackBerry® smartphone users with a hosted BlackBerry subscription can activate and manage their smartphones themselves using options available through the service website at http://www.ibmcloud.com/social. To help users perform these tasks and to troubleshoot problems, point them to the user documentation. Ensuring that mail encryption is available for BlackBerry smartphone users To encrypt and sign mail with a BlackBerry® smartphone, a user’s IBM Notes ID file must be uploaded to the ID vault in the service. Chapter 5. Onboarding users 135 About this task If a user is unable to send and receive encrypted mail, the user’s ID file is not in the ID vault. This situation can occur if the user waits more than five days to log on to the service after being provisioned. To upload the ID file in this situation, use SmartCloud Notes Administration to reset the Notes password. The smartphone prompts the user to provide the new password and then to change the password. After that point, the user no longer provides a Notes password. The user provides only the smartphone password. Related tasks: “Resetting passwords for Notes IDs” on page 31 Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. Providing documentation to your BlackBerry smartphone users BlackBerry® smartphone users with a hosted BlackBerry subscription can activate and manage their smartphones themselves using options available through the service website at http://www.ibmcloud.com/social. To help users perform these tasks and to troubleshoot problems, point them to the user documentation. About this task BlackBerry smartphone users can perform the following tasks themselves: v Activate a smartphone v Reactivate a smartphone to correct a problem v Activate a different smartphone v Wipe a smartphone Instructions for performing these tasks can be found in the “Using your BlackBerry smartphone with SmartCloud Notes ” section of the user documentation. Note: For information on using a BlackBerry® 10 device, see the Notes Traveler documentation for SmartCloud Notes. Related information: Using your BlackBerry smartphone with SmartCloud Notes Notes Traveler documentation 136 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Chapter 6. Administering user accounts Though IBM is responsible for the administration and maintenance of the mail servers, there are tasks that you perform through an administration interface at http://www.ibmcloud.com/social. About this task You must have the Administrator role assigned in a user account to perform most administration tasks. An exception is resetting the service login password for a user account, which can also be performed by someone with the Admin Assistant role. Viewing assigned mail file templates You can view the mail file template that is assigned to a service user. About this task If only the template ID displays in the field, the template assigned to the user has been removed from the template repository. Although the user's mail file is not affected, you should assign a new template. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. In the Search box, type the beginning characters of any of the following user values to display the user's name: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 137 7. Look in the Mail Template field, which includes the following information: v Name v Version v Language v Template ID number Related concepts: “Language versions of the standard mail file template” The mail file template supported in the service is the IBM Notes Standard 8.5 template (STDR85Mail). This topic lists the languages in which this template is provided. Related tasks: “Configuring mail file templates” on page 63 Configure which mail file templates can be applied to user mail files and configure a mail file template to use by default. Language versions of the standard mail file template The mail file template supported in the service is the IBM Notes Standard 8.5 template (STDR85Mail). This topic lists the languages in which this template is provided. v English (en) v Arabic (ar) v v v v v Catalan (ca) Czech (cs) Danish (da) German (de) Greek (el) v Finnish (fi) v v v v v v v v French (fr) Hebrew (he) Hungarian (hu) Italian (it) Japanese (ja) Korean (ko) Dutch (nl) Norwegian (no) v Polish (pl) v Portuguese (pt) v v v v v Portuguese, Brazil) (pt_BR) Russian (ru) Slovak (sk) Slovenian (sl) Swedish (sv) v Thai (th) v Turkish (tr) v Chinese, China (zh_CN) v Chinese, Taiwan (zh_TW) 138 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 v Spanish (es) Changing user mail file templates You can change the mail file template assigned to a user. For example, change the mail template if the IBM Notes client of a user is upgraded to a new version. Before you begin Make sure that users are offline when you change their templates. About this task When you change a user's mail file template, custom folders in the mail file inherit the design of the Inbox folder. Custom folders are user-created folders or company-created folders from a custom template that is used in the service. Note: If you change the languages of a user's IBM SmartCloud Notes subscription, you then also need to change the language of the mail file template. Procedure 1. Log on to http://www.ibmcloud.com/social using the email address and password of a SmartCloud Notes user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. In the Search box, type the beginning characters of any of the following user values to display the user's name: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 6. Select the name of each user to change to a specific template. You can search for and select more names; previously selected names remain selected. 7. Click Apply Mail Template. 8. Select the template to use. 9. Click Apply Mail Template. Chapter 6. Administering user accounts 139 10. Click Confirm. 11. Click Continue. Related information: Integration server and user provisioning change files Assigning extension forms files to users After an IBM representative uploads an approved extension forms file to the service, you can assign the forms file to users. Extension forms file enable you to customize the visual theme, fonts, the action bar, and other aspects of the web client. About this task You can assign extension forms files to users explicitly. You can also assign extension forms files to users implicitly by setting a default extension forms file. The following topics describe how to use IBM SmartCloud Notes Administration to assign extension forms files. You can also use user provisioning change files and the IBM Connections Cloud integration server. For more information, see the integration server section of the Connections Cloud documentation. Related tasks: “Using extension forms files to customize the look of the web client” on page 64 You can use an extension forms file to customize the visual theme, fonts, the action bar, and other aspects of the web client. For example, you can add graphics, change colors, and add new menu items. Related information: IBM Connections Cloud documentation Setting a default extension forms file Optionally set a default extension forms file that applies to all current and future web client users who are not explicitly assigned an extension forms file. Before you begin An IBM representative must upload the approved extension forms file to the service. About this task If you do not specify a default extension forms file, users without an explicit extension forms file see the default service behavior. The default service behavior is similar to IBM iNotes 9.0. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Extension Forms Files. 5. Select the forms file and click Set as Default. 140 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Results The change takes effect the next time web client users log in to the service. In the list of files in the Extension Forms Files page, the text [default] is shown after the file name. The file is also shown in the Defaults page, in the Default Extension Forms File section. To see whether a user uses the default forms file, from SmartCloud Notes Administration, click Users and select the name of the user. If the user uses the default extension forms file, the value of the Forms extension field is Default (forms file), where forms file is the name of the default extension forms file. You can disable a default extension forms file and revert to the default service behavior. To do so, perform this procedure and in the last step select None in the files list and click Set as Default. The extension forms file remains available and you can re-enable it as the default at any time. Explicitly assigning an extension forms file to many current users You can assign a forms file to all current users, to users who are explicitly assigned a different extension forms file, or to users who are not explicitly assigned an extension forms file who use the default behavior. Before you begin An IBM representative must upload the extension forms file to the service. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Extension Forms Files. 5. Select the extension forms file to assign and click Apply to Users. Note: To remove an explicit forms file assignment and revert to the default forms file or the default service behavior, select None [default]. 6. Perform the steps in the following table that correspond to your objective. Table 43. Steps to assign an extension forms file to many users Objective Steps Assign to all users in the service. Click Apply to > All users. Note: An alternative approach is to set a default extension forms file. A default file is used by all current and future users who are not assigned an extension forms file explicitly. Assign to all users who are not currently assigned to the selected forms file. 1. Click Apply to > Users of a different extension forms file. 2. Select the current extension forms file of the users. Chapter 6. Administering user accounts 141 Table 43. Steps to assign an extension forms file to many users (continued) Objective Steps Assign to all users who are not explicitly assigned an extension forms file. 1. Click Apply to > Users of a different extension forms file. 2. Select None (default). 7. Click Apply. Results If you click Cancel or close the window before the changes are complete, the change is cancelled only for users not yet processed. The extension forms file changes take effect the next time the web client users log in to the service. If you click Users from SmartCloud Notes Administration and select the name of a user, the Forms extension field shows the extension forms file. Explicitly assigning an extension forms file to individual current users You can explicitly assign an extension forms file to individual current users. The explicit assignment overrides the default behavior for your company. Before you begin An IBM representative must upload the extension forms file to the service. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. Display the names of the users to whom you want to assign the forms file. In the Search box, type the beginning characters of any of the following user values: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations 142 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 6. Select the names of the users from the search results. 7. Click Apply Extension Forms File. 8. Select the file and click Apply. Results If you click Cancel or close the window before the changes are complete, the change is cancelled only for users not yet processed. The extension forms file changes are visible the next time the user uses the web client to log in to the service. If you click Users from SmartCloud Notes Administration and click a user name to see details about the user, the Forms extension field shows the extension forms file. To remove an explicit extension forms file assignment, repeat the procedure and in the last step select None in the list of file names and click Apply. Users then use the default extension forms file, if specified, or the default service behavior. Resetting service login passwords Users can reset their own service login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset service login passwords for any user at any time. About this task Reset passwords when userd forget their passwords, or when the password might be compromised. Users that log in by clicking Use My Organization's Login are using a federated identity and can reset their passwords only by following their company's process. If administrators enable password synchronization, when users change their service login passwords, they can also use the new passwords to log in to the IBM Notes client. Follow these steps to reset any user's password: Procedure 1. 2. 3. 4. Click Administration > Manage Organization. Click User Accounts. Select the arrow next to the user that needs the password changed. Select Reset password and enter the new password. This password is a temporary password that the user enters the next time that they log in. At that time, the user is asked to create a password. You can also reset the password by editing the user account. Click the appropriate user name in User Accounts and enter a new password in the Account Login tab. Chapter 6. Administering user accounts 143 5. Notify the user of the password change. The user is not automatically notified that the password was reset. Make sure to communicate this change to the user, along with the new password if needed. What to do next Administrators can enable security settings to enforce password expiration through System Settings > Security. When s user logs in with an expired password, the user is prompted to reset that password. Resetting passwords for Notes IDs Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. About this task This procedure applies only to passwords associated with Notes ID files used with Notes clients, and not to service login passwords. Procedure 1. Log on to http://www.ibmcloud.com/social using the e-mail address and password of a SmartCloud Notes user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. In the Search box, type the beginning characters of any of the following user values to display the user's name: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 7. Under Available actions for this user, click Reset IBM Notes Password. 8. Enter a new password, and then click Save Changes. The password must be at least eight characters in length. 144 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 9. Provide the new password to the user in a way that complies with your company security policies. Results After you complete this procedure, the user can log on to a SmartCloud Notes server from an IBM Notes client using the new password. After logging on with the new password, the user is prompted to change the password. Note: If the Wrong Password prompt is displayed, tell the user to re-enter the new password that you provided. If that step does not solve the problem, tell the user to delete the local ID file and then re-enter the password. The user has five days from the time you reset a password to use the password to log on to a SmartCloud Notes mail server and download the new password to the Notes client. If the 5-day limit is exceeded, the user sees the following message and you must reset the password again: Contact your company administrator to have your Notes ID password reset. Related concepts: “Notes IDs and passwords” on page 35 When users connect to their mail servers in the cloud with IBM Notes clients and Notes IDs, they are authenticated using Notes Remote Procedure Call (NRPC) authentication. Related tasks: “Resetting service login passwords” on page 30 Users can reset their own service login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset service login passwords for any user at any time. “Setting password expiration for Notes IDs” on page 32 For users who access the service with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. “Enabling password synchronization” on page 33 When users change their service login passwords, password synchronization enables the users to use the new passwords when they log in to the IBM Notes client. Changing a user name When the name of a user changes, you edit the user account to change the name in one or more fields that include the user name. After you change the name, a multi-step process occurs. Many of the steps occur asynchronously, so there is no set time by which the rename process completes, although renames generally complete within one day. Before you begin Before you change the distinguished name, the name that is associated with a Notes ID file and shown in Notes mail, understand how to form a distinguished name. For more information, see Forming a distinguished name. For additional information on changing user names, see the article What You Should Know Before You Change a SmartCloud Notes User’s Name in the Connections Cloud wiki. Chapter 6. Administering user accounts 145 About this task If you change a user’s distinguished name, follow these guidelines to ensure a successful rename operation: v Do not do two successive renames, one right after another. Wait until the user who is being renamed accesses the SmartCloud Notes service with their existing name before you issue a subsequent rename. v Do not change the distinguished name of a user who was just added to the SmartCloud Notes service. Wait until after the user accesses the service before you change the name. v Be very careful when you enter the distinguished name. v If a rename fails to complete, contact IBM SmartCloud Notes Support. Tip: If the IBM Notes user name of a delegate changes, then the owner of the mail file must reassign delegation to the new name. Reassigning delegation updates the mail file access control list (ACL), allowing the delegate to access the database. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the navigation pane, click User Accounts. 4. Click the arrow next to a user's name and select Edit. 5. Change the name in any field. Table 44. Fields that reflect the user name Fields to Change Description Under User Information, the Given name and Surname fields When you change the name in one or both of these fields, the account name changes. This name is the one that applies to all subscriptions enabled for the user. Note: Users can change their account names themselves by editing My Account Settings. Under Account Login, the Distinguished Name field This name identifies users for authentication in Notes and is used when users send Notes mail. When you change the distinguished name, the name is changed in directories, in database ACLs, and in other groups that are used by the service. Only the common name portion of a distinguished name changes. For example, in the distinguished name sdaryn/renovations, only sdaryn can be changed. Make sure that you know how to form a distinguished name. Important: Before you save your changes, make sure that you typed the new name correctly. After you save your changes, do not make any further corrections or changes to the Distinguished Name field before the name change process completes. See the table that follows for information about the timing of name changes. 146 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Table 44. Fields that reflect the user name (continued) Fields to Change Description Under Account Login, the Email field, and the Notes Email field, if shown. Email is the account login identity. If there is no Notes Email field, the login identity is also the user’s Notes Internet mail address. Notes Email is the user’s Notes Internet mail address. This field is shown only if a subscription other than SmartCloud Notes was added first, and the SmartCloud Notes subscription was added later. 6. Click Finish. Results Use the information in this table as a guideline for how long each name change takes to complete. Table 45. Rename Completion Time Field Rename Completion Under User Information, the Given name and Surname fields The change occurs immediately, and the new name displays the next time that the user logs in. Under Account Login, the Distinguished Name field This name change usually completes in about a day. However, because renaming is a multi-step sequential process, a delay in any step can cause the rename to take longer. While the name is being changed, the current user name remains valid. After the name change completes, the updated name displays the next time that the user logs in from the Notes client. Tip: You can tell if this change is complete by checking the name in the Users list in SmartCloud Notes Administration. Under Account Login, the Email field, and the Notes Email field, if shown. The change occurs immediately, and the user is informed of the change the next time the user logs in. Related information: Integration server Removing a SmartCloud Notes subscription from a user account When you remove a SmartCloud Notes subscription from a user's account, the subscription is available for another user. The account identity still exists, unless you delete the user account, and is still active, unless you suspend the user. The user can still log in to the cloud service, but the user no longer has access to SmartCloud Notes. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. Chapter 6. Administering user accounts 147 In the navigation pane, click User Accounts. Click the name of the user to edit the user account settings. Click Next to select the Subscriptions tab. Perform one of the following steps: v If the user has more than one subscription, select Customize the subscriptions for this user and in the Mail field select None selected. v If the user has only a SmartCloud Notes subscription, select None. 7. Click Next and then Finish. 3. 4. 5. 6. 8. The Edit User Summary window indicates that subscription removal is in progress. When you click Back to User Accounts, SmartCloud Notes is removed from the Subscription column for the user. Results v The subscription is no longer assigned and is available for another user. v The mail file becomes inactive. The owner, or a user who has delegation access, cannot open it. Mail is no longer delivered to the mail file. v If you remove the subscription within seven days of creating it, all user data is removed from the mail server in the service. User data includes the mail file and Notes ID (if the IBM Notes client was used to access mail in the service). v If you remove a subscription that existed longer than seven days, user data (including the mail file and vaulted Notes ID) remains on the servers in the service for 30 days. To see whether a user's data is still in the service, from SmartCloud Notes Administration, click Users and then Deleted Users. If the user's name is listed, the data is still in the service. You can force the data to be deleted by clicking Delete Data. What to do next If you want to add the subscription to the user account once again, be aware of the following considerations: v If you removed the user's SmartCloud Notes subscription and the user name is shown in the Users > Deleted Users page of SmartCloud Notes Administration, the user data is still in the service. In this case, when you add back the subscription, the user regains access to the mail file and the name is removed from the Deleted Users page. v If you removed the user's SmartCloud Notes subscription and the user name is not shown in the Users > Deleted Users page, the user data has been removed from the service. In this case, when you add back the subscription, the user does not have access to the previous version of the mail file. The user will get a new mail file and a new Notes ID. Related tasks: “Deleting a user account” on page 149 When you delete a user's account, the user no longer has access to any cloud services. If you change your mind about the deletion, you have up to 30 days to restore the account to full functionality. “Suspending a user account” on page 149 You can suspend a user account. When an account is suspended, the user cannot log in to the service. If the user is logged in at the time the account is suspended, the user can continue working, but cannot log in again after logging out. No subscriptions are available to the user, but they remain assigned to the user. Also, the user identity and user data remain on servers in the service. Related information: 148 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Integration server Suspending a user account You can suspend a user account. When an account is suspended, the user cannot log in to the service. If the user is logged in at the time the account is suspended, the user can continue working, but cannot log in again after logging out. No subscriptions are available to the user, but they remain assigned to the user. Also, the user identity and user data remain on servers in the service. About this task Use these steps to suspend a user account, which affects all subscriptions assigned to a user. If a user has other subscriptions that you want to remain available to the user, a Customer Service Representative can suspend a subscription, rather than suspending an entire account. In that case, the user can log in to the service and there is no interruption to other subscriptions. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the navigation pane, click User Accounts. 4. Click the arrow next to a user name and then click Suspend. Results The following results occur when a user account is suspended: v Subscriptions remain assigned, and cannot be assigned to other users. v The user cannot log in and is not listed in the company directory. v The mailbox becomes inactive and the owner cannot open it. However, someone who has delegation access to the mail file can open it. v Mail is not delivered to the mailbox. v You can reset the user account password. Note: To return a suspended account to active status, edit the user account using the previous steps, and in Step 4, click Unsuspend Account. When the account is returned to active status, the mail file is once again available to the user. Related information: Integration server Deleting a user account When you delete a user's account, the user no longer has access to any cloud services. If you change your mind about the deletion, you have up to 30 days to restore the account to full functionality. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. Chapter 6. Administering user accounts 149 3. In the navigation pane, click User Accounts. 4. Click the arrow next to a user name and then select Delete User. 5. Optional: Enter the email address of a user in your organization to whom you want to transfer the deleted user's collaboration resources, such as files. Note: You cannot transfer ownership of the mail file. 6. Click Trash. Results The user whose account is deleted can no longer log in to the service. If the user is logged in at the time of account deletion, he or she can continue to use the service until the session expires. Up to 30 days from the initial account deletion, the following conditions exist: v The user account has the status Trash in the User Accounts page. v The mail file is inactive and cannot be opened by the owner, or by another user who has delegation access to the mail file. Mail is not delivered to the mail file. v The subscriptions associated with the deleted account cannot yet be assigned to other users. v The user data remains in the service. If you deleted the account by mistake, you can restore the account to full functionality, including mail. v You can permanently delete the account to remove the user data and free the subscriptions to be assigned to other users. 31 to 90 days from the initial account deletion, the following conditions exist if you did not permanently delete the account: v The account is no longer visible and you cannot restore it or permanently delete it. v An IBM customer service representative can restore the account. v The subscriptions associated with the deleted account cannot yet be assigned to other users. After 90 days from the initial account deletion, the account is permanently deleted and the following conditions exist: v The account subscriptions can be assigned to other users. v The user data for collaboration subscriptions is permanently deleted. v The SmartCloud Notes user data, such as the mail file, remains for 30 more days. You can permanently delete this data yourself, if you do not want to wait the 30 days. An exception is if the initial account deletion occurred within seven days of adding the SmartCloud Notes subscription. In this case, SmartCloud Notes data such as the mail file is permanently deleted along with other cloud data after 90 days. Note: While the SmartCloud Notes data remains, you cannot create a user account with the same common name and email address as that of the deleted account. After 120 days from the initial account deletion, SmartCloud Notes user data is permanently deleted, if it was not deleted previously. Related tasks: 150 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 “Restoring a deleted user account” After you delete a user account, you have up to 30 days to restore it if you change your mind. Restoring the account returns it to full functionality, including full mail file access. “Permanently deleting a user account” After you delete an account, it remains inactive in the service, and you have 30 days to restore it. If you are sure that you will not need to restore the account, you can permanently delete it within 30 days of the initial account deletion. Permanently deleting an account frees its subscriptions for other users. “Removing the SmartCloud Notes data for a deleted user account or subscription” on page 153 After a user account is permanently deleted or an IBM SmartCloud Notes subscription is removed from a user account, the SmartCloud Notes data such as the mail file remains for 30 days. Use this procedure to force the deletion of the user data from the service, if you do not want to wait the 30 days. Related information: Integration server Restoring a deleted user account After you delete a user account, you have up to 30 days to restore it if you change your mind. Restoring the account returns it to full functionality, including full mail file access. About this task An IBM customer service representative can restore a user account up to 90 days after the account deletion. Procedure Log on to the service as an administrator. If your account also has the User role, click Admin > Manage Organization. In the navigation pane, click User Accounts. Select Status in the drop-down box and then select Trash to show the deleted user accounts that can be restored. 5. Click the arrow next to the user name and select Restore User. 6. In the window that is shown, click Restore. Related tasks: “Deleting a user account” on page 149 When you delete a user's account, the user no longer has access to any cloud services. If you change your mind about the deletion, you have up to 30 days to restore the account to full functionality. 1. 2. 3. 4. Permanently deleting a user account After you delete an account, it remains inactive in the service, and you have 30 days to restore it. If you are sure that you will not need to restore the account, you can permanently delete it within 30 days of the initial account deletion. Permanently deleting an account frees its subscriptions for other users. Chapter 6. Administering user accounts 151 About this task You cannot restore an account after you permanently delete it. If there is a chance you might need to restore the account, do not complete this procedure. A user account is permanently deleted automatically 90 days after the initial account deletion. Procedure 1. 2. 3. 4. 5. Log on to the service as an administrator. If your account also has the User role, click Admin > Manage Organization. In the navigation pane, click User Accounts. Select Status in the drop-down box and then select Trash. Click the arrow next to the user name and then select Delete User. 6. Optional: Enter the email address of a user in your organization to whom you want to transfer the deleted user's collaboration resources, such as files. Note: You cannot transfer ownership of the mail file. 7. Click Delete. Results v The account cannot be restored. v The subscriptions associated with the account are free to be assigned to other users. v In a service-only environment, if the initial account deletion occurred within seven days of adding an IBM SmartCloud Notes subscription, all SmartCloud Notes user data such as the mail file is permanently deleted immediately. Otherwise, the SmartCloud Notes data remains for 30 more days and is automatically deleted after that period. You can delete this data before then yourself. While this data remains, you cannot create a user account with the same common name and email address as that of the deleted account. What to do next If you want to permanently delete the SmartCloud Notes data immediately, complete the procedure “Removing the SmartCloud Notes data for a deleted user account or subscription” on page 153. Related tasks: “Deleting a user account” on page 149 When you delete a user's account, the user no longer has access to any cloud services. If you change your mind about the deletion, you have up to 30 days to restore the account to full functionality. “Restoring a deleted user account” on page 151 After you delete a user account, you have up to 30 days to restore it if you change your mind. Restoring the account returns it to full functionality, including full mail file access. 152 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Removing the SmartCloud Notes data for a deleted user account or subscription After a user account is permanently deleted or an IBM SmartCloud Notes subscription is removed from a user account, the SmartCloud Notes data such as the mail file remains for 30 days. Use this procedure to force the deletion of the user data from the service, if you do not want to wait the 30 days. About this task In most situations, there is no need to force the deletion of the SmartCloud Notes data. However, if an account is permanently deleted and you want to create a new account that uses the same email address and common name, the SmartCloud Notes data must first be deleted. Note: If the initial account deletion occurred within seven days from the time that you added the SmartCloud Notes subscription, the SmartCloud Notes data is removed immediately after the account is permanently deleted and this procedure is unnecessary. You can delete the data of a user whose SmartCloud Notes subscription was removed but who still has a user account. However, do so with caution; if you later add back the subscription, the user starts with a new mail file and Notes ID in the service. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. In SmartCloud Notes Administration, under Users and Groups, click Users. 5. In the navigation pane, click Deleted Users. 6. Optional: To search for a name if many users are listed, type the beginning characters of any of the following user values: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. Chapter 6. Administering user accounts 153 7. Click Delete Data next to the name of the user whose data you want to remove, and then confirm the deletion. Results The user data is removed from the service and the user name is removed from the Deleted Users page. Related tasks: “Deleting a user account” on page 149 When you delete a user's account, the user no longer has access to any cloud services. If you change your mind about the deletion, you have up to 30 days to restore the account to full functionality. “Permanently deleting a user account” on page 151 After you delete an account, it remains inactive in the service, and you have 30 days to restore it. If you are sure that you will not need to restore the account, you can permanently delete it within 30 days of the initial account deletion. Permanently deleting an account frees its subscriptions for other users. “Removing a SmartCloud Notes subscription from a user account” on page 147 When you remove a SmartCloud Notes subscription from a user's account, the subscription is available for another user. The account identity still exists, unless you delete the user account, and is still active, unless you suspend the user. The user can still log in to the cloud service, but the user no longer has access to SmartCloud Notes. Managing groups You can create and manage groups that can be used when addressing email and scheduling meetings. For example, you might create a group when users frequently send mail to the same set of people. The groups that you create are available from your company's directory in the service. About this task The size of a group is limited. Depending on the number of characters in the names of group members, the group size varies from approximately 800 to 1200 names. If you get a message that your group contains too many members, you can create multiple, smaller groups, and make each of them a member of a group. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. From SmartCloud Notes Administration, click Groups. 5. Perform any of the following group management tasks. When you have finished creating or editing a group, click Save. Table 46. Group management tasks 154 Task Steps Add a group Click Add Group. Include an Internet address for the group Specify the group's Internet address. This address enables you to use the group when sending email to other companies. SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Table 46. Group management tasks (continued) Task Steps Edit a group Click the name of the group to select it. When the group displays, click Edit. Add group members 1. From a new or existing group in edit mode, click Add. 2. Do one of the following: v In the window that displays, select one or more members from the list or enter a name that is not on the list using one of these formats: john@renovations.com "John Doe" <john@renovations.com> v Click Select All to add everyone on the list to your group. 3. Click Add to add the names to the Select Names area, and then click OK. Tip: Use Starts With to skip to the letter of the alphabet that the name begins with. Remove group members Select the name of a group member or click Select All, and then click Remove Selected. Remove a group Select the name of one or more groups, and then click Delete Selected Groups. Viewing subscriptions You can view the subscriptions assigned to existing users, or view the subscriptions that are available to assign to new service users. In addition to the mail service, other subscriptions can include collaboration services. Third-party integrated applications may also display if your organization has enabled them. About this task Use these steps to view the available subscriptions, and find out how many user accounts are available for each subscription. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the navigation pane, click Subscriptions. Viewing assigned subscriptions About this task To view the subscriptions that are assigned to an existing user, perform the following steps. Procedure 1. 2. 3. 4. Log on to the service as an administrator. If your account also has the User role, click Admin > Manage Organization. In the navigation pane, click User Accounts. Locate the user name. The assigned subscriptions are listed in the Subscription column. Chapter 6. Administering user accounts 155 Managing IBM Notes Traveler devices For each user with an IBM Notes Traveler subscription, you can view information about the user's mobile device. You can also wipe the device to remove sensitive data from it, for example, if the device is lost or stolen. About this task Note the following information about wiping a device: v After you issue a wipe request, the device cannot be used with the service again unless you cancel a pending wipe or reactivate the device. v If you remove a user's IBM Notes Traveler subscription, the device information is no longer available in the service and you cannot perform this procedure. In this case, the user can request a device reset through the mobile carrier. v If you cancel a pending wipe, the data is not wiped from the device. v Wipe options are shown only for devices that support them. v If a wipe is done outside the IBM Notes Traveler service, for example, if a user resets a device, the status is not shown. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Click Users in SmartCloud Notes Administration. 5. In the Search box, type the beginning characters of any of the following user values to display the user's name: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 7. Click Manage IBM Notes Traveler Devices to see information about the user's device such as the name, the time it was last synchronized, and the status of a wipe request. If you do not see this option, the selected user does not have a IBM Notes Traveler subscription. 156 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 8. To remove data from the device, click one of the following options: Option Description Wipe Device Select this option to remove the IBM Notes Traveler application and all personal data and settings from the device. After device confirmation, the device is reset to the factory default settings. This option affects all users of the device. Wipe Traveler Data Select this option to remove only the IBM Notes Traveler application and its data, but leave personal data on the device. This option affects only the selected user. 9. If you issue a wipe request, the following options are available: Option Description Refresh Device List Shows the status of a wipe request. Cancel Wipe Cancels a wipe request that shows the status Wipe pending. Reactivate Reactivates a device in the service after a wipe request is complete or fails with an error. Results The following table describes the messages that you might see in the Wipe status field after you issue a wipe request and click Refresh Device List. Table 47. Wipe status messages Wipe status message Description Wipe pending Wipe Device or Wipe Traveler Data was selected. The request will be processed when the device is turned on. Deactivated The device was wiped successfully and is no longer connected to IBM Notes Traveler. If Wipe Traveler Data was selected, Wipe Device can still be selected. Hard reset failed Wipe Device was selected but the device cannot be reset to factory default settings. This error usually indicates that the device is an older model that does not support hard resets. Hard reset confirmed Wipe Device was selected and the device confirmed the request. Application wipe failed A Wipe Traveler Data request failed. This error can occur for older device models. Application wipe confirmed Wipe Traveler Data was selected and the device confirmed the request. Not requested No wipe has been requested. Related tasks: Chapter 6. Administering user accounts 157 “Enabling application passwords” on page 43 Application passwords can be used to provide a secure login for applications that do not support forms-based authentication. For example, they can be used to access applications that require passwords on a mobile device or for organizations that use federated identity and service login passwords are not used. When you enable application passwords, you also have the option of requiring the use of application passwords, and of allowing mobile users to bypass IP restrictions. “Preparing for Notes Traveler devices” on page 106 Before enabling users to use IBM Notes Traveler mobile devices with the service, prepare your environment and the devices. Managing BlackBerry smartphones After activating a user’s BlackBerry® smartphone, perform any of the following tasks to manage it. Related concepts: “Settings enforced for BlackBerry smartphones” on page 116 This topic describes the settings that the service currently enforces for BlackBerry® smartphones. Related tasks: “Getting started with BlackBerry devices” on page 132 If BlackBerry devices supported by a Hosted BlackBerry Services subscription are used, complete the following tasks to begin using the devices with the service. Reactivating a user's BlackBerry smartphone If a user experiences a problem using a BlackBerry® smartphone, activating it again often resolves the problem. Before activating again, back up the smartphone and then wipe it. Wiping removes all data and prevents duplicate Contacts and Calendar entries from occurring when you activate it again. About this task Alternatively, the user can reactivate the BlackBerry. Procedure 1. Back up the smartphone. For instructions, see the BlackBerry Knowledge Base article How to back up the data on a BlackBerry smartphone. 2. Log on to the service as an administrator. 3. If your account also has the User role, click Admin > Manage Organization. 4. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 5. Under User and Groups, click Users. 6. In the Search box, type the beginning characters of any of the following user values to display the user's name: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: 158 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 7. Click the user's name in the search results. 8. Click Manage BlackBerry Smartphone. 9. Perform the following steps to wipe the smartphone: a. Click Wipe b. Click Wipe again to confirm. 10. To begin the activation process, perform the following steps to create an activation password: a. Click Reactivate or Activate Now, depending on the option that is displayed b. Create a one-time activation password and then click Set Password. Remember the password because you or the user enter it on the smartphone in the next step. If you do forget it, you can simply repeat this step to set a new one. 11. To activate the smartphone, refer to the following table and perform the steps that are shown for the operating system (OS) version of the smartphone. Activation can take from a few minutes to an hour, depending on the size of the mail file. After performing these steps, look for the Activation Complete message on the smartphone, which indicates that activation is successful. OS version Steps to activate OS4, OS5 1. From the Home screen of the smartphone, click Manage Connections and then enable your Mobile Connection. 2. From the Home screen of the smartphone, click Options > Advanced Options > Enterprise Activation. 3. Enter your SmartCloud Notes Internet email address, for example sdaryn@renovations.com. 4. Enter the activation password. 5. Click the track ball and select Activate. Note: Leave the Activation Server Address field blank, if you see it. OS6, OS7 1. From the Main screen of the smartphone, click Options > Device > Advanced System Settings > Enterprise Activation. 2. Enter the SmartCloud Notes Internet email address, for example sdaryn@renovations.com. 3. Enter the activation password. 4. Click the Activate button. Chapter 6. Administering user accounts 159 12. If you backed up data before activating, restore the data now. For information, see the BlackBerry Knowledge Base article How to use BlackBerry Desktop Software to restore data to a BlackBerry smartphone from a backup file. Wiping a user's BlackBerry smartphone if it is lost or stolen If a user's BlackBerry® smartphone is lost or stolen, wipe it to remove all data and deactivate it. About this task Wiping a smartphone removes all data from it and deactivates it. If the smartphone is off, it is wiped the next time it is turned on. Alternatively, users can wipe their smartphones themselves. For information on wiping a smartphone as part of reactivating it to correct a problem, see “Reactivating a user's BlackBerry smartphone”. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Under User and Groups, click Users. 5. In the Search box, type the beginning characters of any of the following user values to display the user's name: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 7. Click Manage BlackBerry Smartphone. 8. Click Wipe 9. Click Wipe again to confirm. 160 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Setting a device password on a user's BlackBerry smartphone A device password helps to prevent unauthorized access to a user's BlackBerry® smartphone. Use this procedure to set an initial device password on a user's smartphone or to set a new device password if a user has forgotten the current one. About this task The device password is a different password than the one-time activation password used to activate the smartphone. Procedure 1. Log on to the service as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the navigation pane, click IBM SmartCloud Notes. 4. Under User and Groups, click Users. 5. In the Search box, type the beginning characters of any of the following user values to display the user's name: v Distinguished name, for example, Samantha Daryn/Renovations. v Internet email address, for example, sdaryn@renovations. v Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A “starts with” search is done and the names of any users with matching values in the directory are displayed. For example, the results of a search on ma include the names of users with the following values in the directory: v Madison Armond/Renovations v masmith@renovations v Kristin MacGyver This search does not match the following values: v Emarie Klein/Renovations v tamado@renovations v Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 7. Click Manage BlackBerry Smartphone. 8. Click Set Device Password. 9. Enter a password and then click Set Password. The password must be at least eight characters, including at least one numeric character and at least one alphabetic character. Results A message indicating that you have changed the password is displayed on the smartphone. Chapter 6. Administering user accounts 161 What to do next Provide the password to the user. Related concepts: “Settings enforced for BlackBerry smartphones” on page 116 This topic describes the settings that the service currently enforces for BlackBerry® smartphones. Removing a BlackBerry subscription from a user account You can remove a BlackBerry® subscription from a user account. Procedure 1. 2. 3. 4. Log on to the service as an administrator. If your account also has the User role, click Admin > Manage Organization. In the navigation pane, click User Accounts. Click the arrow next to a user's name, select Edit User Account, and click Next. 5. In the Subscription Add-ons section, clear SmartCloud Notes for Hosted BlackBerry Services. 6. Click Next and Finish. Results The user can no longer use a BlackBerry smartphone with SmartCloud Notes. Frequently asked questions about BlackBerry smartphone administration Table 48. Frequently asked questions about BlackBerry® smartphone administration Question Answer How do I know if a user has a BlackBerry smartphone subscription? 1. From SmartCloud Notes Administration, click Users. 2. Search for the user's name and then select it. 3. Do either of the following steps: v Select Show BlackBerry only to show only users with BlackBerry smartphone subscriptions and see if the user's name is listed. v Click the user's name and see if the value of the BES subscription field has been set to Enabled. How do I know if a user's smartphone is activated? 1. From SmartCloud Notes Administration, click Users. 2. Search for the user's name and then select it. 3. Click Manage BlackBerry Smartphone. 4. If the user's smartphone is not activated, a message is displayed indicating that it needs to be activated. 162 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Table 48. Frequently asked questions about BlackBerry® smartphone administration (continued) Question Answer What do I do if BlackBerry activations fails? Perform these steps: 1. If the BlackBerry smartphone is an OS5 or earlier version, from the Home screen click Manage Connections and then enable your Mobile Connection. 2. Make sure that the user has an Enterprise plan with the wireless carrier rather than a Personal plan. If there is no Enterprise Activation option on the smartphone, the user has a Personal plan and needs to change to an Enterprise Plan. After changing to the Enterprise Plan, reactivate the BlackBerry. 3. Reactivate the BlackBerry smartphone. If I set an activation password, can a user override it? Yes, the activation password is the last one set by either the administrator or the user. What do I do if there are duplicate Calendar or Contact entries on a smartphone? Wipe the smartphone and then reactivate it. How do I tell which operating system (OS) version a BlackBerry smartphone uses? See the BlackBerry Knowledge Base article How to check the model number and version of installed BlackBerry device software on a BlackBerry smartphone. How can I display a user's BlackBerry smartphone device model and other device information? 1. From SmartCloud Notes Administration, click Users. 2. Search for the user's name and then select it. 3. Click Manage BlackBerry Smartphone. Chapter 6. Administering user accounts 163 164 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Chapter 7. Troubleshooting the service Use the following tools and resources to help you troubleshoot a problem with the service. Finding troubleshooting tips in the Support Portal If you need additional troubleshooting information, go to the IBM SmartCloud Notes Support Portal. There you can find troubleshooting information authored by IBM specifically for SmartCloud Notes.. Related information: SmartCloud Notes Support Portal Contacting Support If you are unable to resolve a problem, contact Support. About this task For information, go to http://www.ibmcloud.com/social and select Support > Technical Support. 165 166 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Chapter 8. Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 19-21, Nihonbashi-Hakozakicho, Chuo-ku Tokyo 103-8510 Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. 167 IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. Intel is a registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. 168 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. The RIM and BlackBerry families of related marks, images and symbols are the exclusive properties and trademarks of Research In Motion Limited — used by permission. Research In Motion, RIM, BlackBerry, BlackBerry Enterprise Server and “Always On, Always Connected” are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Privacy policy considerations IBM Software products, including software as a service solutions, (“Software Offerings”) may use cookies or other technologies to collect product usage information, to help improve the end user experience, to tailor interactions with the end user or for other purposes. In many cases no personally identifiable information is collected by the Software Offerings. Some of our Software Offerings can help enable you to collect personally identifiable information. If this Software Offering uses cookies to collect personally identifiable information, specific information about this offering’s use of cookies is set forth below. Depending upon the configurations deployed, this Software Offering may use session cookies that collect each user's user name, session ID, or other application-specific state information for purposes of session management, authentication, or enhanced usability. These cookies cannot be disabled. If the configurations deployed for this Software Offering provide you as customer the ability to collect personally identifiable information from end users via cookies and other technologies, you should seek your own legal advice about any laws applicable to such data collection, including any requirements for notice and consent. For more information about the use of various technologies, including cookies, for these purposes, See IBM’s Privacy Policy at http://www.ibm.com/privacy and IBM’s Online Privacy Statement at http://www.ibm.com/privacy/details the section entitled “Cookies, Web Beacons and Other Technologies” and the “IBM Software Products and Software-as-a-Service Privacy Statement” at http://www.ibm.com/software/info/product-privacy. Chapter 8. Notices 169 170 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Index A access restricting to on-premises servers 129 access control lists see ACL 68 accessibility described 4 account identity deleting 149 removing 152, 153 restoring 151 account settings configuring your environment 26 ACL customizing for mail files 68 ActiveX enabling 59 address filters described 70 administration tasks described 9 administrator role requirement 137 administrators first logon 25 application passwords enabling for mobile applications 43 Client Configuration tool for Notes client 111 comparison service and on-premises 9 custom templates execution security alerts 63 preparing 61 D delegation planning for mail files 119 deployment planning 13 device passwords resetting for BlackBerry devices 161 device wipe for SmartCloud Traveler devices 156 differences between service and on-premises deployments 9 directories finding names in 47 distinguished name forming 122 E bandwidth Notes client 108 web client 104 BlackBerry devices activating 133 reactivating 158 BlackBerry documentation providing to users 136 BlackBerry on-premises servers removing accounts 133 BlackBerry smartphones backing up data 158 encrypted mail 136 frequently asked questions 162 management tasks 158 resetting passwords 161 wiping 160 BlackBerry subscriptions adding a subscription 133 removing a subscription 162 ECLs custom templates 63 email filters examples 70 enabling federated identity management 40 encrypted mail on BlackBerry smartphones 136 examples Internet mail routing using company SMTP host 21 using service SMTP host 23 execution security alerts custom templates 63 expressions in mail filters 70 extension forms files assigning 140 assigning with integration server 140 overview 64 requirements 66 using as default 140 C F calendar details enabling 83 chat See also instant messaging see instant messaging 89 client configuration tool changes made to Notes client FAQs administering the service 9 BlackBerry administration 162 federated identity checklist 39 federated identity management planning 13 B firewalls configuring inbound 17 configuring outbound 17 preparing 17 folders trash folder management 57 FTP downloading journal files 94 G getting started preparing a communications plan 117 groups managing 154 H held status for new accounts 119 I IBM iNotes control enabling 59 IBM Notes clients described 7 preparing for deployment 108 IMAP configuring access 98 folder names 99 inbound connections configuring firewalls 17 information available resources 10 instant messaging configuring 83 configuring communities 87 described 89 on-premises 85 integration server journal files 93 Internet domains configuring 27 configuring additional 29 configuring an MX record 28 verifying ownership 27 IP range bypassing in mobile applications 43 J journal files downloading 94 Notes client sessions Notes mail 95 overview 93 97 111 171 Junk Mail Reports customizing 74 enabling 73 K keyword filters described 70 L Licenses Notes 7 logon first time by administrator 25 Lotus Notes distinguished name forming 122 M mail file reducing size of file 58 mail file templates changing 139 configuring 63 language versions 138 preparing custom 61 viewing assigned template 137 mail files changing templates 139 configuring mail settings 55 configuring trash retention 57 customizing access 68 planning delegation 119 quotas 118 viewing templates 137 mail filters Internet mail creating filters for inbound mail 70 see email filters 70 mail routing planning 17 preparing using SMTP 19, 20 using SMTP 21, 23, 60 using SMTP servers 19 mail rules limiting use 55 mail settings configuring 55 configuring Notes links 56 deleting older mail 58 limiting incoming message size 55 preventing automatic forward 55 mail templates determining template name 119 messages limiting size 55 mobile applications enabling passwords for 43 MX record configuring 28 172 N Q name changes best practices in a service-only environment 145 name finder configuring 47 Name finder Standard and Advanced options 49 network 13 planning 13 network bandwidth Notes client 108 web client 104 new user accounts providing information to users 125 newsletter filter described 70 Notes client deciding whether to use 101 Notes clients authentication 35 changes made by Client Configuration tool 111 Notes ID on BlackBerry smartphones 136 resetting passwords 31, 144 Notes links setting style 56 Notes Traveler adding subscriptions 128 deleting users from on-premises servers 130 device settings 108 preparing devices 106 removing accounts from on-premises servers 129 restricting access to on-premises servers 129 NRPC authentication 35 quotas for mail files O on-premises accounts removing Notes Traveler 129 P password rules by authentication method 46 passwords enabling for mobile applications resetting for Notes ID 31, 144 set expiration dates 31 setting expiration for Notes clients 32, 91 setting for BlackBerry smartphones 161 synchronizing 34, 92 preparing federated identity management 39 Provisioning checking status 122 43 118 R reactivation for BlackBerry smartphone devices 158 for Traveler devices 156 references information resources 10 Research In Motion accepting terms of use 132 RIM see Research In Motion 132 S Sametime configuring 83 feature comparison 89 on-premises 85, 87 SAML planning 13 security planning 13 service-only environment configuring 26 settings for BlackBerry smartphones 116 size limits mail files 118 SmartCloud Notes overview 1 using in service-only environment 5 what's new 2 SmartCloud Notes entry described 6 SmartCloud Notes web described 6 SmartCloud Traveler managing devices 156 SMTP server using to route mail 60 SMTP servers preparing for Internet mail routing 19 spam reporting 79, 80 spam mail reporting 82 status held status 119 subscriptions activating BlackBerry service 133 adding BlackBerry services 133 Notes Traveler 128 adding in a service-only environment 119 in suspended account 149 removing BlackBerry services 162 SmartCloud Notes 147 status of new 122 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 subscriptions (continued) viewing 155 support troubleshooting tips 165 suspended account status 149 T templates changing 139 configuring 63 language versions 138 using custom 139 viewing assigned 137 third-party email setting up IMAP 98 troubleshooting contacting support 165 execution security alerts 63 lost BlackBerry smartphone 160 reporting spam mail 82 tools and resources 165 Troubleshooting Resetting Notes ID passwords 31, 144 troubleshooting tips in the Support Portal 165 U user accounts adding in a service-only environment 119 administering 137 deleting 149 removing from BlackBerry on-premises servers 133 restoring 151 revoking 152, 153 suspending 149 user names changing in a service-only environment 145 W web client customizing 64 description 6 preparing for 104 what's new 2 Index 173 174 SmartCloud Notes: Administering SmartCloud Notes: Service-only Environment March 2015 Printed in USA
© Copyright 2024