SmartCloud Notes Administering SmartCloud Notes: Serice-only Enironment March 2015
SmartCloud Notes Administering SmartCloud Notes: Serice-only Enironment March 2015
Note Before using this information and the product it supports, read the information in Chapter 8, Notices, on page 167.
Contents Chapter 1. Oeriew of SmartCloud Notes................ 1 What's new in SmartCloud Notes....... 1 What's new for SmartCloud Notes administrators 2 Administrators can restore deleted user accounts.............. 2 What's new for SmartCloud Notes users.... 2 Initee status iewable by meeting chair on Notes Traeler deices......... 2 More Windows deices are supported for Traeler.............. 2 Notes Traeler 9.0.1.1 features are aailable.. 2 Notes Traeler 9.0.1.2 features are aailable.. 3 Setup improements for the Notes Traeler Android client............ 4 Enhancements to supported email encoding standards for inbound internet mail.... 4 Accessibility.............. 4 Using SmartCloud Notes in a serice-only enironment.............. 5 SmartCloud Notes clients.......... 6 Web client.............. 6 Traeler deices............ 7 Notes client.............. 7 IMAP client.............. 8 BlackBerry deices with a Hosted BlackBerry Serices subscription........... 8 Feature differences between Notes and Domino and the SmartCloud Notes serice........ 9 Frequently asked questions about administering the serice................ 9 Information resources........... 10 Chapter 2. Planning to deploy the serice............... 13 Planning security and the network...... 13 Network capacity for the web client..... 14 Network capacity for the Notes client.... 14 Planning mail routing and mail settings..... 15 Chapter 3. Preparing for the serice.. 17 Preparing the firewall........... 17 Configuring the firewall for inbound connections 17 Configuring the firewall for outbound connections............. 17 Preparing to use company SMTP serers for Internet mail routing.............. 19 Preparing to use a company SMTP serer to route inbound Internet mail........ 19 Preparing to use a company SMTP serer to route outbound Internet mail....... 20 Example: Routing mail from a serice user to an external user using a company SMTP host. 21 Example: Routing mail from a serice user to an external user using a serice SMTP host.. 22 Chapter 4. Configuring the serice... 25 Logging on as the first company administrator.. 25 Configuring your account settings....... 26 Configuring Internet domains........ 27 Verifying ownership of a domain...... 27 Configuring the MX record for a domain... 28 Configuring additional Internet domains for the serice to use............. 29 Customizing settings........... 29 Enabling the accessible experience for the web client............... 29 Configuring logins........... 30 Resetting serice login passwords..... 30 Setting serice login password expiration.. 31 Managing Notes IDs......... 31 Setting up federated identity management.. 36 Restricting the IP address range..... 42 Enabling application passwords..... 43 Authentication methods by client..... 45 Password rules by authentication method.. 45 Configuring the name finder....... 47 Standard and Adanced Name Finder options 49 Basic name finder illustration...... 51 Basic Quick Search Only name finder illustration............. 52 Standard name finder illustration..... 54 Configuring mail settings......... 55 Changing the size limit for incoming messages 55 Preent automatic forwarding of messages.. 55 Specifying how Notes links display in the web client.............. 56 Configuring how long mail remains in the Trash folder............ 56 Deleting older email and meetings..... 57 Enabling the ActieX control for Internet Explorer users........... 59 Specifying an SMTP serer to route mail to the Internet............ 60 Preparing to use custom mail file templates.. 61 Handling execution security alerts caused by custom templates.......... 63 Configuring mail file templates....... 63 Using extension forms files to customize the look of the web client............ 64 Extension forms file requirements..... 66 Preparing customized mail file ACLs..... 68 Configuring email filters and reporting.... 69 Configuring email filters for inbound Internet mail............... 70 Enabling Junk Mail Reports....... 73 Customizing the text in Junk Mail Reports.. 74 Customizing the Remoe Sender from Junk List action for Notes users....... 76 Enabling the Report as Spam feature.... 79 Reporting spam without the Report as Spam feature.............. 82 iii
Enabling busytime details in calendars.... 82 Configuring instant messaging....... 83 Configuring the web client to connect to an on-premises Sametime community..... 85 Manually configuring Notes clients to connect to the serice instant messaging community. 87 Instant messaging features....... 89 Setting password expiration for Notes IDs... 90 Enabling password synchronization..... 92 Logging actiity in journal files....... 93 Downloading journal files....... 94 Format of the Notes mail journal file.... 95 Format of the Notes client session journal file 97 Configuring IMAP access......... 98 IMAP client limitations........ 99 Chapter 5. Onboarding users.... 101 Deciding whether to use the Notes client.... 101 Preparing for onboarding......... 102 Preparing for the web client....... 104 Preparing for Notes Traeler deices.... 106 Notes Traeler deice settings...... 107 Preparing for Notes clients........ 108 How the Client Configuration tool configures the Notes client........... 111 Downloading Notes client software and other entitled software.......... 112 Connecting to cloud Actiities through the Notes client sidebar......... 113 Preparing for IMAP clients........ 114 Preparing to use BlackBerry deices..... 114 Settings enforced for BlackBerry smartphones 116 Preparing communications and training... 117 Mail file quota............ 118 Mail file delegation.......... 118 Adding a SmartCloud Notes subscription to a user account............... 119 Forming a distinguished name...... 121 Checking user proisioning status...... 122 Helping users get started......... 124 Proiding account information to users.... 125 Getting started with the web client..... 126 Getting started with the Notes Traeler deices 127 Adding a Notes Traeler subscription to a user account............ 128 Remoing user accounts from on-premises Notes Traeler serers........ 129 Getting started with the Notes client.... 130 Getting started with IMAP clients..... 131 Getting started with BlackBerry deices... 132 Accepting the Research In Motion terms of use............... 132 Adding a BlackBerry subscription to a user account............. 132 Remoing user accounts from an on-premises BlackBerry Enterprise Serer...... 133 Actiating a user's BlackBerry smartphone 133 Ensuring that mail encryption is aailable for BlackBerry smartphone users...... 135 Proiding documentation to your BlackBerry smartphone users.......... 136 Chapter 6. Administering user accounts............. 137 Viewing assigned mail file templates..... 137 Language ersions of the standard mail file template.............. 138 Changing user mail file templates...... 139 Assigning extension forms files to users.... 140 Setting a default extension forms file.... 140 Explicitly assigning an extension forms file to many current users.......... 141 Explicitly assigning an extension forms file to indiidual current users......... 142 Resetting serice login passwords...... 143 Resetting passwords for Notes IDs...... 144 Changing a user name.......... 145 Remoing a SmartCloud Notes subscription from a user account.............. 147 Suspending a user account......... 149 Deleting a user account.......... 149 Restoring a deleted user account....... 151 Permanently deleting a user account..... 151 Remoing the SmartCloud Notes data for a deleted user account or subscription........ 153 Managing groups............ 154 Viewing subscriptions.......... 155 Viewing assigned subscriptions...... 155 Managing IBM Notes Traeler deices..... 156 Managing BlackBerry smartphones...... 158 Reactiating a user's BlackBerry smartphone 158 Wiping a user's BlackBerry smartphone if it is lost or stolen............ 160 Setting a deice password on a user's BlackBerry smartphone......... 161 Remoing a BlackBerry subscription from a user account.............. 162 Frequently asked questions about BlackBerry smartphone administration........ 162 Chapter 7. Troubleshooting the serice.............. 165 Finding troubleshooting tips in the Support Portal 165 Contacting Support........... 165 Chapter 8. Notices......... 167 Trademarks.............. 168 Priacy policy considerations........ 169 Index............... 171 i SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Chapter 1. Oeriew of SmartCloud Notes IBM SmartCloud Notes is a multi-tenant cloud mail serice. When you use the serice, administrators at IBM set up and maintain IBM Domino mail serers for you in the cloud on external IBM serers. The serice offers you the benefits of Domino mail serer security features and architecture without the mail serer maintenance oerhead. Using the following clients, users connect to the SmartCloud Notes serice oer the Internet to access their mail: Web client through a browser interface aailable at http://www.ibmcloud.com/ social; Notes; Mobile deices. Any combination of these clients can be used. At least one person at a company is designated as a company administrator. A company administrator has a user account with the Administrator role and is responsible for configuring the serice and administering user accounts. The SmartCloud Notes serice proides arious options that are designed to help you deploy the serice in a way that best satisfies your business needs. You can deploy the serice with the assistance of an IBM Software Serices for Collaboration representatie or a certified IBM Business Partner. Whether you choose this option depends on factors such as the type of SmartCloud Notes enironment you deploy and your in-house IT expertise and priorities. You can choose from a list of standard mail file templates that are aailable within the serice by default, or deelop a custom template for your company. You can deelop a custom template in-house or contract with an IBM or a third-party representatie to deelop the template. Approal of a custom template requires a short serice engagement with IBM Software Serices for Collaboration. A Notes Traeler subscription is aailable automatically. This subscription enables users to access the serice through supported mobile handheld deices. Note that the ultra-light mode of the web client supports the use of some mobile deices for no additional purchase. If you purchase a SmartCloud Notes for Hosted BlackBerry Serices subscription, users can access the serice through BlackBerry smartphones. To use BlackBerry 10 deices, use Notes Traeler instead. If you purchase the Connections Archie Essentials subscription, the content of user email can be captured and retained for later legal discoery. For more information about this serice, see the Using Connections Archie Essentials documentation. What's new in SmartCloud Notes The following features and enhancements are new in IBM SmartCloud Notes. 1
What's new for SmartCloud Notes administrators The following features are new for IBM SmartCloud Notes administrators. Administrators can restore deleted user accounts Administrators hae 30 days to restore user accounts after deleting them. The accounts are restored with complete functionality, including mail file access. Related tasks: Deleting a user account on page 149 When you delete a user's account, the user no longer has access to any cloud serices. If you change your mind about the deletion, you hae up to 30 days to restore the account to full functionality. Restoring a deleted user account on page 151 After you delete a user account, you hae up to 30 days to restore it if you change your mind. Restoring the account returns it to full functionality, including full mail file access. What's new for SmartCloud Notes users The following features are new for IBM SmartCloud Notes users. Initee status iewable by meeting chair on Notes Traeler deices Initee status display is now supported on Apple, BlackBerry 10, Windows Phone, Windows Tablet, and Android deices. The meeting chair can iew the status of each initee's response to the current ersion of the meeting. Possible statuses are accepted, tentatie, declined, and no response. Additionally, the Android client can show a status of delegated. More Windows deices are supported for Traeler IBM SmartCloud Notes Traeler users can now use Windows Phone and Windows Tablet (Windows Pro and Windows RT) deices with the serice. There is no need to install client software on these deices to use them with the serice. For deice requirements, see the SmartCloud Notes client requirements. Related information: SmartCloud Notes client requirements Using Notes Traeler documentation Notes Traeler 9.0.1.1 features are aailable The IBM Notes Traeler 9.0.1.1 client proides the following new features: Calendar improements for Android clients Local calendar information displays in IBM Notes Traeler calendar You can now add the information from your local deice calendars into your IBM Notes Calendar iew. Create calendar eents from mail messages You can now create a calendar eent while iewing mail, using the oerflow menu. Calendar eents created from mail messages will form with the initees populated with the message recipients, and the eent details information pre-filled with the content of the mail. 2 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Interface improements for Android clients Action bar The action bar is a mobile feature that identifies your location within IBM Notes Traeler, as well as proides action icons and naigation modes. Naigation drawer for mail The naigation drawer is a panel that slides in from the left of the screen to display IBM Notes Traeler's main naigation options. For mail, the naigation drawer displays your user account and mail folders (inbox, outbox, sent, and personal). The naigation drawer is only aailable from the parent list iew of a mail folder. Android Contacts application IBM Notes Traeler on Android now proides its own dedicated Contacts application, rather than utilizing the deice Contacts application. New mail item list layout with thumbnail photos The mail item list has been redesigned to make it easier to consume the sender, subject, and message body where applicable. If the screen is wide enough, a person thumbnail image displays using the sender's mail address to search for aailable photos, either from local contacts, IBM Notes Traeler contacts, or from the new Sametime Integration feature. New mail list selection mode A new selection mode oerlays a 'Contextual Action Bar' oer the existing action bar, showing the number of selected items. It also proides batch operations on the selected items, such as: Moe to Folder, Discard, Mark as Read, or Mark as Unread. Only the actions which are applicable to all selected items displays. Gesture actions for mail and contacts To quickly act on mail items in a list or take action on a contact, you can now swipe the item from right to left to display a list of action buttons without haing to open the mail or contact itself. Aailable on phones with Android 3.0 (Honeycomb) and aboe. Add to Contacts from mail When iewing a mail item, you can now add the sender to your contacts. Mail list person actions You can now tap a user photo from a mail message and see a list of possible actions to take with that person. The actions aailable depend on the information aailable for the person. If there is a mail address associated with the person, you can perform the following actions: View the person's IBM Connections Profile (only if IBM Connections mobile is installed) Chat with the person (only if IBM Sametime mobile chat is installed and connected) Mail the person (opens the Android mail selection dialog). If there is at least one phone number associated with the person, and your deice is a phone, you can also call and text the person directly. These options are only aailable where a person photo displays: mail, calendar and contacts. Notes Traeler 9.0.1.2 features are aailable The IBM Notes Traeler 9.0.1.2 client proides the following new features. Chapter 1. Oeriew of SmartCloud Notes 3
New reply options for mail messages in Android deices When replying to a mail message on Android deices, you can now choose to reply with or without message history and attachments. Add Notes Traeler contact from a phone number On Android phones that support the option, you can now choose to make a new Notes Traeler contact from a phone number. Setup improements for the Notes Traeler Android client When setting up a new IBM Notes Traeler Android 9.0.1.3 client, you are no longer required to type in your datacenter URL to connect to the serice. You are now automatically connected to the correct data center based on your login identity. Enhancements to supported email encoding standards for inbound internet mail IBM SmartCloud Notes web and IBM Notes Traeler clients now support the RFC 2231 standard for inbound Internet email. This standard proides email improements, including the correct display of attachment file names that are specified in character sets other than US-ASCII. The serice supports the new standard for incoming messages that are encoded to support RFC 2231. The RFC 2231 encoding is retained when a recipient replies to or forwards a message. The serice does not use the new encoding in new outbound messages. Accessibility IBM SmartCloud Notes Administration, the interface that is used to administer SmartCloud Notes, is accessible. The ersion of this documentation that is in the Knowledge Center is accessible. All OS leel keystrokes for accessibility are recognized. For the best accessibility experience, use a ersion of Mozilla Firefox supported by the serice and the latest ersion of the JAWS screen reader. See the IBM Human Ability and Accessibility Center for more information about the commitment that IBM has to accessibility. Related tasks: Enabling the accessible experience for the web client on page 29 You can submit a request to enable the accessible experience for the web client for eeryone in your organization. Mail, Calendar, Contacts, and Preferences features proided with this experience are all accessible. Related information: System Requirements Knowledge Center documentation 4 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Using SmartCloud Notes in a serice-only enironment When you deploy IBM SmartCloud Notes as a serice-only enironment, there is no integration with on-premises IBM Domino mail serers at a company site. IBM administrators administer and maintain the mail serers, and company administrators perform user management tasks through an administration interface accessed through http://www.ibmcloud.com/social. The following illustration depicts Herb Medway and Allie Singh, employees of the fictional company ZetaBank, accessing their mail serers in the serice, Mail1/ZetaBank and Mail2/ZetaBank. It also depicts their company administrator accessing the serice. An IBM representatie can configure your SmartCloud Notes account settings, or you can do this yourself. Configuring account settings inoles supplying the following information to the serice: an Internet domain that is owned by your company and used for Internet mail, a name for your organization, and a base name for your mail serers. After your account is set up, you can add additional Internet domains for use with serice, if you own more than one domain. After your company's account settings are configured, an IBM Customer Serice Representatie creates accounts for your existing users to moe them to the serice. Chapter 1. Oeriew of SmartCloud Notes 5
After your existing users hae moed to the serice, company administrators perform user management tasks such as the following ones through the web Administration interface on the Connections Cloud website at http://www.ibmcloud.com/social: Adding and deleting users Adding and managing mail list groups Resetting passwords Selecting mail file templates Configuring mail settings to limit incoming message size or remoe older messages Managing mobile deices SmartCloud Notes clients Managing instant messaging IBM SmartCloud Notes clients proide mail, personal Information Management features such as calendars, contacts, and to do lists, and with some clients, integrated collaboration features, such as embedded chat. Web client The IBM SmartCloud Notes web client proides access to mail serers through a browser. The web client is a hosted mail client; there is no client for users to install. Users simply log on to http://www.ibmcloud.com/social using their serice login email address and password. The serice authenticates the client and then the client is redirected to the mail file in the serice. User can access the web client in either of these ways: On a computer -- after logging on, users click Mail. On a mobile deice -- users point the browser on the deice to the serice, and then log on to the ultra-light mode. Users need a subscription for either SmartCloud Notes or SmartCloud Notes Entry to use the web client. Each subscription proides a full mail client with mail, calendar, and contacts, as well as to do and notebook applications. Each subscription proides access to the serice through either full or ultra-light mode. Full mode -- The full mode offers the widest range of features including mail, contacts, calendar and scheduling, as well as notebook and to do tasks. Ultra-light mode -- The ultra-light mode is aailable at no extra cost on a mobile deice, and on a personal computer. There is no additional setup or client install on the mobile deice required. Users simply point their deice browser to https://www.collabser.com to access their mail. The ultra-light mode supports Android, as well as Apple iphone, ipod Touch, and ipad deices. See the client requirements for details on the supported leels of deice operating systems. Decide which web client subscription best fits your needs. The SmartCloud Notes Entry subscription includes many of the same features that are aailable with the standard SmartCloud Notes subscription, but with the following limitations: Users are proisioned with a new mail file. There is no data migration of an existing mail file. Users cannot access mail using either the Notes client or an IMAP client. Users cannot access mail using Blackberry smartphones. 6 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
User mail files hae a 1 GB quota. For a list of browsers supported for use with the web client, see the client requirements. Related tasks: Preparing for the web client on page 104 Before you proision users who will access IBM SmartCloud Notes using the web client, prepare for the web client. Related information: SmartCloud Notes client requirements Using the web client Traeler deices A Notes Traeler subscription supports Apple, Android, Windows Phone and Windows Tablets, Windows Mobile, and BlackBerry 10 deices. See the deice requirements for details on the supported leels of deice operating systems. To get started, users perform simple steps to install and configure Notes Traeler on their deices using the installation and configuration information in the SmartCloud Notes product documentation for their specific deice. Related tasks: Preparing for Notes Traeler deices on page 106 Before enabling users to use IBM Notes Traeler mobile deices with the serice, prepare your enironment and the deices. Related information: Notes Traeler deice requirements Using Notes Traeler Notes client Use of the IBM Notes to connect to the serice is optional. A IBM SmartCloud Notes subscription entitles you to the Notes client license. Users who access mail by using a Notes client can take adantage of the many collaboration features that are aailable through the client. As with the web client, the Notes client proides mail, calendar, and contacts, as well as to do and notebook applications. You can manage your Inbox using full-text search, delegation, mail filtering and sorting, conersation iews, and flags. The following features and applications are also aailable to you when you use the Notes client. Actiities - Beginning with Notes 8.5.2, if your organization has a collaboration subscription, then the sidebar is automatically configured to access Actiities in the serice without further authentication. IBM Sametime - Use the embedded Sametime client to manage instant messaging contacts and initiate chats. RSS feeds - Subscribe to RSS feeds that display in the sidebar. Keep the following in mind if your users will use the Notes client: Chapter 1. Oeriew of SmartCloud Notes 7
SmartCloud Notes supports only the standard configuration of Notes, and not the basic configuration. You should decide which supported ersion of the client to use in your enironment. See the SmartCloud Notes client requirements for information on supported ersions. Related tasks: Preparing for Notes clients on page 108 Use of the IBM Notes client to connect to the serice is optional. If you want your users to use the Notes client, understand the steps to prepare. Related information: SmartCloud Notes client requirements Using Notes IMAP client If you enable IMAP access, users can configure third-party email clients to access mail in the serice. The following IMAP clients are supported: Apple email Microsoft Outlook 2003, 2007 Thunderbird There is no additional charge or subscription required to use IMAP clients. Related tasks: Preparing for IMAP clients on page 114 If you plan to use IMAP clients, complete these tasks to prepare. BlackBerry deices with a Hosted BlackBerry Serices subscription If your company has an IBM SmartCloud Notes for Hosted BlackBerry Serices subscription, users can use BlackBerry smartphones to access mail and personal information management features. IBM administrators set up and maintain BlackBerry Enterprise Serers for you on sites that they manage. The Blackberry subscription proides the following features: Mail, Calendar, Task, To Do, and Contact applications Corporate directory lookup Smartphone management through http://www.ibmcloud.com/social. This subscription does not support BlackBerry 10 deices. Those deices are supported by IBM Notes Traeler. Related tasks: Preparing to use BlackBerry deices on page 114 If you plan to use BlackBerry deices that are supported by a Hosted BlackBerry Serices subscription, complete these tasks to prepare. 8 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Feature differences between Notes and Domino and the SmartCloud Notes serice Some features in IBM Notes, IBM inotes, and IBM Domino are unaailable or hae limitations within the IBM SmartCloud Notes serice. For an explanation of the differences, see the following article in the IBM Connections Cloud wiki: Feature differences between Notes and Domino and the SmartCloud Notes serice. Frequently asked questions about administering the serice The following table proides answers to questions frequently asked about the tasks that company administrators perform in a IBM SmartCloud Notes enironment. Table 1. Frequently asked questions about administering SmartCloud Notes Question Answer Do company administrators hae access to user mail files? Do mail files hae a size limit? By default, administrators do not hae access to user mail files. Howeer, new users can be proisioned with mail files that hae customized access control lists (ACLs). In addition, the mail delegation feature can be used to delegate management of a mail file to an administrator or to a group of administrators. For more information, see Preparing customized mail file ACLs on page 68 and Mail file delegation on page 118. Currently a size limit (quota) of 25 GB is enforced on the mail files of users who were proisioned before Noember 22, 2014; the mail file size limit of users who are proisioned after this date is 50 GB. An exception is the mail files of SmartCloud Notes Entry users, whose mail files hae a 1 GB limit. What options are aailable for managing mail file size? Can we use a customized mail file template? For more information, see Mail file quota on page 118. Company administrators can manage the size of mail files by setting limits on the size of incoming messages. Additionally, they can specify how long mail remains in mail files by enabling automatic mail deletion for older mail. For more information, see Configuring mail settings on page 55. Yes, company administrators can apply a customized template to user mail files. This is done through SmartCloud Notes Administration. The template must meet specific design requirements. A representatie of IBM Software Serices for Collaboration must approe it as part of a short consulting serices engagement. For more information, see Preparing to use custom mail file templates on page 61. Chapter 1. Oeriew of SmartCloud Notes 9
Table 1. Frequently asked questions about administering SmartCloud Notes (continued) Question Answer Can users create local replicas of their mail files? IBM Notes users can create local replicas of their mail files and schedule replication between the local replicas and the serer replicas. Local replicas are useful in a serice-only enironment to proide offline access to mail files. Are company administrators responsible for mail database maintenance? How does a company administrator change a Notes user's hierarchical name? How do I reset a user's password? For more information about creating local replicas, see Getting started with replication in the Notes documentation. No, compacting and other mail database maintenance tasks are handled within the serice for you. In a serice-only enironment, company administrators change the Notes hierarchical name, as well as the serice login name, by editing the serice user account. For more information, see Changing a user name on page 145. There are two passwords. One is the serice login password that is used to log on to the IBM Connections Cloud website at http://www.ibmcloud.com/social. Another is the Notes ID password used to log in to mail serers through Notes. Reset the serice login password through the serice user account. Reset the Notes ID password through the SmartCloud Notes Administration. For more information, see Resetting serice login passwords on page 30 and Resetting passwords for Notes IDs on page 31 Information resources The following information resources are aailable for IBM SmartCloud Notes. Be sure to use these resources to keep up-to-date on technical content, known issues, and product news. Table 2. Information resources for SmartCloud Notes Resource Description IBM Connections Cloud wiki The wiki proides the following information: Known issues and troubleshooting information Getting started information Technical articles by IBM employees and other community members Links to other resources such as courseware and multi-media content 10 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 2. Information resources for SmartCloud Notes (continued) Resource Description SmartCloud Notes known issues This wiki article links to a comprehensie list of SmartCloud Notes technotes on the Support site. These technotes describe known issues and workarounds. The article also links to technotes about the Notes client. SmartCloud Notes Fix List This page shows a chronological list of fixes made to the SmartCloud Notes serice. SmartCloud Notes Support newsletter This newsletter highlights important technotes and new technical articles and courseware. To receie automatic notification when a new edition of this newsletter is aailable, add SmartCloud Notes to your My Notifications subscription and include the Product information and publications document type in your subscription. My Notifications from SmartCloud Notes Support Support page My Notifications enables you to receie daily or weekly announcements through e-mail, custom Web pages and RSS feeds. These customizable communications can contain important news, new or updated support content, such as publications, hints and tips, technical notes, product flashes (alerts). Click Support > Technical Support from this page for information about how to contact SmartCloud Notes Support. Chapter 1. Oeriew of SmartCloud Notes 11
12 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Chapter 2. Planning to deploy the serice To plan for the IBM SmartCloud Notes serice, understand the features it offers, the deployment options that are aailable, and the planning considerations. Planning security and the network Answer the questions described in this topic to decide about security and network connections. About this task Table 3. Security and network planning questions Question Considerations What process does your company use to make network changes? Does your network hae sufficient bandwidth and Internet connectiity? Your company might hae a reiew and approal process for making the network changes required by the serice. Ensure that you understand the process and allow time to implement the required changes. Clients connecting to mail files in the serice increases network traffic to the Internet. It is important to assess whether your current network has sufficient bandwidth and Internet connectiity to handle the increased traffic. You may need to work with your Internet Serice Proider to increase network bandwidth before you proision users for the serice. For information, see the topics Network capacity for the web client on page 14 and Network capacity for the Notes client on page 14. Will you use federated identity management? Federated identity management allows users who are logged on to a company system to connect to the serice with the web client without logging on again. To enable federated identity management, register your organization as a trusted identity proider in the IBM Connections Cloud serice. Before you register, implement and test a federated identity management system that uses Security Assertion Markup Language (SAML). While you are implementing your system, you make some choices and prepare seeral artifacts. For more information on this option and other login options, see Configuring logins on page 30. 13
Table 3. Security and network planning questions (continued) Question Considerations What firewall changes are required? Your firewall must allow outbound connections to specific ports and destination host names within the serice. The settings required depend on the clients that are used with the serice. For more information, see Configuring the firewall for outbound connections on page 17. Do you use a forward proxy to control user access to the Internet? If so, you must allow network traffic to pass transparently through the proxy oer port 1352 (NRPC), if you use Notes clients, as well as port 443 (HTTPS) for browser clients. Network capacity for the web client Before using the web client, hae an understanding of the approximate network capacity that your Internet Serice Proider will need to proide to support connections from the web clients to the serice. Use the following formula as a general guideline only: number_of_clients x 2.5 Kbps where number_of_clients is the expected number of web clients and 2.5 Kbps is the aerage network kilobits per second required for each client to connect to the serice. This formula assumes an aerage leel of client actiity based on IBM Domino mail benchmarks for serer-based mail files. Your actual network capacity requirements will depend on the client usage patterns in your enironment. Network capacity for the Notes client Before configuring Notes clients to connect to the serice, hae an understanding of the approximate network capacity that your Internet Serice Proider must proide to support those connections. Use the following formula as a general guideline only: number_of_clients x 3.1 Kbps where number_of_clients is the number of Notes clients used and 3.1 Kbps is the aerage network kilobits per second required for each client. This formula assumes an aerage leel of client actiity based on IBM Domino mail benchmarks for serer-based mail files. Your actual network capacity requirements will depend on the client usage patterns in your enironment. 14 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Planning mail routing and mail settings Answer the questions in this topic to help you make decisions about Internet mail routing and mail settings. Table 4. Mail routing and mail settings questions Question Considerations What Internet domains do you own and use for Internet email addresses? Do you use domain aliases so that users can receie email addressed to more than one Internet domain? When users send mail to external users on the Internet, do you want to use an on-premises SMTP serer to route the mail? When external users on the Internet address mail to your users, do you want to use an on-premises SMTP serer to route the mail serice? If the serice handles routing inbound Internet mail, do you want apply filters to the inbound mail? Do you want to use any of the optional mail settings the serice proides? As part of serice configuration, you erify ownership of your company Internet domains. Verification inoles creating a CNAME record in your domain DNS record. If you do not hae access to the DNS record, you should allow time for your Internet Serice Proider (ISP) to create the required CNAME record for you. For more information, see Configuring Internet domains on page 27. The serice does not support domain aliases in a serice-only enironment. A user in the serice can hae only one Internet email address. By default, the serice handles routing outbound mail that users address to the Internet. You can use a company-controlled SMTP serer to route the mail, instead. When you use your own serer, you can perform actions such as filtering and auditing before routing the mail. For more information, see the topic Preparing to use a company SMTP serer to route outbound Internet mail on page 20. By default, an SMTP serer in the serice handles routing inbound mail from the Internet that is addressed to your users. You can instead use a company-controlled SMTP serer to accept the mail and route it to user mail serers in the serice. For more information, see the topic Preparing to use a company SMTP serer to route inbound Internet mail on page 19 You can create filters to allow or block Internet email sent from specific domains or addresses. For more information, see Configuring email filters for inbound Internet mail on page 70 You can limit the size of incoming messages, preent auto-forwarding of external messages, customize the display of Notes document links in web client mail, configure mail retention in the trash folder, and control the deletion of older email. For more information, see Configuring mail settings on page 55 Chapter 2. Planning to deploy the serice 15
16 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Chapter 3. Preparing for the serice Preparing the firewall After you hae planned for a serice-only enironment, perform the steps in this section to prepare your enironment. Related tasks: Chapter 2, Planning to deploy the serice, on page 13 To plan for the IBM SmartCloud Notes serice, understand the features it offers, the deployment options that are aailable, and the planning considerations. Configure the corporate firewall to allow connections to and from the serice. About this task When configuring the firewall, specify the host names as described to minimize the risk of network attacks from the Internet. The risk of attack increases if you relax the host name rules. Configuring the firewall for inbound connections Configure firewall settings that allow the serice to connect to a company SMTP host serer. These settings are required only if you plan to use a company serer to route mail that serice users address to the Internet. About this task Table 5. Firewall settings to allow the serice to connect to an SMTP host serer Protocol Port Source Target SMTP 25 The IBM SmartCloud Notes addresses generated by the outer firewall of the serice. Contact your IBM Customer Serice Representatie for this information. Optional SMTP host that routes mail to the Internet. The host is specified in SmartCloud Notes Administration at Account Settings > Email Management > Manage Routing to External Internet Domains. Configuring the firewall for outbound connections Configure the firewall to allow outbound connections to the serice. About this task The following table describes the firewall settings required to allow connections from on-premises serers and clients to specific hosts in the serice. You can substitute *.collabser.com for the host names to represent all hosts in the serice. If your current firewall settings reference the original serice domain name, lotuslie.com, retain those settings and add the settings described in the table. 17
In addition to allowing connections oer HTTPS port 443, you can allow connections oer HTTP 80. If you do, connections oer HTTP are redirected to HTTPS. Table 6. Firewall settings for outbound connections Protocol Port Host name NRPC 1352 North American data center: notes.na.collabser.com Asia Pacific data center: notes.ap.collabser.com European data center: notes.ce.collabser.com HTTPS 443 North American data center: notes.na.collabser.com mail.notes.na.collabser.com Asia Pacific data center: notes.ap.collabser.com mail.notes.ap.collabser.com European data center: notes.ce.collabser.com mail.notes.ce.collabser.com HTTPS 443 North American data center: admin.notes.na.collabser.com Asia Pacific data center: admin.notes.ap.collabser.com European data center: admin.notes.ce.collabser.com HTTPS 443 North American data center: traeler.notes.na.collabser.com apps.na.collabser.com Asia Pacific data center : traeler.notes.ap.collabser.com apps.ap.collabser.com European data center: traeler.notes.ce.collabser.com apps.ce.collabser.com IMAP 993 North American data center: imap.notes.na.collabser.com Asia Pacific data center: imap.notes.ap.collabser.com European data center: imap.notes.ce.collabser.com IMAP 465 North American data center: submit.notes.na.collabser.com Asia Pacific data center: submit.notes.ap.collabser.com European data center: submit.notes.ce.collabser.com VP (Virtual Places - used for instant messaging) 1533 North American data center: im.na.collabser.com Asia Pacific data center: im.ap.collabser.com European data center: im.ce.collabser.com Applicable serer or client Domino serers IBM Notes clients IBM SmartCloud Notes web Web browser access to SmartCloud Notes Administration IBM Notes Traeler deices accessing the serice ia WiFi IMAP clients (receiing mail) IMAP clients (sending mail) IBM Notes clients that connect to the instant messaging community in the serice 18 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 6. Firewall settings for outbound connections (continued) Protocol Port Host name VP (Virtual Places - used for instant messaging) 1533 North American data center: webchat.na.collabser.com Asia Pacific data center: webchat.ap.collabser.com European data center: webchat.ce.collabser.com SMTP 25 North American data center: smtp.notes.na.collabser.com Asia Pacific data center: smtp.notes.ap.collabser.com European data center: smtp.notes.ce.collabser.com FTP PASV (FTP) 990 60000-61000 North American data center: ftp.notes.na.collabser.com Asia Pacific data center: ftp.notes.ap.collabser.com European data center: ftp.notes.ce.collabser.com Applicable serer or client IBM SmartCloud Notes web clients that connect to the instant messaging community in the serice SMTP serers that route Internet mail to serice users Temporary requirement for clients that transfer mail files to the serice oer FTP FTP PASV (FTP) 990 60000-61000 North American data center: ftp.na.collabser.com Asia Pacific data center: ftp.ap.collabser.com European data center: ftp.ce.collabser.com Hybrid enironments only Client that downloads journal files Preparing to use company SMTP serers for Internet mail routing By default, the serice handles inbound and outbound Internet mail routing. You can prepare for company SMTP serers to route Internet mail, instead. About this task You can prepare company SMTP serers to route outbound Internet mail only, to route inbound Internet mail only, or to route both outbound and inbound Internet mail. Preparing to use a company SMTP serer to route inbound Internet mail By default, when external users send mail to serice users oer the Internet, an SMTP serer in the serice handles routing the mail to the serice users. You can use a company SMTP serer to route this mail, instead. Chapter 3. Preparing for the serice 19
About this task If you use a company SMTP serer to route Internet mail to your users, you are responsible for filtering the mail for iruses and SPAM. Do not perform this procedure if you want the serice to route Internet mail to your users. Procedure 1. Configure the company SMTP serer to accept mail for each Internet domain that contains serice users. 2. Configure mail addressed to serice users to be routed to one of the following SMTP hosts in the serice: If you use the United States data center: smtp.notes.na.collabser.com If you use the Asia Pacific data center: smtp.notes.ap.collabser.com 3. Configure the corporate firewall to allow outbound connections oer port 25 to the SMTP host that you specified in the preious step. What to do next When you configure the serice, skip the procedure that describes configuring the domain MX record to delier mail to the serice. That procedure is not necessary when you continue to use a company SMTP serer for inbound Internet routing. Related tasks: Configuring the MX record for a domain on page 28 After you erify ownership of the domain, configure your domain MX record to delier mail to the serice. Preparing to use a company SMTP serer to route outbound Internet mail You can configure a company SMTP host serer to route mail that serice users send to external users. About this task Skip this procedure if you want the serice to handle routing the mail that is sent to external users. In this case (default behaior), the serice filters the messages for irus and spam before routing them to the Internet. By using a company SMTP host serer for external routing, you can act on messages before routing them, for example, filter or audit messages. When you use this feature, the serice filters messages for iruses and spam and then routes them directly to your designated SMTP host serer. Messages addressed to any domain that is not an internal, serice-erified domain are routed to the SMTP host serer. The serice uses Transport Layer Security (TLS) to route mail to the SMTP host serer if the host serer uses TLS. The connection is made using STARTTLS oer SSL TCP/IP port 25. Procedure 1. Configure your SMTP host serer to accept mail from one of the following SMTP host serers in the serice: If you use the United States data center: smtp.notes.na.collabser.com 20 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
If you use the Asia Pacific data center: smtp.notes.ap.collabser.com If you use the European data center: smtp.notes.ce.collabser.com For more information on this step if you use a Domino SMTP serer, see the topic about enabling a serer to receie mail sent oer SMTP routing in the Domino documentation. 2. Configure the corporate firewall to allow inbound connections oer port 25 from the serice SMTP host serer specified in the preious step. For more information, see the topic Configuring the firewall for inbound connections on page 17. 3. If specifying a maximum message size, configure your SMTP host serer to accept messages up to 100 MB in size, the maximum message size allowed by the serice. For more information on this step if you use a Domino SMTP serer, see the topic about restricting mail routing based on message size in the Domino documentation. 4. Configure your SMTP host serer to relay mail to external Internet domains. For more information on this step if you use a Domino SMTP serer, see the topic about setting inbound relay controls in the Domino documentation. 5. Configure your SMTP host serer to route mail to the Internet. For more information on this step if you use a Domino SMTP serer, see the topic about setting up SMTP routing to external Internet domains in the Domino documentation. What to do next When you complete the serice configuration, perform the procedure Specifying an SMTP serer to route mail to the Internet on page 60. Related concepts: Example: Routing mail from a serice user to an external user using a company SMTP host This example illustrates how mail is routed from a serice user to an external user on the Internet when a company SMTP serer routes the mail. Example: Routing mail from a serice user to an external user using a serice SMTP host on page 22 This example illustrates how mail is routed from a serice user to an external user on the Internet when the serice manages the routing. Related information: Domino documentation Example: Routing mail from a serice user to an external user using a company SMTP host This example illustrates how mail is routed from a serice user to an external user on the Internet when a company SMTP serer routes the mail. In this example: The external user is in the zetabank.com domain. The external SMTP serer is smtp.zetabank.com. The on-premises SMTP serer is smtp.renoations.com. The serice user is in the renoations.com domain. The serice user s mail serer is Mail1/Renoations. Chapter 3. Preparing for the serice 21
When the serice user addresses mail to the external user in the zetabank.com domain, the following steps are taken to route the mail. 1. The serice user s mail serer, Mail1/Renoations, routes the mail to an SMTP serer in the serice. 2. The SMTP serer in the serice routes the mail to a mail hygiene serer in the serice. 3. The mail hygiene serer in the serice scans the mail for iruses and spam and then routes the mail to the on-premises SMTP serer, smtp.renoations.com. 4. The on-premises SMTP serer, smtp.renoations.com, filters and audits the mail, and then routes the mail to the external SMTP serer, smtp.zetabank.com.. Company-controlled SMTP serer routing mail from a serice user to an external user Example: Routing mail from a serice user to an external user using a serice SMTP host This example illustrates how mail is routed from a serice user to an external user on the Internet when the serice manages the routing. 22 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
In this example: The external user is in the zetabank.com domain. The external SMTP serer is smtp.zetabank.com. The serice user is in the renoations.com Internet domain. The serice user s mail serer is Mail1/Renoations. When the serice user sends mail to the external user in the zetabank.com domain, the following steps occur to route the mail. 1. The serice user s mail serer, Mail1/Renoations, routes the mail to an SMTP serer in the serice. 2. The SMTP serer in the serice routes the mail to a mail hygiene serer in the serice. 3. The mail hygiene serer scans the mail for iruses and spam and then routes the mail to the external SMTP serer, smtp.zetabank.com, oer the Internet.. Serice routing mail from a serice user to an external user Chapter 3. Preparing for the serice 23
24 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Chapter 4. Configuring the serice After you hae prepared your enironment for the serice, perform the steps in this section to configure the serice. Related tasks: Chapter 3, Preparing for the serice, on page 17 After you hae planned for a serice-only enironment, perform the steps in this section to prepare your enironment. Logging on as the first company administrator An IBM Customer Serice Representatie creates the IBM SmartCloud Notes account for your company. This step creates a company administrator account under a name and email address proided by your company. IBM sends an email to the address confirming your purchase. To actiate the account for your company, follow the URL link in this email and log on to the IBM Connections Cloud website as the company administrator. About this task Perform the following steps to actiate the account for your company and log on as the first company administrator. Procedure 1. Open the email that was sent to the company administrator email address confirming your purchase. 2. Click the URL link in the email, to open the Registration page. 3. Perform the following steps on the Registration page: a. Create and confirm a serice logon password. Important: The email address that is shown is the logon name for the company administrator account. Be sure to remember it and the new password. b. Select a country, language, and time zone. c. Read the terms of use and priacy practices information, and if you agree to them, click I accept the Terms of Use. d. Click Submit. e. Log on using the company administrator email logon and new password. Results You are now logged on to your home page. To log on in the future, go to http://www.ibmcloud.com/social. What to do next Configure the SmartCloud Notes serice, if IBM is not configuring it for you. 25
Configuring your account settings To set up the serice for your company, a company administrator or your IBM Customer Serice Representatie configures your company account settings. Before you begin Make sure that IBM has created the SmartCloud Notes account for your company and that you hae actiated it by logging on to the serice as the first company administrator. About this task Perform the following steps if you are a company administrator and want to configure account settings. Procedure 1. Log on to http://www.ibmcloud.com/social as a company administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Make sure the Hybrid Enironment option is not selected, and then click Set Up My Account. 5. In the next window, click Continue to confirm that you do not want to integrate the serice with on-premises IBM Domino serers. Note: If you are unsure, click Back. After you press Continue, changing your account type requires the assistance of your IBM Customer Serice Representatie. 6. Click Begin Setup. 7. In the Tell us your Internet domain name window, proide a alid Internet domain name that your company owns and uses for Internet mail, for example, renoations.com, then click Next. 8. In the Choose your organization name window, proide a name for your organization that is at least six characters. The name becomes part of your Notes user names and is usually your company name. Use a short organization name for ease of use, for example, Renoations rather than Renoations Incorporated. Click Next. 9. In the Choose your mail serer base name window, proide a base with which to begin the names of your mail serers. A number is added to the base so that your serers are numbered sequentially, for example, Mail1/SCN/Renoations, Mail2/SCN/Renoations. Do not specify a number as part of the base. Click Next. 10. Verify your selections and, when you are satisfied with them, click Actiate My Account. What to do next When you are done configuring account settings, complete the tasks in the order shown. Serice users can receie mail addressed to this domain only after the tasks are completed. Verifying ownership of a domain on page 27 Configuring the MX record for a domain on page 28 26 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Configuring Internet domains To enable users to receie mail addressed to an Internet domain, first erify ownership of the domain, and then configure an MX record for the domain. Verifying ownership of a domain Internet domain name erification is a standard industry practice among domain hosting serices to confirm domain name ownership and to preent abuse of user accounts. You need to erify only the domain names that correspond to Internet addresses of users that you are proisioning. About this task There are different methods to erify domain names. The serice uses a CNAME record for this purpose by requiring you to create a CNAME record to proe ownership. Your domain hosting serice should proide instructions for creating a CNAME record; howeer, if they do not, contact them directly. A CNAME record is an entry in the Domain Name System that is used to define a host name alias for an Internet domain. To proe ownership of a domain, you sign in to your domain hosting serice and use the DNS Management settings to create a temporary CNAME record for the domain. Then the serice uses the alias in the CNAME record to query your domain. A successful query proes that you were able to create the CNAME record and therefore that you own the domain. If you do not hae the authority to create a CNAME record for your domain, extra time may be required to contact your domain hosting serice and hae them create the record for you. Verifying a root domain also erifies any subdomains of it that are listed. For example, erifying renoations.com erifies west.renoations.com if listed in the Internet Domain Verification window. After you erify a root domain, no other company can use it or any subdomain of it. You can perform this procedure een if you are in the process of switching domain hosting serices. Perform the following steps to erify ownership. Users cannot receie mail addressed to this domain until ownership is erified. For additional information, see the exercise about erifying ownership of your domain in the IBM SmartCloud Notes in a serice-only enironment on-line training course. Procedure 1. Log on to http://www.ibmcloud.com/social using the email address and password of a user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. In the naigation pane, click Internet Domain Verification. 5. In the Internet Domain Verification window, click Verify Ownership next to the domain to erify. Chapter 4. Configuring the serice 27
6. Sign in to your domain hosting serice and use the DNS management settings to create a new CNAME record. Use the information that is shown in the Internet Domain Verification window to create the CNAME record. Put the unique key that is shown into the first field of the CNAME record. The name of this field aries by endor, but it is sometimes named prefix or alias. Put collabser.com into the second field of the CNAME record. This field is sometimes named destination or target host. 7. After you create the CNAME record, click Begin Verification to begin erification of the domain. The unique key continues to be shown in the Internet Domain Verification window until erification completes successfully. Results To erify domain ownership, the serice uses the alias in the CNAME record to query your domain. For example, if the CNAME key is domino-1jkkiaojd-rules and your domain name is renoations.com, the serice queries domino-1jkkiaojd-rules.renoations.com. If erification is not successful, check that the unique key shown exactly matches the one added to the CNAME record. If the alues are different, do not restart erification. Rather, update the CNAME record with the correct key and simply wait again for erification to complete. Domain erification can take up to 48 hours, although usually it takes much less time. If after 48 hours domain erification has not completed, click Restart Verification. Restarting erification generates a new unique key and you must then replace the old key with the new key in the CNAME record. Only restart erification if 48 hours hae passed since you clicked Begin Verification. After a domain is erified, you can remoe the CNAME record you created. What to do next Next, complete the task Configuring the MX record for the domain. Configuring the MX record for a domain After you erify ownership of the domain, configure your domain MX record to delier mail to the serice. About this task A Mail exchange (MX) record identifies an SMTP host to which mail for a domain is sent. To enable your serice users to receie email addressed to the erified domain, edit or create an MX record. Configure the MX record to point to the IBM SmartCloud Notes SMTP host name. If this domain is new, create an MX record for it. Contact your domain proider for information about the steps required to create or edit MX records. When you configure the MX record, specify one of the following SMTP host names, depending on the data center that you use. If you use the United States data center, specify smtp.notes.na.collabser.com. If you use the Asia Pacific data center, specify smtp.notes.ap.collabser.com. 28 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
If you use the European data center, specify smtp.notes.ce.collabser.com. Delete any MX records used preiously for the domain. What to do next Next, Customize settings. Configuring additional Internet domains for the serice to use When you configured your company account settings, you proided the name of one domain to use for routing Internet mail to your users. If you own additional Internet domains, you can configure the serice to use them too. Customizing settings Procedure 1. Log on to http://www.ibmcloud.com/social using the email address and password of a user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Internet Domains. 5. Click Add Internet Domain, type the domain name, for example, renoations2.com, and click Sae. Note: If necessary, you can edit or delete a domain you added preiously. What to do next Next, erify ownership of the domain. After you configure account settings and Internet domains, optionally customize settings in the serice to suit your needs. Enabling the accessible experience for the web client You can submit a request to enable the accessible experience for the web client for eeryone in your organization. Mail, Calendar, Contacts, and Preferences features proided with this experience are all accessible. About this task Accessibility features help users who hae a disability, such as restricted mobility or limited ision, to use information technology products successfully. Another accessible experience for the web client is the desktop ultra-light mode. For more information on this mode, see the topic about web client accessibility features in the user documentation. Both accessible experiences are supported on a computer using Mozilla Firefox 24+ ESR or higher. See the IBM Human Ability and Accessibility Center for more information about the commitment that IBM has to accessibility. Chapter 4. Configuring the serice 29
Procedure To enable the accessible experience for the web client for all users in your organization, contact Support. Related information: Web client accessibility features Support Configuring logins Reset passwords, manage password expiration periods, set up federated identity management, restrict logins to an IP range, and enable application passwords. Resetting serice login passwords Users can reset their own serice login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset serice login passwords for any user at any time. About this task Reset passwords when userd forget their passwords, or when the password might be compromised. Users that log in by clicking Use My Organization's Login are using a federated identity and can reset their passwords only by following their company's process. If administrators enable password synchronization, when users change their serice login passwords, they can also use the new passwords to log in to the IBM Notes client. Follow these steps to reset any user's password: Procedure 1. Click Administration > Manage Organization. 2. Click User Accounts. 3. Select the arrow next to the user that needs the password changed. 4. Select Reset password and enter the new password. This password is a temporary password that the user enters the next time that they log in. At that time, the user is asked to create a password. You can also reset the password by editing the user account. Click the appropriate user name in User Accounts and enter a new password in the Account Login tab. 5. Notify the user of the password change. The user is not automatically notified that the password was reset. Make sure to communicate this change to the user, along with the new password if needed. What to do next Administrators can enable security settings to enforce password expiration through System Settings > Security. When s user logs in with an expired password, the user is prompted to reset that password. 30 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Setting serice login password expiration By default, serice login passwords do not expire. Enforcing a password expiration period helps ensure that passwords are changed frequently. Administrators can set a password expiration interal for all users. Procedure 1. Click Administration > Manage Organization 2. Click Security. 3. Click Edit Settings in the Password Settings section. Select the number of days before a password expires, how the password can be reset, and add password reset support for your users. Managing Notes IDs You can reset Notes ID passwords, set Notes ID password expiration, and synchronize Notes ID passwords with serice login passwords. Resetting passwords for Notes IDs: Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. About this task This procedure applies only to passwords associated with Notes ID files used with Notes clients, and not to serice login passwords. Procedure 1. Log on to http://www.ibmcloud.com/social using the e-mail address and password of a SmartCloud Notes user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. In the Search box, type the beginning characters of any of the following user alues to display the user's name: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. Chapter 4. Configuring the serice 31
6. Click the user's name in the search results. 7. Under Aailable actions for this user, click Reset IBM Notes Password. 8. Enter a new password, and then click Sae Changes. The password must be at least eight characters in length. 9. Proide the new password to the user in a way that complies with your company security policies. Results After you complete this procedure, the user can log on to a SmartCloud Notes serer from an IBM Notes client using the new password. After logging on with the new password, the user is prompted to change the password. Note: If the Wrong Password prompt is displayed, tell the user to re-enter the new password that you proided. If that step does not sole the problem, tell the user to delete the local ID file and then re-enter the password. The user has fie days from the time you reset a password to use the password to log on to a SmartCloud Notes mail serer and download the new password to the Notes client. If the 5-day limit is exceeded, the user sees the following message and you must reset the password again: Contact your company administrator to hae your Notes ID password reset. Related concepts: Notes IDs and passwords on page 35 When users connect to their mail serers in the cloud with IBM Notes clients and Notes IDs, they are authenticated using Notes Remote Procedure Call (NRPC) authentication. Related tasks: Resetting serice login passwords on page 30 Users can reset their own serice login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset serice login passwords for any user at any time. Setting password expiration for Notes IDs For users who access the serice with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. Enabling password synchronization on page 33 When users change their serice login passwords, password synchronization enables the users to use the new passwords when they log in to the IBM Notes client. Setting password expiration for Notes IDs: For users who access the serice with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. Before you begin For information on how this feature interacts with the password synchronization feature, see Enabling password synchronization on page 33. 32 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
About this task If users click File > Security > User Security, the Password must be changed by field does not show the password expiration date. Perform the following procedure to set password expiration for Notes IDs. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Click Password Management 5. Click Enable password expiration for IBM Notes clients. 6. Enter the number of days a password can be used before it expires. The minimum alue for this setting is 30 days; the maximum is 3650 days. Results When password expiration is first enabled, the passwords of all current users expire on a random basis after the expiration period, regardless of when the passwords were last changed. For example, if the expiration period is 90 days, all current users are prompted to change their passwords on a random basis when first authenticating after the 90-day expiration period. The passwords of new users also expire on a random basis after the expiration period. Users who are logged in when this setting becomes effectie are not prompted to change the password during the current login session. Users might experience a lag time of a few seconds between the time they change their password and authentication. This lag occurs while the updated ID is synchronizing with the ault. If the synchronization does not complete, authentication can fail. In that case, users can wait a few minutes, and then try again. If the synchronization continues to fail and the user cannot access the client, reset the Notes ID using SmartCloud Notes Administration. What to do next You might want to communicate the following information to your users: There is no warning that informs them that their password is about to expire. How often they will be prompted to reset their passwords. What to do if authentication fails after they change their passwords. Related tasks: Resetting passwords for Notes IDs on page 31 Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. Enabling password synchronization: When users change their serice login passwords, password synchronization enables the users to use the new passwords when they log in to the IBM Notes client. Chapter 4. Configuring the serice 33
About this task Password synchronization benefits users who are actie users of both the web and Notes clients by allowing them to use one password for both clients. After you enable password synchronization, when users change their serice login passwords, the new passwords are added to the Notes ID files in the ID ault. Users can then use the new passwords the next time they log in to the serice from the Notes client. Password synchronization occurs wheneer users change their serice login passwords. Users can change the serice login passwords at any time through Connections Cloud My Account Settings. They also change the passwords: After they log in to the serice for the first time with temporary passwords; After they log in to the serice after an administrator resets their serice login passwords; After they log in to the serice when serice login password expiration is enabled and their passwords expire. Before you enable password synchronization, be aware of the following information: The feature does not apply to users who log in to the serice with a federated identity that your organization defines. Synchronization occurs in one direction: from the serice login password to the Notes ID password. Changing the Notes ID password does not change the serice login password. When serice login passwords change, Notes client users are not required to use the new passwords. Their old passwords remain alid until they use the new passwords to log in to the serice from the Notes client. Because the continued use of the old password preents ID synchronization with the ID ault, as a best practice, recommend to users that they use the new passwords on the Notes client. Synchronization occurs after Notes clients are connected to the serice. Notes client users can change their Notes ID passwords, either by choice or because you enable the Password Expiration setting in SmartCloud Notes Administration and their passwords expire. When Notes users change the Notes ID passwords, the serice login passwords do not change automatically. Howeer, users can use Connections Cloud My Account Settings to change the serice login passwords to match the new Notes ID passwords. If you enable password expiration for Notes IDs, a Notes ID password might expire before a user logs in to Notes with a new serice login password. In this case, the user can log in to the Notes client with the old Notes ID password but the user is prompted to change the password when opening mail or another application. At this point the user can proide the new serice login password. To enable password synchronization, complete the following procedure. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Click Password Management. 34 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
5. In the Password Synchronization section of the page, select Enable password synchronization. 6. Click Sae. Results When users change their serice login passwords, they can use the new passwords to log in to the Notes client. If users change the Notes ID password, the serice login password does not change automatically. What to do next Notify users that the feature is enabled. Recommend that when they change the serice login passwords that they use the new passwords to log in to the Notes client. Related tasks: Resetting serice login passwords on page 30 Users can reset their own serice login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset serice login passwords for any user at any time. Setting serice login password expiration on page 31 By default, serice login passwords do not expire. Enforcing a password expiration period helps ensure that passwords are changed frequently. Administrators can set a password expiration interal for all users. Related information: Federated identity management Notes IDs and passwords: When users connect to their mail serers in the cloud with IBM Notes clients and Notes IDs, they are authenticated using Notes Remote Procedure Call (NRPC) authentication. In serice-only enironments, and in hybrid enironments that do not use on-premises security policy settings to configure password requirements, Notes ID passwords must be at least eight characters. Passwords must also hae a password quality of 8, on a quality scale of 0 (weakest) to 16 (strongest). Password quality refers to the required character complexity of passwords. In hybrid enironments, you can use on-premises security policy settings to control password requirements. By default, Notes ID passwords do not expire and keeping this default behaior is recommended. Neertheless, you can configure a password expiration interal of from 30 to 3650 days through the SmartCloud Notes Administration interface. If users forget their Notes ID passwords, company administrators can use the SmartCloud Notes Administration interface to reset the passwords to temporary alues. The users use the temporary passwords to log in to the serice from a Notes client and then are prompted to change the passwords. Chapter 4. Configuring the serice 35
The Notes shared login feature is supported in hybrid enironments. This feature allows users to log in to Microsoft Windows and then use the Notes client without proiding a Notes ID password. A benefit of this feature is there are no Notes ID passwords to use or remember. The Notes client can connect automatically to the cloud serice instant messaging community and to cloud serice Actiities through the client sidebar. (Access to serice Actiities requires a collaboration subscription). After users log on to the serice mail serer from the Notes client, a single-sign on capability enables them to access these cloud serices during the session without proiding their cloud serice account login credentials. A Notes client can be configured to connect to both on-premises and cloud instant messaging serers or Actiities serers through the sidebar. In this case, users must proide their cloud serice login credentials to access the cloud serers. Related tasks: Resetting passwords for Notes IDs on page 31 Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. Setting password expiration for Notes IDs on page 32 For users who access the serice with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. Setting up federated identity management When you set up federated identity management, users log on to the serice using your on-premises authentication mechanism. About this task Federated identity management proides the following benefits: It allows your company to control the type of authentication and authentication options. For example, you might restrict access to specific networks, use VPN connections, define custom password strength or password expiration periods, use smartcards, or require two-factor authentication. Users can use their familiar, on-premises credentials to access the cloud serice. While users are logged on to the on-premises identity proider, they can access a cloud serice without being re-prompted for credentials. After you implement federated identity management, you must accommodate users of mobile apps. If all of your mobile users hae one or more IBM mobile apps such as Connections, Chat, Meetings, or most ersions of IBM Notes Traeler, you hae the following options: Set up an additional, separate federated identity management endpoint for the IBM mobile apps. For more information about this, see the Flow models section of SAML federated identity concepts on page 37. Use the partial authentication type when setting up federated identity management, which allows you to specify a group of users to whom federated identity management does not apply. In this case, you would specify your mobile deice users. For more information about the partial authentication type, see the Authentication types section of SAML federated identity concepts on page 37. Use application passwords. For information about application passwords, see Enabling application passwords on page 43. 36 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
All other mobile apps must use application passwords when federated identity management is implemented. Notes Traeler ersion 9.0.1.3 or greater for Android is an exception to the rule. It can connect to the same federated identity management system that non-mobile apps use. Note: Users to whom federated identity management applies cannot connect to the serice with IMAP clients or FTP clients. SAML federated identity concepts: Learn about the federated identity process as implemented in the cloud serice, the flow models that are supported, and the authentication types. Oeriew of the process using SAML Cloud serices rely on SAML to proide the SSO serices. In this implementation, your organization is the identity proider, and the cloud serice is the serice proider. You can use either SAML 1.1 or SAML 2.0. As the identity proider, your organization authenticates users. The authentication can be by a login with a user name and password, or by some other method. For mobile apps, the authentication must be by a login with user name and password. When a user gains access to your intranet and attempts to use a cloud serice, a SAML assertion is sent from your organization to the SAML endpoint in the cloud serice. The SAML assertion securely identifies the user. The cloud serice uses the SAML assertion to decide whether the user can access it. Flow models Two flow models exist in federated identity management. One model is the identity proider initiated model (IdP-initiated), and the other is the serice proider initiated model (SP-initiated). Mobile apps use the SP-initiated model. Normally, the SP-initiated flow model is not aailable in SAML 1.1 because SAML 1.1 does not support Identity Proider Discoery Profile. Howeer, the cloud serices use a hybrid ersion of SP-initiated that allows both SAML 1.1 and SAML 2.0. As a result, Identity Proider Discoery Profile is not required by cloud serices, and is not implemented. The cloud serices implement the Browser/POST profile that is used in SAML 1.1 and is compatible with the Web Browser SSO profile in SAML 2.0. Other profiles are not supported at this time. The following outlines describe the two flows: IdP-initiated 1. The user gains access to your intranet ia your organization's authentication mechanism. 2. The user naigates to a web page on your intranet that contains a link to a cloud product such as Connections Cloud or SmartCloud Notes web. 3. The user clicks the link. Chapter 4. Configuring the serice 37
4. The SSO process is initiated. A SAML assertion is sent to the cloud endpoint ia HTTP POST. If the user has a alid account, access is granted. 5. The user interacts with the cloud product. SP-initiated hybrid 1. The user naigates to the cloud serice login page. 2. The user clicks Use My Organization's Login. 3. The user enters the email address that is associated with the user s account. 4. The cloud serice looks up the email address and then redirects the user to your organization s authentication mechanism. 5. The flow continues from Step 4 of the IdP-initiated model. The SP-initiated hybrid flow model also applies to mobile apps. Before using a mobile app, the user must do a one-time setup of the mobile app to use a cloud serer. The setup process is different for each mobile app; instructions are included in the documentation of each app. The following outline describes the flow for mobile apps: SP-initiated hybrid for mobile apps 1. A mobile app initiates a connection to a cloud serice. 2. The cloud serer looks up the email address and then responds with the mobile login URL of your organization s mobile authentication mechanism. 3. The mobile client issues a basic authentication request to the mobile login URL with the user's email address and password. 4. If the basic authentication is successful, a SAML assertion is returned to the mobile app. 5. The mobile app sends the SAML assertion to the cloud endpoint ia HTTP POST. If the user has a alid account, access is granted. 6. The mobile user interacts with the cloud product. Authentication types Four types of federated identity management are aailable: Federated, Modified, Partial, and Non-federated. By default, all users in your organization are assigned the Non-federated type unless you enable one of the other types. Federated Users must authenticate with your organization before they can access cloud serices. Users do not hae a user name or password in the cloud user account. If they go to the serice login page, they must click Use My Organization's Login. The Federated type applies to all users in your organization. The Federated type is conenient for your users who normally work from the office. They can log on to your system and use cloud serices without needing a separate user name and password combination. Howeer, if any of your users work from home or work while traeling, your directory serers must be accessible from the Internet. Also, because your users cannot log in with a name and password that is defined in the serice, serices such as chat and IMAP are not aailable. 38 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
If you choose the Federated type, you must implement the SP-initiated flow model. Modified Users hae the option of authenticating with your organization before accessing the cloud-based serices, or using a name and password defined in the serice to log on. The Modified type applies to all users in your organization. The Modified type allows your users to access cloud serices from the Internet, but you do not need to make your directory serers accessible from the Internet. Your users can use the single sign-on serices when they are in the office, and the cloud serice login when they are outside the office. Partial Each user in your organization is assigned one of the preiously listed types: Non-federated, Federated, or Modified. If you do not specify a type for a particular user, the user is assigned the Non-federated type. Use the Partial type if you hae one group of users who normally work in the office, and another group of users who normally work from home or who trael frequently. For example, the office workers can be assigned the Federated type, and the traeling sales team can be assigned the Modified type. You can also use the Partial type to group users by the serices that are aailable to them. Users with the Federated type do not hae access to chat or POP/IMAP, but users of the Modified type do hae access to chat and POP/IMAP. If you choose the Partial type, you must implement the SP-initiated flow model to support users with the Federated type. Non-federated The login for the cloud serice is independent of, and separate from, your organization's login procedure. Users must log on using the name and password defined in the serice to use the cloud-based serices. The Non-federated type is the default type, and is the simplest and easiest type to set up because it requires no action on your part. After one of the federation types is implemented, you can change to one of the other types by contacting your customer serices representatie. The customer serices representatie will adise you on the process. If you are using the Partial type, you can change indiidual users from one type to another without the need to contact your customer serices representatie. Preparing for federated identity management: The difficulty of getting your system ready for federated identity management depends on both the state of your system, and on your knowledge and experience with SAML, SSO, LDAP, and related technologies. Before contacting your IBM customer serice representatie to enable federated identity management, reiew the following checklist: Choose the ersion of SAML that you want to use. You can use either SAML 1.1 or SAML 2.0. Chapter 4. Configuring the serice 39
Choose the type of federation that you want to employ: Federated, Modified, or Partial. See the topic SAML federated identity concepts for more information. Reiew the IdP-initiated flow model and the SP-initiated hybrid flow model. See the topic SAML federated identity concepts for more information. Implement SAML on your web serer. You can use Tioli Federated Identity Manger, OpenSAML, Actie Directory Federation, or some other federated identity manager. If you are setting up federated identity for users of mobile apps, create a second endpoint that accepts basic authorization. The mobile apps work with the SP-initiated flow model only. Retriee or create the priate/public key pair that will be used in digital signatures. Integrate your directory serer with your SAML serice. Administration is easier if all of your users are on the same directory serer. Implement and test the SAML Browser/POST profile in either SAML 1.1 or SAML 2.0. Create a dummy serice proider and conduct an IdP-initiated single sign-on test to make sure that eerything is working correctly. Create a SAML metadata file to transmit your identity proider metadata to the IBM customer serice representatie. If you are using SAML 1.1, you hae the option of transmitting most of the information in an email or by some other means that you negotiate with the IBM customer serice representatie. Howeer, in this case you must transmit the public key inside a Jaa keystore. Enabling federated identity management: When your system is ready for testing with the cloud system, contact an IBM customer serices representatie. Before you begin Before you start the enablement process, reiew the following list: 1. Implement and test a federated identity management system that uses SAML. Make sure that your system is configured to send the user s email address as the subject in a SAML assertion. 2. Test your system to make sure that it is configured for the type and flow model that you hae chosen. See the topic SAML federated identity concepts for more information. 3. Complete the checklist in the topic Preparing for federated identity management Procedure To enable federated identity management: Send an email to cloudcsg@us.ibm.com. In the email, request to hae federated identity management enabled for your organization. An IBM customer serices representatie will contact you with instructions and proide details of the process. What to do next After federated identity management is enabled, notify users of IBM mobile apps such as Traeler, Chat, or Meetings that they must generate application passwords. Users enter the application password instead of their regular login passwords 40 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
when logging in with a mobile app. In the notification, include the following link, which has instructions for generating application passwords: https:// apps.na.collabser.com/help/topic/com.ibm.cloud.welcome.doc/ logins_application_passwords.html Configuring the Sametime rich client for SAML and downloading: Your users can chat using the IBM Sametime Connect rich client. About this task If your organization uses a standard login, your users can use any standalone Sametime Connect client at ersion 8.5.1 or later. They can also use the embedded ersion in Notes 9.0 or later. If your users log in with your organization's authentication credentials and use SAML token authentication for federated identity management, you can create a pre-configured installation package for Sametime Connect or for Notes. SAML support in Sametime and in Notes uses the Form based user/password login type. Alternatiely, Users can download the SAML-enabled Sametime client that is aailable in SmartCloud and configure it themseles. Instructions to do this are in the user help https://apps.na.collabser.com/help/topic/com.ibm.cloud.chat.doc/ imb_download_saml.html. Howeer, users will need SAML IDP information from you to complete the configuration. Procedure To create a pre-configured installation package: 1. Locate the plugin_customization.ini file. The file is in one of the following locations, depending on the operating system: Windows Inside the deploy folder of the package root. RedHat Linux Inside the RedHat.rpm package at one of the following locations: For Sametime Connect: \opt\ibm\sametime\framework\rcp\deploy For Notes: \opt\ibm\notes\framework\rcp\deploy MacOS Inside sametime-*.pkg\contents\deploy. 2. Add the following configuration lines in the plugin_customization.ini file, based on your company's Sametime community and SAML IDP information. Note: To fit the width of this page, some records are shown on more than one line. In the plugin_customization.ini file, each record is a single line. # ";" is used to separate multiple communities com.ibm.collaboration.realtime.community/saml_communities=<sametime community serer host name> # IDP serer url com.ibm.collaboration.realtime.community/<sametime community serer host name>.idp= <SAML authentication login URL> # login type of IDP serer com.ibm.collaboration.realtime.community/<sametime community serer host name>.idp.type=form # html tag id or tag name of the user name field in IDP web page. com.ibm.collaboration.realtime.community/<sametime community serer host name>.idp.form.usernam Chapter 4. Configuring the serice 41
<form_username_field_id> <form_username_field_name> # html tag id or tag name of the user password field in IDP web page. com.ibm.collaboration.realtime.community/<sametime community serer host name>.idp.form.password. <form_password_field_id> <form_password_field_name> # html tag id or tag name of the submit field in IDP web page. com.ibm.collaboration.realtime.community/<sametime community serer host name>.idp.form.submit.ta <form_submit_field_id> <form_submit_field_name> # Optional. The default alue is "false". If "true", all on-premises communities are deleted com.ibm.collaboration.realtime.community/<sametime community serer host name>.primary=false # Optional. The default alue is "false". if "true", the SmartCloud community can be # remoed from the communities preference page com.ibm.collaboration.realtime.community/<sametime community serer host name>.editable=false Sample: Note: To fit the width of this page, some records are shown on more than one line. In the plugin_customization.ini file, each record is a single line. com.ibm.collaboration.realtime.community/saml_communities=im.na.collabser.com com.ibm.collaboration.realtime.community/ im.na.collabser.com.idp=https://www.example.com/fim/sps/saml20/logininitial? PartnerId=https://apps.na.collabser.com/sps/sp/saml/2_0& TARGET=https://apps.na.collabser.com&PROTOCOL=POST com.ibm.collaboration.realtime.community/im.na.collabser.com.idp.type=form com.ibm.collaboration.realtime.community/im.na.collabser.com.idp.form.username.tag=intranet_id com.ibm.collaboration.realtime.community/im.na.collabser.com.idp.form.password.tag=password com.ibm.collaboration.realtime.community/im.na.collabser.com.idp.form.submit.tag=ibm-submit 3. Replace the existing plugin_customization.ini file in the Sametime installation package or in the Notes installation package with the file that you updated. 4. Distribute the updated Sametime installation package or Notes installation package to your users. The SAML configuration information is automatically populated when your users install the client. Note: The installation package that you distribute to Mac users must be digitally signed by IBM. Before distributing the installation package to Mac users, email your modified plugin_customization.ini file to support@collabser.com. A signed installation package will be created and returned to you. Restricting the IP address range To ensure that users log in from an approed network connection, administrators can define an approed range of IP addresses. About this task By restricting the IP addresses that hae access to your organization, you proide a leel of protection against user's credentials being stolen or phished. If IP ranges are restricted to your network, an attacker would need to authenticate to the serer from within your network to access any stolen credentials. If your company uses SMTP, POP or imap protocols, restrictions are not applied. Also, restrictions are not applied to SmartCloud Notes Notes Remote Procedure Calls (NRPC). Procedure 1. Click Administration > Manage Organization 2. Click Security. 3. Click Add Range in the IP Address Ranges section to enter the beginning and ending IP addresses. You must specify the IP address at which you are currently logged in. 42 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Results Enabling IP address restrictions might block mobile user access to your organization. For example, Blackberry users must authenticate through a Blackberry Enterprise Serer (BES) which authenticates both the mobile deice and the user. Because the IP address for the authenticated user is that of the BES serer, IP address restrictions can block access, depending on the range specified. Use VPN tools on the mobile deice to route traffic to your organization using your network What to do next You can use IP address restrictions as a secondary authentication mechanism in combination with SAML single sign-on authentication. Enabling application passwords Application passwords can be used to proide a secure login for applications that do not support forms-based authentication. For example, they can be used to access applications that require passwords on a mobile deice or for organizations that use federated identity and serice login passwords are not used. When you enable application passwords, you also hae the option of requiring the use of application passwords, and of allowing mobile users to bypass IP restrictions. About this task If you require an application password, then the serice login password is disabled for the application, and users must log in using the application password. For example, users would be required to use the application password to log in to the serice on a mobile deice or in a browser. Howeer, they could still use the serice login password to log in to the serice web site and for other applications. If you do not require an application password, then users can continue to log in from a browser, for example, using their serice login password. If you allow mobile users to bypass IP restrictions, application passwords proide an additional layer of password strength. This is due in part to their length (16 characters) and because they are generated using a strong random number generator. If a mobile deice is lost or stolen, you can then disable the IP restriction bypass which preents access to the application outside your organization's designated IP range. Note: If you enable application passwords and select the Ignore IP range restrictions for applications setting to allow users to bypass IP restrictions, the setting does not apply to Windows Phone or Windows Tablet users. If you restrict login to a specific IP range, Windows Phone and Windows Tablet users must log in from network locations within the range. You can also disable the use of application passwords at any time. Then, if users hae created an application password, the application cannot be accessed because the password is no longer effectie. Tip: Users can also preent access to the application by reoking their application password, which they can do at any time. Organizations that do not use federated identity can disable the use of the standard serice password for mobile applications. Chapter 4. Configuring the serice 43
Procedure 1. Select Administration > Manage Organization. 2. In the naigation pane, under System Settings, click Security. 3. Under Password Settings, click Edit Settings. 4. Select Allow users to generate application passwords. 5. Select any of the following options that apply, and then click Sae Changes. Table 7. Application Password Options Option Expiration Ignore IP range restrictions for applications Require applications to use application passwords to access this site Result Select a password expiration interal or select No expiration if you do not want application passwords to expire. Users will be able to access applications from outside the organization's designated IP range. Howeer, they cannot access it using the serice login, they must use an application password instead. For more information about specifying IP address ranges, refer to Restricting the IP address range on page 42 This option restricts the supported authentication flow to application passwords. It preents users from logging to this site using their serice login password. This option does not display for organizations that use federated identity. Results After you enable this feature, users can create and manage application passwords in My Account Settings in the serice. General information about how users manage their application passwords is listed here. If enabled, users can generate an application password for the IBM Notes Traeler. Application passwords can be shared across mobile products, including IBM Traeler, IBM Sametime, and Connections Cloud. If you did not select the option Require applications to use application passwords to access this site, then using an application password is optional for users. Howeer, if you hae IP range restrictions enabled, they will not be able to log in using their serice password unless they are within the IP range. Application passwords are generated by the serice when requested by users. The generated passwords displays to the user only once, and cannot be recoered. Users can reoke and generate a new application password at any time. There is no limit to the number that can be generated. Passwords are generated using cryptographically strong random number generator. They are 16 characters long, and not case sensitie. Users should enter the password once into their deice and allow the deice to sae the password. If there are ten failed login attempts, the account is locked for three minutes. 44 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
What to do next If you selected Applications must use the generated password to access this site, or if you allowed users to bypass the specified IP range, instruct them to generate application passwords. For information on how users generate application passwords see Application passwords for mobile access. Authentication methods by client The following table lists the authentication methods supported for each type of IBM SmartCloud Notesclient. Table 8. Authentication methods by SmartCloud Notes client Authentication method Supported clients Cloud serice account identity and SmartCloud Notes web password IMAP clients IBM Notes Traeler deices FTP client that is used to connect to the integration serer to download journal files or to upload change files to manage user accounts SAML Federated Identity SmartCloud Notes web Cloud serice account identity with application password NRPC Research in Motion data center authentication Notes Traeler Android 9.0.1.3 and higher client Notes Traeler deices IBM Notes BlackBerry deices that access the serice through Hosted BlackBerry subscriptions Password rules by authentication method The following table summarizes the password rules and settings for each supported IBM SmartCloud Notes client. Chapter 4. Configuring the serice 45
Table 9. Password rules and settings by authentication method Authentication method Password rules Password expiration 1 Password changes Cloud serice account identity and password SAML Federated Identity Cloud serice account identity and application password NRPC At least eight characters At least four alphabetic characters At least one non-alphabetic character No spaces No more than two consecutie characters No match of any of the eight preious passwords Cannot contain user name or email address Controlled by company 16 characters (non-case sensitie) In serice-only enironments, and in hybrid enironments that do not use policy security settings to configure password requirements, IBM Notes ID passwords must be at least eight characters and hae a password quality of 8, on a password quality scale of 0 (weakest) to 16 (strongest). Disabled by default Administrators can enable a password expiration interal of 30, 60, 90, 180, or 365 days. Controlled by company Disabled by default Administrators can enable Disabled by default Administrators can enable through SmartCloud NotesAdministration By administrator By user Controlled by company Password changes not allowed Administrators or users can reoke passwords and users then generate new ones By administrator By user 1 While it may seem that requiring passwords to expire proides more security, most security experts beliee the opposite is true. Password expiration often leads to the use of simpler, more easily-guessed passwords, and to users writing down passwords to remember them. A better policy is to use more complex password phrases that do not expire, wheneer possible. In addition to proiding better 46 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
security, this policy also reduces the number of help desk calls generated from users who forget their eer-changing passwords. Configuring the name finder Complete this procedure to configure how users find names in a directory. Before you begin Read the topic Standard and Adanced Name Finder options on page 49for details about and a comparison of the Standard and Adanced name finder options. About this task The name finder settings control how users find names in a directory. For example, the settings are used when users find names by clicking the To link in a new mail message or the Required link in a new meeting initation. Name Finder settings are not related to type ahead addressing, the feature that automatically finds matches to names that users type in address fields. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Name Finder. 6. Select options, as described in the following table: Option Basic Description The name finder lists all names in a directory, in alphabetical order by surname. Users type the first few characters of the surname they are looking for, and the cursor moes to the first matching name. From there, users can use the scroll bar to find the name. This setting is the default and it applies to Notes users and web client users. Chapter 4. Configuring the serice 47
Option Basic Quick Search Only Description The name finder shows no names in a directory, initially. Users type the first few characters of a gien name or surname and click Search. The name finder then shows directory entries whose surnames or gien names begin with the characters searched for. For example, a search for Jack can return the names Jackie Roberts or Tony Jackson but not Tony Blackjack. This setting proides more flexibility for finding names in large directories. Standard Adanced This setting applies to Notes users and web client users. Users search for names and search results show directory entries that match. Unlike the Basic and Basic Quick Search Only options, users can sort the search results and see details about the user entries that are returned in search results. This search capability applies to web client users only. Users get the name finder capabilities of the Standard option. In addition, they are able to narrow search results by manager, department, job title, location. This option is aailable for hybrid enironments only. Show user photos This search capability applies to web client users only. Search results show user photos. In serice-only enironments, the photos come from IBM Connections Cloud user profiles. In hybrid enironments, the photos can come from IBM Connections Cloud user profiles or from Person documents in an on-premises directory. To use an on-premises directory, clear the Use SmartCloud Engage photos field. This option is aailable when you select the Standard or Adanced options. The feature applies to web client users only. 48 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Option Browse corporate hierarchy Description Users can browse a directory by hierarchy categories that you assign to Person documents in an on-premises Domino directory. This option is aailable for hybrid enironments when you select the Standard or Adanced options. Browse corporate hierarchy > Used ranked sort order The feature applies to Notes users and to web client users. Users can browse a directory by ranked categories that you define in an on-premises Domino directory by using the Domino Japanese Extension (DJX) tool. This option is aailable for hybrid enironments when you select the Standard or Adanced options. The feature applies to Notes users and to web client users. Results The change usually takes effect within 15 minutes or less. Standard and Adanced Name Finder options The Standard and Adanced Name Finder configuration options proide seeral features to help users to find names in directories. The Standard option is aailable for serice-only enironments and hybrid enironments. The Adanced option is aailable for hybrid enironments only. The following table compares the features that are proided by each option. All of these features are aailable for the web client. The features currently aailable for the IBM Notes client are the browse features only. When you enable the Standard or Adanced option, the Basic Quick Search Only search option is put in effect for Notes client users. Table 10. Comparison of the Standard and Adanced Name Finder configuration options Feature Standard Name Finder Adanced Name Finder Name search Users can search by: Users can search by: First name First name Last name Last name Notes full name Notes full name Internet address Internet address Short name Short name Alternate name Alternate name (if alue Phonetic name populated in directory) Phonetic name (if alue populated in directory) Chapter 4. Configuring the serice 49
Table 10. Comparison of the Standard and Adanced Name Finder configuration options (continued) Feature Standard Name Finder Adanced Name Finder Search conditions to narrow the results of name searches Not aailable Users can narrow name searches by: Manager Department Job Title Location Each condition added narrows results further. Maximum search results returned Sort entries in search results Show details about names in search results Show user photos from IBM Connections Cloud user profiles in search results 200 200 All users can sort results by: Last name, first name First name, last name Directory Users in hybrid enironments can sort results by the following information, if the corresponding fields are populated in Person documents: Manager Job Title Department Location All users can see the following details: User name Internet address Domain Directory Users in hybrid enironments can see seeral additional details, if the fields are populated in Person documents. This feature requires users to hae a collaboration subscription in addition to a SmartCloud Notes subscription. These fields must be populated in Person documents in the on-premises directory. All users can sort results by: Last name, first name First name, last name Directory Users can sort results by the following information, if the corresponding fields are populated in Person documents: Manager Job Title Department Location All users can see the following details: User name Internet address Domain Directory Users can see seeral additional details, if the fields are populated in Person documents. This feature requires users to hae a collaboration subscription in addition to a SmartCloud Notes subscription. 50 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 10. Comparison of the Standard and Adanced Name Finder configuration options (continued) Feature Standard Name Finder Adanced Name Finder Shows user photos from on-premises Person documents Browse entries in a directory by categories that are defined by use of the Domino Corporate Hierarchy feature Browse entries in a directory by ranking Aailable in hybrid enironments only and requires a change to the Domino directory design to support photos in Person documents. Aailable in hybrid enironments for directories with Person documents that are assigned corporate hierarchy categories. For more information, see the topic about categorizing a user by corporate hierarchy in the Domino documentation. Aailable in hybrid enironments. You use the Domino Japanese Extension tool (DJX) to configure the directory to support this option. Requires a change to the Domino directory design to support photos in Person documents. Aailable for directories with Person documents that are assigned corporate hierarchy categories. For more information, see the topic about categorizing a user by corporate hierarchy in the Domino documentation. You use the Domino Japanese Extension tool (DJX) to configure the directory to support this option. Basic name finder illustration The following pictures illustrate finding names in a directory when the Basic name finder option is enabled. Chapter 4. Configuring the serice 51
Basic Quick Search Only name finder illustration The following pictures illustrate finding names in a directory when the Basic Quick Search Only name finder option is enabled. 52 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Chapter 4. Configuring the serice 53
Standard name finder illustration The following pictures illustrate finding names in a directory when the Standard name finder option is enabled. 54 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Configuring mail settings There are seeral settings related to mail that you configure from SmartCloud Notes Administration. Changing the size limit for incoming messages The serice does not delier inbound messages that are larger than 100MB, by default. You can specify a different inbound message size limit. The limit applies to all mail that is sent to users in the serice. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Email Management. 5. Under Limit Message Size, specify the size limit for incoming messages. Preent automatic forwarding of messages You can preent users from using mail rules to automatically forwarding email to external addresses. About this task Users can create mail rules that include the action send copy to, which automatically forwards a copy of the email to other users. Select this option so that mail addressed to users in domains that are not owned by your company are ignored when the message is forwarded. Users can still forward email to any address manually. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. Chapter 4. Configuring the serice 55
3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Email Management. 5. Under External Forwarding, select Do not allow automatic forwarding to external addresses. Specifying how Notes links display in the web client You can specify how IBM Notes links, such as doc links, application links, and iew links, display in web client email. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Email Management. 5. Under Link Style, select how Notes document, iew, and application links display when users read mail in a browser: Table 11. Link Style Options and Icons Style Web links only Description The default. Uses web addresses (https://...). In email, the address displays as an Internet icon: Document link View link Application link Notes links only Uses Notes URLs (notes://...). In email, the address displays as a Notes icon: Document link View link Application links Notes and web links Uses both web and Notes addresses, and includes both icons to represent each link. Example of a link to a document: Configuring how long mail remains in the Trash folder When a user deletes a message from a mail file on a cloud serer or the serice automatically deletes an older message, the message is moed to the Trash folder where it remains for 14 days, by default. After 14 days, the message is permanently deleted. You can change how long deleted mail remains in the Trash folder. You can also preent users from emptying the Trash folder themseles. 56 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
About this task Documents that are deleted from the Trash folder cannot be recoered. While deleted mail is in the Trash folder, users can restore it to its original folder. The Trash folder can contain a maximum of 32,768 messages. If this limit is reached, each message added to the Trash folder causes a message that has been in the Trash folder the longest to be permanently deleted. This deletion occurs een if a message has been in the Trash folder less time than the specified deletion interal. Premature deletion from Trash stops when either manual or automatic deletion of messages causes the number of messages in the Trash folder to fall below the limit. This behaior is not common but can occur in mail files where many messages are frequently receied and deleted. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click Email Management. 5. Under Configure Mail Retention in the Trash Folder, complete these fields to manage mail in the Trash folder. Table 12. Trash Folder Mail Retention Settings Option Retain deleted messages for how many days? Description Enter a number from 14-90. The default alue is 14. If you decrease an interal that was preiously set, then all messages that meet the new criteria are deleted. For example, if you decrease the interal from 20 days to 16 days, then mail in the Trash folder older than 16 days is deleted. Allow users to empty the Trash folder When this option is selected, users can permanently delete messages from the Trash folder by clicking Empty Trash or by selecting a message and deleting it. This option is enabled by default. To preent users from deleting mail from the Trash folder, deselect the option. Then, mail remains in the Trash folder for the duration specified in Retain deleted messages for how many days? before being permanently deleted. Note: If you preent users from deleting mail in the Trash, IBM Notes client users can still delete mail from the Trash on local mail replicas. Howeer, the deletion does not carry oer to the serer mail file replicas. Deleting older email and meetings You can reduce the size of mail files and improe email usability by automatically deleting older email messages and meetings. By default, email messages and meetings remain indefinitely unless users delete them. Chapter 4. Configuring the serice 57
About this task When you enable email deletion, you can: Control how many days messages and meetings remain before they are processed for deletion. Exclude messages in user-created folders from automatic message deletion. Send reports of automatically deleted messages and meetings to specific user addresses. Exclude the mail files of specific users from the automatic deletion. Non-mail documents added by web client users, such as Person documents, are not deleted. Messages that are flagged for follow-up are not deleted, except for messages that are flagged by the sender before being sent, which are deleted. When email deletion is enabled, the serice takes the following steps to delete older messages and meetings: 1. Messages that are older than the Delete email after how many days? alue are moed temporarily to a folder created by the serice. Meetings are moed to the temporary folder when it is longer than the specified number of days since the meetings occurred. Repeat meetings are processed based on the date of the last meeting. 2. The default name of the folder to which deleted messages and meetings are moed temporarily is *To Be Deleted*. You can specify a different name. Users can preent messages in this folder from being deleted by moing them to a folder that is exempted from automatic deletion. 3. Messages and meetings are moed weekly from the temporary folder location to the Trash folder. The serice staggers this processing so that not all mail files are processed at the same time. Users can preent messages and meetings in the Trash folder from being deleted by moing them to a folder that is exempted from automatic deletion. 4. Messages and meetings are deleted from the Trash folder after 14 days, by default. You can use the Retain deleted messages for how many days? setting in the Configure Mail Retention in the Trash Folder section of the Email Management window to change the number of days messages remain in the Trash folder. After messages are deleted from the Trash folder, they cannot be recoered. The alue of Delete email after how many days? plus the alue of Retain deleted messages for how many days? determine when messages are deleted from mail files. For example, if the alue of Delete email after how many days? is 365 and the alue of Retain deleted messages for how many days? is 90, messages are permanently deleted from mail files after one year and three months (455 days). Perform the following steps to enable and configure automatic deletion of older email. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 58 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
4. Click Account Settings and then click Email Management. 5. Under Delete Older Email, select Enable email deletion. 6. Use the following settings to specify how to manage older email deletion: Table 13. Mail Deletion Settings Option Delete email after how many days? Keep email that is filed in folders. Keep email only if it is in one of these folders or their subfolders Description Specify the number of days email messages remain before being processed for deletion. If no alue is specified, 14 days is the default alue. Select this option to preent mail that is stored in all user-created folders from being deleted. Select this option to keep mail only messages in specific folders or subfolders from being deleted. In the Exempt Folders box, specify the folder names, one name per line. To specify a single subfolder, enter parentfolder\subfolder. For example, enter Suppliers\Tools to preent messages in the \Tools subfolder from being automatically deleted, but to allow messages in the Suppliers parent folder and any other of its subfolders to be deleted. Folder name Specify the name of a folder to temporarily store messages that are targeted for deletion. If the folder does not exist, the serice creates it. Messages remain in this folder for a week and then are moed to the Trash folder. If you do not specify a folder name, the name *To Be Deleted* is used. Send email report of the number of emails deleted to the following addresses Do not delete the email of the following users List the addresses of users you want to receie email deletion reports. List the names of users you want to exempt from mail deletion. Enabling the ActieX control for Internet Explorer users The Internet Explorer ActieX control proides mail enhancements to IBM SmartCloud Notes web users who use Internet Explorer. About this task You enable use of the ActieX control through SmartCloud Notes Administration Account Settings. ActieX is disabled by default to allow and encourage more secure web browser configurations. If you enable ActieX to proide additional mail features to Internet Explorer users, be aware that doing so might result in less secure browser configurations. If you enable ActieX, when users who use Internet Explorer log in to the SmartCloud Notes serice, they see prompts that allow them to install the ActieX control. The prompts refer to the ActieX control as the IBM inotes control. Chapter 4. Configuring the serice 59
After users install the control, they can do the following tasks: Make SmartCloud Notes web the default email client through Preferences. Send email from Windows Explorer, the desktop, or the Start menu. Create new email messages by clicking a Mailto:// link from external web pages. Select multiple files to attach to an email, detach and sae multiple attachments, open attachments by double-clicking without haing to sae them first, and drag multiple attachments to Windows Explorer or the desktop. Copy an image to the clipboard and then press Ctrl+V or click the image icon in the message toolbar to paste the image into an email. Note: Running Internet Explorer in Protected Mode can preent users from being able to sae attachments, drag attachments from mail to the desktop, or set the default mail client. For information about options to resole this issue and about Protected Mode, see IBM Technote 1655831. One option is to resole the issue by adding the mail serer or domain as a trusted site. If you use this option, as the trusted site, specify notes.<dc>.collabser.com (where dc is your data center) or *.collabser.com. Users might occasionally be prompted to install updates to the ActieX control when enhancements to the control are deployed in the serice. If users do not install an update, features that require the control are no longer aailable during the current session. Users are prompted again to install the update when they next log in to the serice. Complete the following steps to enable all web users who use Internet Explorer to download and use the ActieX control. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Email & Calendar Options. 6. Select Enable ActieX attachment control. Related information: IBM Technote 1655831 Specifying an SMTP serer to route mail to the Internet By default, the serice routes mail that serice users send to external users oer the Internet. You hae the option to route this mail through a company-controlled SMTP host serer instead. Before you begin Prepare your on-premises enironment. For more information, see Preparing to use a company SMTP serer to route outbound Internet mail on page 20. 60 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
About this task Skip this procedure if you want the serice to handle routing the mail that is sent to external users. In this case (default behaior), the serice filters the messages for irus and spam before routing them to the Internet. By using a company SMTP host serer for external routing, you can act on messages before routing them, for example, filter or audit messages. When you use this feature, the serice filters messages for iruses and spam and then routes them directly to your designated SMTP host serer. Messages addressed to any domain that is not an internal, serice-erified domain are routed to the SMTP host serer. The serice uses Transport Layer Security (TLS) to route mail to the SMTP host serer if the host serer uses TLS. The connection is made using STARTTLS oer SSL TCP/IP port 25. Perform the following steps to specify the name of your SMTP host serer in Account Settings. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings > Email Management. 5. In the SMTP serer field under Manage Routing to External Internet Domains, enter an SMTP host name to use for routing. 6. Click Sae. Preparing to use custom mail file templates You can apply a custom mail file template to mail files of serice users. The template must meet design requirements that minimize the risk and impact to your users and to the serice. You submit the template for approal to an IBM Software Serices for Collaboration representatie. About this task The template design deelopment can be done in-house or through a contract with a third-party deeloper or an IBM representatie. A short professional serices engagement with IBM Software Serices for Collaboration is required to approe a custom template. A custom mail file template allows you to customize the design of user mail files. It is also used to customize the mail file access of new mail files to enable administrators or serer-based agents to access them. Customized mail file access is strongly recommended; without it only mail file owners and mail file delegates can access mail files. The following steps outline the high-leel tasks and identify who is responsible for deeloping and applying a custom template. Procedure 1. Customer Contacts an IBM Software Serices for Collaboration representatie to procure a statement of work. Chapter 4. Configuring the serice 61
This step should be done as soon as it is determined that the business requires a custom mail template. This prior notice ensures that they are prepared to alidate the template soon after receiing it 2. Deeloper Reiews the design requirements for custom mail templates. To be approed for use with the serice, a custom mail template must meet specific design requirements. For example, a custom template must contain specific design elements from the standard mail template of a IBM Notes ersion supported by the serice. For information about template design requirements, see the wiki article SmartCloud Notes Template Validation Requirements. 3. Deeloper Designs and implements the template changes in the on-premises enironment. When preparing a custom template that is already in use, the deeloper should: Assess and document the current customizations. Compare each customization to the standard mail template. Determine whether each is still needed or if it can be deleted. If a customization is still needed, determine whether it requires modification. Document the requirements for the new ersion of the custom template. 4. Customer Tests the template in the on-premises enironment. You are responsible for testing the template in your company enironment to ensure that it functions as intended. 5. Customer Emails a request to customization.analyzer@collabser.com to be set up for the Mail Analyzer application. The email should include the Customer ID and also be sent to the IBM Software Serices for Collaboration representatie. The customer receies a confirmation email when setup is complete. The Mail Analyzer application is used to do preliminary checks of the custom template. 6. Customer After receiing notification that the Mail Analyzer application setup is complete, the customer emails the custom template to customization.analyzer@collabser.com to perform an automated analysis. The customer receies an email summary of the results. This step can be repeated as often as needed during the deelopment and testing cycle. 7. Customer Submits the template to an IBM representatie for a final manual alidation. Template alidation requires a short professional serices engagement with IBM Software Serices for Collaboration. 8. IBM representatie Validates the template and report results to the customer. This step ensures that the template meets the template alidation requirements. The IBM representatie sends the customer a short, written report summarizing the assessment, and indicating approal or rejection. 9. IBM representatie Loads the template to the serice, after approal of the template. 10. Company administrator Applies the template to user accounts. When the template is approed, a company administrator for the serice uses SmartCloud Notes Administration to apply the template to the accounts of new or existing users. Alternatiely, the template can be applied through the integration serer and a user proisioning change file. For more information, see the topic on creating user proisioning change files in the integration serer documentation. Related tasks: 62 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Preparing customized mail file ACLs on page 68 An important reason to customize mail file access is to allow administrators or serer-based agents to access mail files. Without customized mail file access, only mail file owners and mail file delegates can access mail files. Configuring mail file templates Configure which mail file templates can be applied to user mail files and configure a mail file template to use by default. Changing user mail file templates on page 139 You can change the mail file template assigned to a user. For example, change the mail template if the IBM Notes client of a user is upgraded to a new ersion. Related information: Integration serer documentation Handling execution security alerts caused by custom templates The serice signs a custom mail file template with a unique customer signature. IBM Notes users that use a custom mail file template see an execution security alert if the Execution Control List (ECL) on the client does not allow access to the signature. About this task The first time Notes users authenticate with the serice after the application of a custom template, they see an execution security alert. The alert states that the template signer, customerid LotusLie Template Signer/customercertifier, is attempting to perform an ECL update action. Selecting Start trusting the signer preents all future alerts for the template signature. For more information about execution security alerts, see the topic about the execution control list in the Domino documentation. Related information: Domino documentation Configuring mail file templates Configure which mail file templates can be applied to user mail files and configure a mail file template to use by default. About this task The serice proides standard mail file templates to apply to user mail files. Custom mail file templates that are designed for your company and approed by an IBM Software Serices for Collaboration representatie might also be aailable for use. Apply the mail file template after user proisioning. Procedure 1. Log on to http://www.ibmcloud.com/social as a user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. From SmartCloud Notes Administration, click Mail Templates. 5. Perform any of the following template management tasks. Chapter 4. Configuring the serice 63
Table 14. Mail template management tasks Task Steps Additional information Select a mail template to apply to new user accounts by default. Download a template to make design changes to it. Remoe a custom template from the list of aailable templates. 1. Click Custom Mail Templates or Standard Mail Templates. 2. Select a template. 3. Click Set as default 1. Click Custom Mail Templates or Standard Mail Templates. 2. Select a template. 3. Click Download. 1. Click Custom Mail Templates. 2. Select a template. 3. Click Delete Selected. If you do not select a default template, the most recent English ersion of the standard template is used as the default. You can change the mail template after you add a new user, as necessary. When the design changes are complete, you must submit the template to an IBM Software Serices for Collaboration representatie for approal before it can be applied to user mail files. Remoe a template if it is no longer used. If you remoe a template that is currently assigned to a user, you should assign a new one. Be careful when remoing a template. If you change your mind, you must contract the serices of IBM Software Serices for Collaboration to add it back. Related tasks: Changing user mail file templates on page 139 You can change the mail file template assigned to a user. For example, change the mail template if the IBM Notes client of a user is upgraded to a new ersion. Preparing to use custom mail file templates on page 61 You can apply a custom mail file template to mail files of serice users. The template must meet design requirements that minimize the risk and impact to your users and to the serice. You submit the template for approal to an IBM Software Serices for Collaboration representatie. Viewing assigned mail file templates on page 137 You can iew the mail file template that is assigned to a serice user. Using extension forms files to customize the look of the web client You can use an extension forms file to customize the isual theme, fonts, the action bar, and other aspects of the web client. For example, you can add graphics, change colors, and add new menu items. Before you begin Read the topic Extension forms file requirements on page 66. 64 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Note: IBM reseres the right to disable any extension forms file that causes a degradation in the serice. About this task Deploying an extension forms file in the serice requires a brief serice contract with an IBM Software Serices for Collaboration representatie. The representatie alidates extension forms files to ensure that they comply with requirements that reduce risk to your users and to the serice. Once approed, the IBM representatie uploads the extension forms file to the serice for your use. You can deploy more than one extension forms file and apply each to different users. Extension forms files must be based on the IBM inotes 9.0 Social Edition forms9_x.ntf template that is downloaded from the serice. To deploy an extension forms file in the serice, perform the following steps. Procedure 1. Download the extension forms template or a currently deployed extension forms file from the serice: a. Log in to the serice as an administrator. b. If your account has the user role, click Admin > Manage Organization. c. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. d. Click Extension Forms Files. e. Perform one of the following steps: To use the default design as a starting point, click Extension Forms Templates and download the template file. To download an extensions forms file that is already deployed, select the file in the Extension Forms File page and click Download. 2. If you download the extension forms template in the preious step, use the template to create the extension forms file. 3. To transfer changes in an extension forms file currently used at your company to the extension forms file used in the serice: Assess and document the design changes in the on-premises extension forms file. Note any design changes that are no longer needed and can be deleted. Determine whether the remaining design changes in the on-premises extension forms file are supported in the serice or need modification. Document the changes to the new extension forms file that are required. 4. Make the design changes to the extension forms file to be used in the serice. 5. Test the design changes on an IBM Domino inotes serer in the on-premises enironment: Note: You might want to install and set up a test serer for this purpose. a. In a Mail Settings document applied to a policy, click IBM inotes and in the Basics tab, add the name of the extension forms file to the Extension Forms File Name field. This step is needed only if the extension forms file name is not Forms9_x.nsf, or if you want to use a policy to enable the forms file for specific users. Chapter 4. Configuring the serice 65
b. Use the following serer command to flush the serer database cache: dbcache flush c. Copy the extension forms file to the inotes directory under the serer data directory. d. Use the following serer command to stop and restart the HTTP task: tell http restart e. Start a web browser and clear the browser cache. f. Test the changes from the browser. 6. Submit the extension forms file to an IBM Software Serices for Collaboration representatie for alidation. The IBM representatie alidates the extension forms file and sends you a summary report that indicates whether the extension forms file is approed. After it is approed, the IBM representatie uploads the extension forms file to the serice. What to do next Assign the extension forms file to users. Related tasks: Assigning extension forms files to users on page 140 After an IBM representatie uploads an approed extension forms file to the serice, you can assign the forms file to users. Extension forms file enable you to customize the isual theme, fonts, the action bar, and other aspects of the web client. Preparing to use custom mail file templates on page 61 You can apply a custom mail file template to mail files of serice users. The template must meet design requirements that minimize the risk and impact to your users and to the serice. You submit the template for approal to an IBM Software Serices for Collaboration representatie. Extension forms file requirements Before you deelop an extension forms file to customize the web client, be aware of the requirements. You can use multiple extension forms files, each applied to different sets of users. Extension forms files must be based on the IBM inotes 9.0 Social Edition forms9_x.ntf template that you download from the serice. Extension forms files can reference only mail files within the IBM SmartCloud Notes serice. In particular, they cannot reference IBM Notes databases on on-premises serers or images on web serers outside the serice. Customization must be self-contained. Any resources, such as images, style sheets and JaaScript, must be included in the Extension Forms File. References to external sources are not allowed. Customization such as ActieX controls or Jaa classes where the source code cannot be inspected are also not allowed. Local encryption must be disabled on extension forms file databases: 1. From Notes, open the extension forms file database. 2. Click File > Application > Properties. 3. Click Encryption Settings. If the text Current encryption strength : None is shown in the dialog box, the database is not encrypted. If the database is encrypted, complete the remaining steps. 4. Click Do not locally encrypt this database. 5. Close the extension forms file database. 66 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
6. Open the database. A progress bar is shown as the database is unencrypted. 7. Repeat steps 2 and 3 to erify that the database is unencrypted. You can use an extension forms file to make the following types of changes to the web client: Modify the isual theme in the following ways: Oerride CSS styles. Oerride gradient fill color specifications. Replace images. New images must be in the extension forms file. Add fonts to the rich text editor that is used when users create email messages, calendar entries, and so forth. Add fields to documents such as mail messages and calendar entries. Add, remoe, or modify items in the action bar menu. Use global settings to extend the session information, for example, oerride a preference setting or read a profile note field. Add JaaScript code to the document sae function to erify items when documents are saed or sent. You can customize the following subforms in an extension forms file: Table 15. Subforms that can be customized Subform Custom_Common_Utils Custom_CSS Custom_JS Custom_JS_Edit Custom_Name_Lite Custom_Page_Dictionary Custom_WelcomePage Custom_Page_Dictionary Custom_xxx_Dictionary Custom_LazyLoad_Subforms Custom_Logout Custom_About Custom_SessionInfo Purpose Adds functions that are called from Custom_JS. Adds new CSS styles. Contains callback functions to use to add or remoe action bar items, add code when pages are displayed or submitted. This subform is used for forms that use an older architecture. Most of the code uses the newer forms, howeer a few older forms remain. Adds fonts to the rich text editor. The code to display names in Korean format. Adds new ariable alues for use with the Custom_CSS subform. Adds choices for the Welcome Page. Adds ariable alues that are aailable for use in the Custom_CSS subform. These custom dictionary subforms are included with each main area form, Mail, Calendar, ToDo, and so forth, to allow easier inclusion of new NotesFields and NotesVars. Adds custom code to the lazy load table. Adds custom code that runs on logout. Displays the forms file ersion and a user-specified file ersion number in the client console log when the client starts. Add items to the inotes session info object. Chapter 4. Configuring the serice 67
Preparing customized mail file ACLs An important reason to customize mail file access is to allow administrators or serer-based agents to access mail files. Without customized mail file access, only mail file owners and mail file delegates can access mail files. About this task To customize mail file access, modify the access control list (ACL) in a custom IBM Notes mail file template. Then, apply the custom template to the new mail files when you proision users for the serice. Using a custom mail file template requires a short serice contract with IBM Software Serices for Collaboration to approe and upload the template to the serice. Important: It is important to customize mail file ACLs before users are proisioned. After users are proisioned, you can no longer use the ACL to change access to their mail files. At that point, the mail file ACL is changed only indirectly in the following circumstances: A user is gien access to a mail file through mail file delegation. A user's name changes, which causes the name to change in the mail file ACL. (Renaming a group does not update a group name in the ACL.) Note the following additional restrictions to ACLs of mail files in the serice: You cannot use the following ACL group entries that are seen in traditional IBM Domino enironments: LocalDomainAdmins, LocalDomainSerers, and OtherDomainSerers. If you add these entries, they are stripped from ACLs. To allow administrators to access mail files, add a group to the directory that includes their names, and then add the group to mail file ACLs. Editor access is the highest leel of access that is allowed for any ACL entry. If you gie a user or group Manager or Designer access, the access is lowered to Editor. The user or group does not become a mail file delegate. The mail file owner always has Editor access and you cannot change this access. You can gie another user or group Editor access. In this case, they become mail file delegates, by default. You can preent people with Editor access from becoming delegates. To do so, assign them the [ExcludeDelegate] role in the ACL. You can use the following types of ACL entries: Person, Person group, Serer group, Mixed group, orunspecified. Serer type entries are not allowed. If you add them, they are stripped from ACLs. You cannot customize the -Default- and Anonymous entries. These entries are always set to No Access. To use a custom mail file template to modify mail file ACLs, add entries that are enclosed in brackets []to the ACL of the custom mail file template. The ACLs of the new mail files in the serice inherit the entries in brackets. For example, to gie Editor access to the group SCN Administrators, add [SCN Administrators] to the ACL, select Editor access and the type Person group or Mixed group.ifyou apply the custom mail file template when you proision Samantha Daryn/Renoations with a brand new mail file in the serice, her mail file ACL includes the following entries: 68 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
-Default- (No Access) Anonymous (No Access) Samantha Daryn/Renoations (Editor) SCN Administrators (Editor) SaaSLocalDomainSerers 1 Mail1/SCN/Renoations 2 1 This group is resered for use in the serice. Do not create a group by this name on-premises, or a group that begins with the characters SaaS. 2 This entry is the name of a user's home mail serer in the serice. Related tasks: Configuring mail file templates on page 63 Configure which mail file templates can be applied to user mail files and configure a mail file template to use by default. Preparing to use custom mail file templates on page 61 You can apply a custom mail file template to mail files of serice users. The template must meet design requirements that minimize the risk and impact to your users and to the serice. You submit the template for approal to an IBM Software Serices for Collaboration representatie. Related information: Using serer-based agents in a SmartCloud Notes hybrid enironment SmartCloud Notes Template Validation Requirements Configuring email filters and reporting Use email filter and reporting features to control and manage the deliery of specific inbound Internet mail. About this task The following table summarizes the filter and reporting features that are aailable. The table briefly describes each feature, indicates which clients support each feature, and indicates the method to enable each feature. These features apply to Internet mail that is addressed to a domain owned by your company for which the serice manages inbound routing. In a serice-only enironment, the serice manages inbound routing for all of your company s erified Internet domains. Table 16. Summary of email filter and reporting features Feature Description Supported clients Method to enable Email filters for inbound Internet mail Use filters to control the deliery of mail from specific addresses, mail with newsletter content, or mail that matches the serice Spam filter. All clients SmartCloud Notes Administration Junk Mail Reports Send periodic reports to users that list messages recently deliered or moed to the Junk folder. All clients SmartCloud Notes Administration Chapter 4. Configuring the serice 69
Table 16. Summary of email filter and reporting features (continued) Feature Description Supported clients Method to enable Customized Junk Mail Reports Customize or translate text in Junk Mail Reports. All clients Custom mail file template ¹ Customized Remoe sender from Junk list option For specific senders, allow users to oerride a filter that deliers the senders' mail to the Junk folder. Notes client, web client Notes client: Custom mail file template ¹ Web client: Aailable automatically, no enablement needed Report as Spam option. Proides a menu option to use to report spam. Notes client, web client Notes client: Custom mail file template ¹ Web client: SmartCloud Notes Administration ¹ This option requires a short serice contract with an IBM Software Serices for Collaboration representatie to deploy a custom mail file template in the serice. Related tasks: Preparing to use custom mail file templates on page 61 You can apply a custom mail file template to mail files of serice users. The template must meet design requirements that minimize the risk and impact to your users and to the serice. You submit the template for approal to an IBM Software Serices for Collaboration representatie. Related information: IBM Software Serices for Collaboration web page Configuring email filters for inbound Internet mail Configure email filters to allow users to receie email from people whose messages would otherwise be blocked or to block email that is not normally blocked but that your users do not want to receie. About this task You can create address filters that filter based on sender address. You can also create keyword filters that filter based on email category. Newsletter is the only keyword category currently supported. You can create multiple address filters but just one newsletter filter. In addition to creating filters, you can customize the serice spam filter by allowing email that matches the filter to be deliered to the Inbox or the Junk folder. Deliering email that matches the serice spam filter to the Inbox is not recommended unless your company applies its own filtering software to mail before it is routed to the serice. The number of all filters, excluding the spam filter, cannot exceed 100. The serice malware and anti-irus filters are not configurable and take precedence oer all other filters. Perform the following steps to configure email filters for inbound Internet mail. 70 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and click Email Filters. 5. To create a filter: a. Click a type of filter: Table 17. Types of filters Filter type Address Filter Description Use to filter by sender address. To allow or block email for a specific user, type the user's address, for example, branney@renoations.com. To allow or block email for multiple addresses in a domain, use an address expression that contains one or more asterisks (*), for example, *@renoations.com. To separate multiple address entries in a filter, type a comma (,) or press Enter. Each address or address expression must contain one at sign (@). Keyword Filter Use to filter by email category. The category that is currently supported is newsletter, which filters newsletters and other automated email. You can enable one newsletter filter. By default, the serice deliers newsletters to the Inbox. b. Click a deliery option. Table 18. Filter deliery options Filter deliery option Allow Filter Block Description Delier mail that matches the filter to the Inbox. Delier mail that matches the filter to the Junk folder. Preent deliery of mail that matches the filter. c. Click OK. 6. To control the deliery of mail that matches the serice spam filter, click System Filter, click Edit, and then click Allow, Filter, orblock. By default, the serice blocks mail that matches the spam filter. Chapter 4. Configuring the serice 71
Note: The Allow option is intended for companies that apply their own filtering software to mail before it is routed to the serice. 7. If you configure more than one filter, drag them or use the arrows to order them by precedence. The serice ealuates the list of filters from top to bottom. The first filter that matches a particular message is applied to it, and that message is not ealuated further. 8. Click Sae Changes. Results The changes take effect immediately. Effort is taken to aoid the inclusion of legitimate email such as order and flight reseration confirmations, inoices, or other mail lists in the newsletter filter. Howeer, if users consider an email that matches the newsletter filter or another filter to be legitimate, and you configure the filter to delier matching email to the Junk folder, users can use the Remoe Sender from Junk List option. Selecting this option deliers future email from a sender to the Inbox. Example The following table proides examples of addresses that match and do not match rules in address filters. Table 19. Examples of matching and non-matching addresses Address rule Matching addresses Non-matching addresses branney@renoations.com branney@renoations.com b.ranney@renoations.com branney@ny.renoations.com *ranney@renoations.com *.ranney@renoations.com *@renoations.com *@*.renoations.* ranney@renoations.com branney@renoations.com b_ranney@renoations.com wm.ranney@renoations.com b.ranney@renoations.com wm.ranney@renoations.com branney@renoations.com s.daryn@renoations.com asingh@bos.renoations.com cfield@ny.renoations.com asingh@bos.renoations.net cfield@ny.renoations.us branney@ny.renoations.com b.ranney@ny.renoations.com branney@renoations.com b_ranney@renoations.com asingh@bos.renoations.com cfield@ny.renoations.com branney@renoations.com s.daryn@renoations.com The following table proides an example filter configuration that blocks spam and then blocks the deliery of email that is sent from asingh@bos.renoations.com and cfield@ny.renoations.com. Table 20. Example of filter configuration that blocks spam and then blocks email from specific addresses Number Filter name Rule Action 1 Spam: System Filter Spam as defined by the serice Block 2 Addresses: Two renoations addresses asingh@bos.renoations.com cfield@ny.renoations.com Block 72 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
The following table proides an example filter configuration that blocks spam, then blocks email from any subdomain of renoations.com (for example, email from cfield@ny.renoations.com but not branney@renoations.com), and then allows newsletters to be deliered to the Junk folder. Table 21. Example of filter configuration that blocks spam and blocks email from a subdomain and allows newsletters Number Name Rule Action 1 Spam: System Filter Spam as defined by the serice Block 2 Addresses: Renoations subdomains *@*.renoations.com Block 3 Keywords: Newsletters Newsletters as defined by the serice Filter (delier to Junk folder) The following table proides an example filter configuration that blocks email from branney@renoations.com and s.daryn@renoations.com, then allows all other email from the renoations.com domain, and then deliers spam to the Junk folder. Email from renoations.com that matches the spam filter is deliered to the Inbox because in this case processing stops after the second filter is applied. Table 22. Example of filter configuration that blocks email from specific addresses in a domain, allows other addresses in the domain, and then deliers spam to the Junk folder. Number Filter name Rule Action 1 Addresses: Two renoations addresses branney@renoations.com s.daryn@renoations.com Block 2 Addresses: Renoations *@renoations.com Allow (delier to Inbox) 3 Spam: System Filter Spam as defined by the serice Filter (delier to Junk folder) Enabling Junk Mail Reports Enable Junk Mail Reports to send users periodic email reports that list the messages that were recently added to the Junk folder. Before you begin Optionally customize the text in Junk Mail Reports by deploy a custom mail template. About this task Junk Mail Reports report messages that the serice deliers to the Junk folder. For example, if you configure the newsletter filter to delier newsletter-type email to the Junk folder, the newsletter emails are reported. Junk Mail Reports also report messages that users moe to the Junk folder, either manually or through other means such as mail rules. Junk Mail Reports list and link to messages added to the Junk folder since the last report. Reports identify messages by deliery date and time, sender, and subject. Reports include the following introductory paragraph, by default: The following messages hae recently been put in the Junk folder. From the Junk folder you can moe messages to your Inbox, delete them, or remoe senders from the junk list. Chapter 4. Configuring the serice 73
You configure how frequently to send reports. Reports can be sent as frequently as eery hour or as infrequently as once a week. All users receie Junk Mail Reports, regardless of the client they use. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Email Filters. 6. Select Send periodic junk mail reports to all users. 7. Specify a reporting interal, in hours. You can specify a alue from 1 hour to 168 hours (once a week). 8. Click Sae Changes. Related tasks: Customizing the text in Junk Mail Reports If you enable periodic Junk Mail Reports to be sent to users, you can optionally use a custom Notes mail template to translate or customize the text in the reports. This custom template can be applied to the mail file of any SmartCloud Notes user, regardless of the client used. Customizing the text in Junk Mail Reports If you enable periodic Junk Mail Reports to be sent to users, you can optionally use a custom Notes mail template to translate or customize the text in the reports. This custom template can be applied to the mail file of any SmartCloud Notes user, regardless of the client used. Before you begin Understand the process for deploying customized mail templates. For information, see the topic Preparing to use custom mail file templates on page 61. About this task To customize the text in Junk Mail Reports, you use IBM Domino Designer to add a hidden form, (JunkReport), to the mail template. Then you add customized text strings to the form. This form is used only to generate the custom text and is not displayed to users. Customizing the mail template requires a short serice contract with an IBM Software Serices for Collaboration representatie. The representatie alidates the design changes you make and then uploads the approed template to the serice for you to use. The IBM representatie proides a custom Notes 8.5.3 template, mail85_esm1018.ntf, that has the required design changes. You can use the template as a reference and copy design elements from it. If you do not customize the text in Junk Mail Reports, the English default text is used. Note: The following procedure assumes that you customize a Notes 8.5.3 template. You can customize a different ersion of the template as long as it is for a ersion 74 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
of Notes that the serice supports. The procedure to customize a different ersion of the template might be slightly different. Procedure 1. Download the mail template to use as the starting point for making the design changes: If you do not currently used a custom ersion of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Standard Mail Templates, browse the list of templates and select the StdR85Mail template for ersion 8.5.3 in the desired language, and click Download. If you currently use a custom ersion of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Custom Mail Templates, select the custom template, and click Download. 2. From Domino Designer, open the mail85_esm1018.ntf template gien to you by the IBM representatie. 3. Double-click Forms. 4. Right-click (JunkReport) and click Copy. 5. Open the 8.5.3 mail template that you downloaded from the serice. 6. Double-click Forms. 7. Right-click anywhere in the list of forms and click Paste to add the (JunkReport) form. 8. When asked if you want the form to be automatically updated, click No. 9. Perform the following steps to customize or translate each text field in the form: a. Double-click the (JunkReport) form. b. Click a text field and edit the default alue shown in the programmer pane. Expand the programmer pane if you do not see it. Keep quotations marks (") around the text. The following table describes the text fields that you can customize. Table 23. Text fields to customize in a Junk Mail Report Text to customize Default text Text field Label for the subject of the report Junk Mail Report junktitlelabel Introductory text in the report Label for the sender of each reported email. Label for the subject of each reported email. The following messages hae recently been put in the Junk folder. From the Junk folder you can moe messages to your Inbox, delete them, or remoe senders from the junk list. Sender Subject JunkGreetingLabel JunkGreetingLabel2 Each field has a 256-character limit. Use JunkGreetingLabel2 if your text exceeds 256 characters. The content of the two fields is concatenated without a space. Add a space if necessary. junksenderlabel junksubjectlabel Chapter 4. Configuring the serice 75
Table 23. Text fields to customize in a Junk Mail Report (continued) Text to customize Default text Text field Label for the document link to each reported email Link to email in the Junk folder junkdoclinklabel 10. Click File > Sae. What to do next Submit the customized 8.5.3 template to an IBM Software Serices for Collaboration representatie to alidate the template and then upload the approed template to the serice. After the custom template is uploaded, you can apply it to users. Related information: IBM Software Serices for Collaboration web page Customizing the Remoe Sender from Junk List action for Notes users You can customize the Remoe Sender from Junk List option for IBM Notes users. The customized option allow users to oerride email filters that delier mail to the Junk folder, on a per-sender basis. About this task This feature is useful if your email filter configuration causes mail to be deliered to the Junk folder. The feature requires a custom mail file template. The design changes apply only to Notes users. The feature is automatically aailable to web client users. The feature is not aailable to users who access mail through IMAP clients or mobile deices. Customizing the mail template requires a short serice contract with an IBM Software Serices for Collaboration representatie. The representatie alidates the design changes you make and then uploads the approed template to the serice for you to use. The IBM representatie proides a custom Notes 8.5.3 template, mail85_esm1018.ntf, that has the required design changes. You can use the template as a reference and copy design elements from it. Note: The following procedure assumes that you customize a Notes 8.5.3 template. You can customize a different ersion of the template as long as it is for a ersion of Notes that the serice supports. The procedure to customize a different ersion of the template might be slightly different. The following table compares the junk mail feature in the standard 8.5.3 template to the feature in the customized template. 76 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 24. Comparison of the standard template and the custom template Task Remoe selected email from the Junk folder and delier future mail from the sender to the Inbox. Remoe addresses from the list of addresses whose mail is sent to the Junk folder. Steps when the standard template is used 1. From the Junk folder, click More > Remoe sender from Junk list. 2. At the prompt Do you want to remoe sender from the Junk Mail List?, click Yes. These steps do not affect filtered email that the serice deliers to the Junk folder. From the Junk folder, click the Manage Junk Mail Sender s List action. Steps when the custom template is used 1. From the Junk folder, click the Remoe sender from Junk list action. 2. At the prompt Do you want to stop sending mail from this user to the Junk folder? sender, click Yes. These steps do affect filtered email that the serice deliers to the Junk folder. From the Junk folder, click More > Manage Junk Mail Sender s List. Procedure 1. Download the mail template to use as the starting point for making the design changes: If you do not currently used a custom ersion of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Standard Mail Templates, browse the list of templates and select the StdR85Mail template for ersion 8.5.3 in the desired language, and click Download. If you currently use a custom ersion of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Custom Mail Templates, select the custom template, and click Download. 2. Add the (AllowUser) subform: a. From Domino Designer, open mail85_esm1018.ntf. b. Double-click Shared Elements > Subforms. c. Right-click (AllowUser) and click Copy. d. Open the 8.5.3 mail template. e. Click Shared Elements > Subforms. f. Right-click and select Paste. g. When asked if you want the subform to be automatically updated, click No. h. Optional: To translate the text displayed by this subform, double-click the (AllowUser) subform and in the field dsptxt in the programmer pane, change the content of the sentencetxt: ariable. i. Click File > Sae. 3. Modify the (JunkUser) subform: a. From the 8.5.3 mail template, double-click Shared Elements > Subforms. b. Double-click (JunkUser). c. For consistency, in the static text string, change Junk Mail Folder to Junk folder. The status text then becomes: Mail from this address will be deliered directly to your Junk folder. d. Click File > Sae. 4. Import a modified ersion of the blockuserrule script library: Chapter 4. Configuring the serice 77
a. Click File > Preferences, click Domino Designer > LotusScript Editor, clear the Use Eclipse-based LotusScript editor setting, and click Apply and OK. b. Open mail85_esm1018.ntf. c. Double-click Code > Script Libraries. d. Double-click the BlockUserRule library. e. Click once in the programmer pane next to the line that reads Option Public. f. Click File > Export. g. In the File Name box, type c:\library.lss and click Export. h. When prompted, click All objects and click OK. i. Open your 8.5.3 mail template. j. Double-click Code > Script Libraries. k. Double-click the blockuserrule library. l. Click once in the programmer pane next to the line that reads Option Public. m. Look at the Use "Rules" text after Option Public. If the text includes a language tag, write down the text or copy it to the clipboard. Examples of text with language tags are Use "Rules-GR" or Use "Rules_el_translated". n. Click File > Import. o. In the File Name box, type c:\library.lss and click Import. p. When prompted, click YestoAll. q. If you wrote or copied rules text containing a language tag in step 3m, replace the Use "Rules" text with rules text containing the language tag. r. Click the ESC button on your keyboard and click Yes to sae the changes. s. Click Tools > Recompile All LotusScript and click OK. t. When compiling is complete, click OK. The compiling takes a few minutes. 5. Optional: If your template is not the English ersion, perform the following steps to translate text strings in the updated blockuserrule script library: a. Open the blockuserrule script library. b. Click the (Declarations) eent. c. Find the text Function GetString. d. Translate all the strings under that function. e. Click File > Sae. 6. Delete the existing Not Junk Mail action from the ($JunkMail) folder; the action is not currently used: a. Open the 8.5.3 mail template. b. Double-click Folders and double-click ($JunkMail). c. In the Actions pane, right-click Not Junk Mail and click Delete. 7. Change the location of the Remoe sender from Junk List action: a. In the 8.5.3 mail template, double-click the ($JunkMail) folder. b. Click the More action to expand it. c. Drag the Remoe sender from Junk List action and place it directly below the Delete All action, as shown in the following screenshot: 78 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
8. Change the location of the Manage Junk Mail Sender s List action in the ($JunkMail) folder: a. Drag the Manage Junk Mail Sender s List action to the More menu, directly below the double bar, as shown in the following screenshot: 9. Click File > Sae to sae the modified ($JunkMail) folder. What to do next Submit the customized 8.5.3 template to an IBM Software Serices for Collaboration representatie to alidate the template and then upload the approed template to the serice. After the custom template is uploaded, you can apply it to users. Related tasks: Preparing to use custom mail file templates on page 61 You can apply a custom mail file template to mail files of serice users. The template must meet design requirements that minimize the risk and impact to your users and to the serice. You submit the template for approal to an IBM Software Serices for Collaboration representatie. Related information: IBM Software Serices for Collaboration web page Enabling the Report as Spam feature Enabling the Report as Spam feature proides users with a menu option for reporting spam. About this task Because the nature of spam changes frequently, forms of new spam can slip past the spam filters in the serice and be deliered to a user. If you enable the Report as Spam feature, users can report spam by selecting the spam email and clicking More > Report as Spam. The message is reported and then moed to the Junk folder. A user can click More > Delier Sender's Mail to Junk to ensure that mail from the sender of the spam is automatically deliered to the Junk folder in the future. Chapter 4. Configuring the serice 79
The serice ealuates reported spam to determine whether to include it in the list of spam filters. Reporting spam can help reduce its occurrence in the future. The serice does not treat newsletters and eent initations as spam. To enable the Report as Spam feature for web client users, use SmartCloud Notes Administration. To enable the feature for IBM Notes users, use a custom Notes mail template. The Report as Spam feature is not aailable to users who access mail through IMAP clients or mobile deices. Users can report spam without using the Report as Spam feature by saing a message as an.eml file and mailing the file to a specific address in the serice. Enabling the Report as Spam feature for web client users: Use a setting in SmartCloud Notes Administration to enable the Report as Spam feature for web client users. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Email Filters. 6. Select Display Report as Spam control to end users. 7. Click Sae Changes. Results Web client users can see the More > Report as Spam option the next time they log in to the serice. Enabling the Report as Spam feature for Notes users: You can enable the Report as Spam feature for IBM Notes users through the use of a custom Notes mail template. About this task Customizing the mail template requires a short serice contract with an IBM Software Serices for Collaboration representatie. The representatie alidates the design changes you make and then uploads the approed template to the serice for you to use. The IBM representatie proides a custom Notes 8.5.3 template, mail85_esm1018.ntf, that has the required design changes. You can use the template as a reference and copy design elements from it. Note: The following procedure assumes that you customize a Notes 8.5.3 template. You can customize a different ersion of the template as long as it is for a ersion of Notes that the serice supports. The procedure to customize a different ersion of the template might be slightly different. 80 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Procedure 1. Download the mail template to use as the starting point for making the design changes: If you do not currently used a custom ersion of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Standard Mail Templates, browse the list of templates and select the StdR85Mail template for ersion 8.5.3 in the desired language, and click Download. If you currently use a custom ersion of the standard Notes 8.5.3 mail template, from SmartCloud Notes Administration, click Mail Templates, click Custom Mail Templates, select the custom template, and click Download. 2. From Domino Designer, open mail85_esm1018.ntf. 3. If the action pane is not open, click View > Action Pane. 4. Click Code and double-click Shared Actions. 5. Right-click the Report as Spam.. action and click Copy. 6. Open the 8.5.3 mail template that you downloaded from the serice. 7. Paste the Report as Spam action into your mail template: a. Click Code and double-click Shared Actions. b. Click anywhere in the list of shared actions and click Paste. 8. Insert the Report as Spam action into the ($Inbox) folder: a. Click Folders and double-click ($Inbox). b. In the action pane, expand More and right-click Views-Delier Sender's Mail to Junk. c. Click Insert Shared Action. d. Select Report as Spam.. and click Insert. e. Click File > Sae. 9. Insert the Report as Spam action into the ($JunkMail) folder: a. Click Folders and double-click ($JunkMail). b. In the action pane, expand More and right-click Views-Delier Sender's Mail to Junk. c. Click Insert Shared Action. d. Select Report as Spam.. from the list, click Insert, and click Done. e. Click File > Sae. 10. Insert the Report as Spam action into the ($All) (All Documents) iew: a. Click Views and double-click ($All). b. In the action pane, expand More and right-click Views-Delier Sender's Mail to Junk. c. Click Insert Shared Action. d. Select Report as Spam.. from the list, click Insert, and click Done. e. Click File > Sae. 11. Copy the (ReportSpam) agent to the 8.5.3 mail template: a. From mail85_esm1018.ntf, click Code and double-click Agents. b. In the list of agents, right-click (ReportSpam) and click Copy. c. From the 8.5.3 mail template, click Code and double-click Agents. d. Right-click anywhere in the list of agents and click Paste. e. When asked if you want the agent to be automatically updated, click No. Chapter 4. Configuring the serice 81
f. Optional: To translate the agent, double-click the agent and translate the English text in the following statements in (Declarations): SUBJECT_VALUE PROMPT_TITLE PROMPT_MESSAGE_SINGLE PROMPT_MESSAGE_MULTI MSG_SUCCESS MSG_SUCCESS_MOVED MSG_CANCEL MSG_ERR_SEND g. Click File > Sae. What to do next Submit the customized 8.5.3 template to an IBM Software Serices for Collaboration representatie to alidate the template and then upload the approed template to the serice. After the custom template is uploaded, you can apply it to users. Related tasks: Preparing to use custom mail file templates on page 61 You can apply a custom mail file template to mail files of serice users. The template must meet design requirements that minimize the risk and impact to your users and to the serice. You submit the template for approal to an IBM Software Serices for Collaboration representatie. Related information: IBM Software Serices for Collaboration web page Reporting spam without the Report as Spam feature If you do not enable the Report as Spam feature, you can proide these instructions to users for reporting spam manually. Procedure 1. Perform one of the following steps to sae the spam message as an.eml file: From the web client, select the spam message, click More > Show MIME Full, select all, copy the entire contents to a text file, and sae the file with the extension.eml. From the Notes client, drag the spam message to the desktop. The message is automatically saed as an.eml file. 2. Attach the.eml file to a new message. 3. Mail the new message to one of the following addresses: If you want to receie a confirmation email from the serice, mail the message to spam.smartcloud.feedback@kassel.ibm.com. If you do not want to receie a confirmation email from the serice, mail the message to spam.smartcloud@kassel.ibm.com. Enabling busytime details in calendars You can enable IBM Notes users and web client users to see busytime details in calendars. 82 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
About this task If you enable this feature, when users schedule a meeting or use a group calendar, they can click a block of busytime in someone's calendar to see details about the calendar entry. Users can see calendar details only if users grant them this access to their calendars. The following types of detailed information can be seen: Type of calendar entry, for example, meeting or appointment Optionally assigned calendar category Meeting chair Location Room This feature is disabled, by default. When it is disabled, users can still see the blocks of time when users are busy, they just cannot see details about those blocks of time. Complete the following steps to enable busytime details. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings. 5. Click Email & Calendar Options. 6. In the Calendar Details section, select Enable calendar detail collection. Results When Notes client users and web client users schedule a meeting or use a group calendar, they can click a block of busytime in a calendar to see details if they are gien the access to do so. Users control who can see their calendar information and whether detailed calendar information is isible or only users' aailability. To control access to their calendars, web client users click Preferences > Delegation > Schedule. Notes users click More > Preferences then Access and Delegation > Access to Your Schedule. Configuring instant messaging Use the Instant Messaging settings in IBM SmartCloud Notes Administration to specify whether to enable an instant messaging community in clients automatically. Instant messaging enables users to chat with and see the aailability of other users in the serice. You can automatically enable use of the serice instant messaging community. For web users, you can automatically enable an on-premises IBM Sametime community managed by your company. About this task By default, web users automatically connect to the instant messaging community in the serice if the Enable instant messaging preference is selected on the client. By default, IBM Notes 8.5.2 or later clients automatically connect to the instant messaging community in the serice if the clients are installed with the Sametime (integrated) option. Users are also logged on to the community automatically. Chapter 4. Configuring the serice 83
You can change the default setting and allow web users to instead connect automatically to an on-premises Sametime community at your company site. You must use a Sametime Proxy Serer 8.5.2 (IFR1 or later) and configure it to support this capability. Notes clients can also connect to an on-premises community if you configure the clients to connect to the community yourself. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings 5. Click Instant Messaging. 6. In the Instant Messaging Integration window, select an option described in the following table and then click Sae. If you switch from one option to another, the serice pushes the change to the clients immediately. Table 25. Instant messaging configuration options Option Result - web users Result - Notes Enable the serice instant messaging community for IBM Notes and SmartCloud Notes web users Web users are logged on to the serice instant messaging community if they perform the following steps from the Inbox: 1. Click More > Preferences 2. Under Instant messaging, select Enable instant messaging. Multiple communities are not supported. Notes users who use Notes 8.5.2 or later installed with the Sametime (integrated) option are logged on to the serice instant messaging community. The connection to the serice community oerwrites any pre-existing embedded connection to an on-premises Sametime community. Notes 8.5.1 clients are not affected by this option. To enable them to access the serice instant messaging community, manually configure the clients to connect to the community. Enable an on-premises IBM Sametime community for SmartCloud Notes web users Web users can connect to an on-premises Sametime community managed by your company after you configure the on-premises enironment. Notes users can use instant messaging, but you must configure the clients manually to connect to communities. Disable instant messaging integration Web users cannot use instant messaging. Notes users can use instant messaging, but you must configure the clients manually to connect to communities. 84 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Configuring the web client to connect to an on-premises Sametime community Complete this procedure to configure IBM SmartCloud Notes web clients to connect to an IBM Sametime community at your company site. Before you begin The following Sametime serer components must be installed on-premises. For instructions, see the Sametime documentation. Sametime Serer 8.0.2, or Sametime Community Serer 8.5 or later. For installation instructions, see the Sametime documentation. Sametime Proxy Serer 8.5.2IFR1. For installation instructions, see the Sametime documentation. The Sametime Proxy Serer requires the latest hot fix, which is aailable on IBM Fix Central. The hot fix includes installation instructions. This link retriees the list of fixes for Sametime 8.5.2 IFR1 for all operating systems; find the latest fix for the Sametime Proxy Serer on the operating system you use. Note: The Sametime System Console is not used in this deployment. About this task Allowing the web client to connect to the on-premises Sametime community requires that users be able to access the Sametime Proxy Serer from the same location where they access SmartCloud Notes. If your organization chooses to restrict access to the Sametime Proxy Serer to users inside the corporate network, then all users must connect to that corporate network in order to access Sametime functionality in SmartCloud Notes. If your organization wants to allow users to access Sametime functionality in SmartCloud Notes from locations outside the corporate network, you must ensure that requests to https://serer_name:port_number/ are correctly forwarded to the Sametime Proxy Serer, regardless of where they originate. To support external connections, the following requirements must be satisfied: Serer_name must be listed in the public DNS (domain name serer). The firewall must allow connections to Serer_name on Port_number. You must create network routes that allow connections to reach the Sametime Proxy Serer. Procedure 1. Configure the on-premises Sametime Proxy Serer to allow connections from the SmartCloud Notes domain by completing the following steps: a. On the computer where the Sametime Proxy Serer is installed, open the stproxyconfig.xml file that is stored in the deployment manager's profile: The deployment manager's stproxyconfig.xml file is typically located in the following directory: WebSphere_AppSerer_install_root/profiles/Deployment_Manager_Profile_Name/ config/cells/cell_name/nodes/node_name/serers/stproxyserer/ For example, on IBM AIX or Linux: /opt/ibm/websphere/appserer/profiles/dmgr/config/cells/stproxycell1/nodes/ STProxyNode1/serers/STProxySerer On Microsoft Windows: Chapter 4. Configuring the serice 85
C:\Program Files\IBM\WebSphere\AppSerer\profiles\dmgr\config\cells\ STProxyCell1\nodes\STProxyNode1\serers\STProxySerer b. In the stproxyconfig.xml file, look for the closing </serer> tag and add the following statement immediately after it: <domainlist>your_organization_domain_name,smartcloud_notes_domain_name </domainlist> Specify your own organization's domain name for Your_organization_domain_name. To determine the SmartCloud Notes domain your company uses, open the Inbox and look at the domain name that is shown in the browser URL. For example, in the following browser URL, the SmartCloud Notes domain is notes.na.collabser.com: https://mail.notes.na.collabser.com/liemail/inotes/mail/?opendocument Note: The serer, mail, is not part of the domain name. Specify one of the following alues for the SmartCloud_Notes_domain_name: If you use the North America data center: notes.na.collabser.com If you use the Asia Pacific data center: notes.ap.collabser.com For example, if the Renoations company uses the North America data center, the statement looks like the following line: <domainlist>renoations.com,notes.na.collabser.com</domainlist> c. Copy the new statement so you can use it again, and then sae and close the file. d. On the same computer, open the copy of the stproxyconfig.xml file that is stored in the Sametime Proxy Serer's profile: The Sametime Proxy Serer node's copy of stproxyconfig.xml file is typically located in the following directory: WebSphere_AppSerer_install_root/profiles/Sametime_Proxy_Profile_Name/ config/cells/cell_name/nodes/node_name/serers/stproxyserer/ For example, on IBM AIX or Linux: /opt/ibm/websphere/appserer/profiles/stpappprofile/config/cells/ STProxyCell1/nodes/STProxyNode1/serers/STProxySerer On Microsoft Windows: C:\Program Files\IBM\WebSphere\AppSerer\profiles\STPAppProfile\config\ cells\stproxycell1\nodes\stproxynode1\serers\stproxyserer The Sametime Proxy Serer's path looks ery similar to the deployment manager's path, but references the Sametime_Proxy_Profile_Name instead of the Deployment_Manager_Profile_Name. e. Add the same new statement to the Sametime Proxy Serer's copy of the stproxyconfig.xml file (after the closing </serer> tag as before), and then sae and close the file. f. Restart the Sametime Proxy Serer. 2. If web clients do not hae VPN access to the Sametime Proxy Serer, proide external access to the serer. 3. If your Sametime serer restricts access to certain types of clients, allow access to web clients by adding the following alue to the VPS_ALLOWED_LOGIN_TYPES setting in the [Config] section of the sametime.ini file: 14A4 For more information, see Technote 1114318. 4. Complete the following steps to enable the serice to connect to the on-premises community: a. Log on to the serice as an administrator. 86 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
b. Click Administration > Manage Organization. c. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. d. Click Account Settings. e. Click Instant Messaging. f. Click Enable an on-premises IBM Sametime community for SmartCloud Notes web users. g. Proide the Sametime Proxy Serer URL, for example, https:// stproxy01.renoations.com. 5. Instruct Internet Explorer users to modify the browser trusted sites list as follows: a. Click Tools > Internet Options b. Click Security. c. In the Select a Zone to iew or change security settings section, click Trusted sites and then click Sites. d. Add the following sites to the Websites box: *.lotuslie.com *.collabser.com In addition, add the Sametime Proxy Serer URL, for example: https://stproxy01.renoations.com. 6. Instruct users to complete the following steps from their SmartCloud Notes web Inbox: a. Click More > Preferences b. Click Instant messaging > Enable instant messaging. Related information: Sametime documentation Manually configuring Notes clients to connect to the serice instant messaging community If you performed the procedure Configuring instant messaging and selected the option Enable an on-premises IBM Sametime community for SmartCloud Notes web users or the option Disable instant messaging integration, IBM Notes clients are not configured automatically to connect to the instant messaging community in the serice. This topic describes how to configure Notes clients to connect to the serice instant messaging community yourself if you selected either of these options. Before you begin Notes must be installed with the Sametime (integrated) option selected. About this task Perform this procedure for any of the following reasons. You want to allow Notes 8.5.1 clients to connect to the serice instant messaging community. You want to allow Notes clients to connect to an on-premises Sametime community and to the serice instant messaging community. You will configure the serice instant messaging community as a secondary community. Chapter 4. Configuring the serice 87
Note: To proide dual-community enablement, the on-premises IBM Sametime serer must be configured to support IBM Sametime Standard clients. You must purchase the Sametime Standard license separately, as the SmartCloud Notes entitlement supports IBM Sametime Entry only. You want to allow some, but not all, Notes 8.5.2 or later clients to connect to the serice community as the primary community. If you want all Notes 8.5.2 or later clients to connect to the serice instant messaging community as the primary community, instead perform the procedure Configuring instant messaging and select the option Enable the serice instant messaging community for IBM Notes and SmartCloud Notes web users. Perform the following steps to configure a Notes client to connect to the serice instant messaging community. Procedure 1. Start Notes. 2. Click File > Preferences. 3. Click Sametime. 4. Click Serer Communities. 5. Perform the following steps to add the serice instant messaging community to the sidebar: a. Click Add New Serer Community. b. Complete the fields in the Add Sametime Serer Community window as described in the following table, and then click OK. Tab Field Field alue Not applicable Serer community type Sametime Not applicable Serer community name Proide a name that identifies the new community. Log in User name Serice login name, for example, sdaryn@renoations.com Log in Password SmartCloud Notes web logon password Do not specify the Notes client login password. Log in Use token based single Do not select sign on Serer Host serer im.na.collabser.com (if your company uses the North American data center) im.ap.collabser.com (if your company uses the Asia Pacific data center) im.ce.collabser.com (if your company uses the European data center) Serer Serer community port 1533 88 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Tab Field Field alue Serer Send keep alie signal after the following number of seconds 60 (default) Connection Connection Direct connection (default) Options Use this serer for Select (default) awareness status lookup Options Use canonical names for status lookup Do not select (default) 6. If the client also connects to an on-premises community, make sure the serice community is not the default community. 7. Click OK to sae your changes. Instant messaging features The table in this topic summarizes the instant messaging features that are aailable through the serice instant messaging community. Note: If IBM Notes clients connect to an on-premises IBM Sametime community and to the serice community, the ersion of Sametime that is used on-premises determines the features that are aailable for both communities. Table 26. Features supported by the serice instant messaging community Feature Aailable Not aailable Online presence status; aailability status icons; custom status message Automated geographic awareness Telephony status Set alerts when users are aailable; priacy lists, selectie do not disturb Business card display Primary, frequent, and recent contact list iews X The web client shows online presence status for names in the sidebar but not for names in documents or iews. This limitation does not apply if an on-premises Sametime community is used. X The name and email address are displayed but not other information, such as title and telephone number. X There is a 500-contact limit. Public groups are not supported. The web client supports only the primary contact list. X X X Chapter 4. Configuring the serice 89
Table 26. Features supported by the serice instant messaging community (continued) Feature Aailable Not aailable Initiate chats with users not X in your contact list Security-rich one-on-one text X chat and multi-way text chat. Rich text formatting; spell check; emoticons and emoticon palettes X Time and date stamps; chat history Log in to multiple communities Screen capture tool; file transfers Instant screen share Zero-download browser chat client Online meetings Voice and ideo Community collaboration features, such as instant polls, broadcast chats, and persistent group chat Mobile use Telephony integration X The web client does not support chat history. X Supported by Notes clients only. X Supported by Notes clients only. Note: To proide dual-community enablement, the on-premises IBM Sametime serer must be configured to support IBM Sametime Standard clients. You must purchase the Sametime Standard license separately, as the SmartCloud Notes entitlement supports IBM Sametime Entry only. X Supported by web clients only. X X X X X X Setting password expiration for Notes IDs For users who access the serice with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. 90 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Before you begin For information on how this feature interacts with the password synchronization feature, see Enabling password synchronization on page 33. About this task If users click File > Security > User Security, the Password must be changed by field does not show the password expiration date. Perform the following procedure to set password expiration for Notes IDs. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Click Password Management 5. Click Enable password expiration for IBM Notes clients. 6. Enter the number of days a password can be used before it expires. The minimum alue for this setting is 30 days; the maximum is 3650 days. Results When password expiration is first enabled, the passwords of all current users expire on a random basis after the expiration period, regardless of when the passwords were last changed. For example, if the expiration period is 90 days, all current users are prompted to change their passwords on a random basis when first authenticating after the 90-day expiration period. The passwords of new users also expire on a random basis after the expiration period. Users who are logged in when this setting becomes effectie are not prompted to change the password during the current login session. Users might experience a lag time of a few seconds between the time they change their password and authentication. This lag occurs while the updated ID is synchronizing with the ault. If the synchronization does not complete, authentication can fail. In that case, users can wait a few minutes, and then try again. If the synchronization continues to fail and the user cannot access the client, reset the Notes ID using SmartCloud Notes Administration. What to do next You might want to communicate the following information to your users: There is no warning that informs them that their password is about to expire. How often they will be prompted to reset their passwords. What to do if authentication fails after they change their passwords. Related tasks: Resetting passwords for Notes IDs on page 31 Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. Chapter 4. Configuring the serice 91
Enabling password synchronization When users change their serice login passwords, password synchronization enables the users to use the new passwords when they log in to the IBM Notes client. About this task Password synchronization benefits users who are actie users of both the web and Notes clients by allowing them to use one password for both clients. After you enable password synchronization, when users change their serice login passwords, the new passwords are added to the Notes ID files in the ID ault. Users can then use the new passwords the next time they log in to the serice from the Notes client. Password synchronization occurs wheneer users change their serice login passwords. Users can change the serice login passwords at any time through Connections Cloud My Account Settings. They also change the passwords: After they log in to the serice for the first time with temporary passwords; After they log in to the serice after an administrator resets their serice login passwords; After they log in to the serice when serice login password expiration is enabled and their passwords expire. Before you enable password synchronization, be aware of the following information: The feature does not apply to users who log in to the serice with a federated identity that your organization defines. Synchronization occurs in one direction: from the serice login password to the Notes ID password. Changing the Notes ID password does not change the serice login password. When serice login passwords change, Notes client users are not required to use the new passwords. Their old passwords remain alid until they use the new passwords to log in to the serice from the Notes client. Because the continued use of the old password preents ID synchronization with the ID ault, as a best practice, recommend to users that they use the new passwords on the Notes client. Synchronization occurs after Notes clients are connected to the serice. Notes client users can change their Notes ID passwords, either by choice or because you enable the Password Expiration setting in SmartCloud Notes Administration and their passwords expire. When Notes users change the Notes ID passwords, the serice login passwords do not change automatically. Howeer, users can use Connections Cloud My Account Settings to change the serice login passwords to match the new Notes ID passwords. If you enable password expiration for Notes IDs, a Notes ID password might expire before a user logs in to Notes with a new serice login password. In this case, the user can log in to the Notes client with the old Notes ID password but the user is prompted to change the password when opening mail or another application. At this point the user can proide the new serice login password. To enable password synchronization, complete the following procedure. 92 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes and then click Account Settings. 4. Click Password Management. 5. In the Password Synchronization section of the page, select Enable password synchronization. 6. Click Sae. Results When users change their serice login passwords, they can use the new passwords to log in to the Notes client. If users change the Notes ID password, the serice login password does not change automatically. What to do next Notify users that the feature is enabled. Recommend that when they change the serice login passwords that they use the new passwords to log in to the Notes client. Related tasks: Resetting serice login passwords on page 30 Users can reset their own serice login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset serice login passwords for any user at any time. Setting serice login password expiration on page 31 By default, serice login passwords do not expire. Enforcing a password expiration period helps ensure that passwords are changed frequently. Administrators can set a password expiration interal for all users. Related information: Federated identity management Logging actiity in journal files You can log different types of actiity in journal files that you then download from the serice. Before you begin Before you complete this procedure, you must request integration serer enablement from an IBM Connections Cloud customer serices representatie (CSR). When you do so, you proide an account identity to use to connect to the FTP site to download the journal files. You are notified when your enablement request is complete. For more information, see Requesting integration serer enablement in the Connections Cloud integration serer documentation. About this task The following types of journal files are aailable for Notes: Notes mail deliery, which records each email message that serice users send. Chapter 4. Configuring the serice 93
Notes client session, which records each attempt to log in to the serice from a Notes client to access an application such as mail or the company directory. The journal serice produces gzip-compressed journal files about eery 24 hours. You use an FTP client to download the journal files from the IBM Connections Cloud integration site. Files are remoed from the integration site after seen days. Journal files are aailable for other Connections Cloud serices, as well. For more information, see the Connections Cloud journaling documentation. After you are notified that your request for integration serer enablement is complete, complete the following steps to enable journaling through SmartCloud Notes Administration. Procedure 1. Log on to the serice as an administrator. 2. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 3. Click Account Settings. 4. Click Journaling Options. 5. Select any of the following options to specify the type of journal files to generate: Notes mail deliery Notes client sessions 6. Click Sae. What to do next You can begin downloading journal files in about 24 hours. Related information: Connections Cloud journaling documentation Downloading journal files You can begin to download journal files about 24 hours after you enable journaling. Before you begin Request integration serer enablement, then enable journaling options in SmartCloud Notes administration. For more information, see Logging actiity in journal files on page 93. Make sure that your corporate firewall allows outbound connections to the following hosts oer FTP port 990 and FTP PASV port range 60000-61000: North America data center: ftp.na.collabser.com Asia Pacific data center: ftp.ap.collabser.com European data center: ftp.ce.collabser.com 94 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Procedure 1. From an FTP client, specify the following connections settings: Setting Host Value If you use the United States data center: ftp.na.collabser.com If you use the Asia Pacific data center: ftp.ap.collabser.com If you use the European data center: ftp.ce.collabser.com Protocol FTP Port 990 Encryption Implicit FTP oer TLS User and password Account name and password that is used to connect to the FTP site. 2. Connect to the FTP host. 3. Change to the journal directory. 4. Select and download the following files: If you enabled Notes mail journaling, download files named <date>.notesmail.txt.gz If you enabled Notes client session journaling, download files named<date>.notes_nrpc_session.txt.gz. <date> is the file creation date. Related tasks: Configuring the firewall for outbound connections on page 17 Configure the firewall to allow outbound connections to the serice. Related information: Integration serer documentation Format of the Notes mail journal file A Notes mail journal file records each message that users send. File name The name of the compressed file that you download is <date>.notesmail.txt.gz, where <date> is the file creation date, in YYYY-MM-DD format. For example: 2012-12-23.NOTESMAIL.txt.gz. Syntax Each record in a Notes mail journal file conforms to the following syntax: date user name (id=customerid, customerid=customerid) performed ACTION [on object (type=type, id=objectid, name=name, customerid=customerid)] [targeted at (type=type, id=targetid, name=name, customerid=customerid)] with outcome OUTCOME [REASON][(EXTRA)] Each record in a journal file is contained in a single line. Parameters date Chapter 4. Configuring the serice 95
A date and time, for example, 2012-12-18T13:23:47+0000. One of the following alues is logged: The date and time that a user sends a message to another user at the company The date and time that a message failed to be deliered to a user at the company The date and time that a user sends a message to an external user at another company name The user s Notes name, if an internal user sends the message, for example, CN=Samantha Daryn/O=Renoations. An Internet email address, if an external user sends the message. customerid The unique number that identifies the company subscription in the serice. ACTION SENT_MAIL TYPE The type of object or target. The object type is always MAIL_MESSAGE. The target type is always RECIPIENT. OBJECTID The unique identifier of the mail message that is sent. name The name of the OBJECTID or the TARGETID. The name for the OBJECTID is always MAIL. The name for the TARGETID is the email address of the recipient. TARGETID The unique identifier for the recipient. This alue is always null because the email address specified in the name parameter uniquely identifies the recipient. OUTCOME The result of the action, either SUCCESS or FAILURE. If the outcome of an eent is FAILURE, the reason is gien. The reason is in uppercase and can be multiple words separated by underscores. For example: FAILURE USER_NOT_FOUND. EXTRA Contains the size of the message in kilobytes. Examples Note: The following example records are shown on multiple lines. In the journal file, each record is a single line. 1. Samantha Daryn sends a message to another internal user at the company, Allie Singh. Allie receies the message. 2012-12-30T19:03:01+0000 user CN=Samantha Daryn/O=Renoations (id=20076547, customerid=20076547) performed SENT_MAIL on object (type=mail_message, id=<off0ebf61d.5caad94f-on85257a 96 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
78.005C2BF7-85257A78.005C3063@LocalDomain>, name= MAIL, customerid=20076547) targeted at (type=recipient, id=, name= CN=allie singh/o=renoations@renoations.com, customerid=20076547) with outcome SUCCESS (size= 1 ) 2. Samantha Daryn sends a message to another internal user at the company, Allie Singh. Allie s name is not found in the directory and the message is not deliered. 2012-12-28T15:02:01+0000 user CN=Samantha Daryn/O=Renoations (id=20076547, customerid=20076547) performed SENT_MAIL on object (type=mail_message, id=<of0645eb2c.8b339fe8-on00257a9b.0054f723-00257a9b.0054f726@localdomain>, name= MAIL, customerid=20076547) targeted at (type=recipient, id=, name= CN=allie singh/o=renoations@renoations.com, customerid=20076547) with outcome FAILURE RECIPIENT NOT FOUND IN COMPANY DIRECTORY (size= 2 ) 3. Samantha Daryn sends a message oer the Internet to an external user, branney@zetabank.com. 2012-12-28T15:02:01+0000 user CN=Samantha Daryn/O=Renoations (id=20076547, customerid=20076547) performed SENT_MAIL on object (type=mail_message, id=<of8e758e11.39c4d326-on00257a9b. 00550042-00257A9B.00550046@LocalDomain>, name= MAIL, customerid=20076547) targeted at (type=recipient, id=, name= branney@zetabank.com, customerid=20076547) with outcome SUCCESS (size= 1 ) Format of the Notes client session journal file A Notes client session journal file records information about each IBM Notes client login session within the serice. File name The name of the compressed file that you download is <date>.notes_nrpc_session.txt.gz, where <date> is the file creation date, in YYYY-MM-DD format. For example: 2012-12-23.NOTES_NRPC_SESSION.txt.gz. Syntax Each record in a Notes client session journal file conforms to the following syntax: date user name (id=customerid, customerid=customerid) performed ACTION [on object (type=type, id=objectid, name=name, customerid=customerid)] [targeted at (type=type, id=targetid, name=name, customerid=customerid)] with outcome OUTCOME [REASON][(EXTRA)] Each record in a journal file is contained in a single line. Parameters date The date and time a Notes client user logs in to the serice or attempts to log in, for example, 2012-12-18T13:23:47+0000. name The user s Notes name, for example, CN=Samantha Daryn/O=Renoations customerid The unique number that identifies the company subscription in the serice. ACTION NRPC_SESSION Chapter 4. Configuring the serice 97
TYPE The type of object or target. The object type is always NRPC_SESSION. The target type is always USER. OBJECTID A unique session ID name The name of the OBJECTID or the TARGETID. The name for the OBJECTID is always NRPC_SESSION. The name for the TARGETID is the user s Notes name, for example, CN=Samantha Daryn/O=Renoations. TARGETID The unique identifier for the user. This alue is always null because the name parameter uniquely identifies the user. OUTCOME The result of the action, which is always SUCCESS. EXTRA The following information is proided: Number of databases accessed Number of documents that are read and written Time to connect to the serice, in seconds The client ersions being used Examples Note: The following example records are shown on multiple lines. In the journal file, each record is a single line. 1. Samantha Daryn logs in to the mail serer in the serice successfully from Notes. 2013-04-09T14:35:12+0000 user CN=Samantha Daryn/O=Renoations(id=20076547, customerid=20076547) performed NRPC_SESSION on object (type=nrpc_session, id=02e31600, name= NRPC_SESSION, customerid=20076547) targeted at (type=user, id=, name= CN=Samantha Daryn/O=Renoations, customerid=20076547) with outcome SUCCESS (DBs accessed= 1, docs read= 0, docs written= 0, connect time= 302, client ersion= 90010,) Configuring IMAP access You can allow users to access IBM SmartCloud Notes from third-party email clients using IMAP. By default, the option Disable IMAP for all users is selected, but you can enable it for all users. About this task After you enable IMAP access, serice users can configure their mail clients for IMAP access using information proided by the serice. The following IMAP clients are supported: Apple email Microsoft Outlook 2003, 2007 Thunderbird 98 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Account Settings and then click IMAP Email Access. 5. Select Enable IMAP for all users, and then click Sae. Results If you enabled IMAP for all users, then serice users can set up their IMAP clients for IMAP access to SmartCloud Notes mail. Related information: Setting up IMAP clients IMAP client limitations There are a few limitations when using an IMAP client to access IBM SmartCloud Notes. Folder limitations The following restrictions apply to folders used with IMAP: A single folder name cannot exceed 64 bytes. An unlimited number of nested folders is allowed, but the combined length of all nested folder names (including delimiters) cannot exceed 129 bytes. View limitations The serice proides IMAP clients access to folders in user mail files but not to iews. The Drafts, Sent, and Trash iews in mail files therefore are not aailable through IMAP clients. To work around this limitation, IMAP client users can create folders that correspond to these iews and put messages in the folders instead. IBM Notes or web client users must open these folders to see the messages in them. Return receipt The serice does not support the use of return receipts with IMAP clients. If you request a return receipt and the recipient opens the message using the IBM Notes or web client, no return receipt is generated. Chapter 4. Configuring the serice 99
100 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Chapter 5. Onboarding users Onboarding refers to all the steps that are done to get users up and running with mail files and mail serers in the cloud. Before you begin Before you onboard users, configure the serice and, optionally, customize settings. Deciding whether to use the Notes client IBM SmartCloud Notes web is the mail client that is aailable automatically to all IBM SmartCloud Notes users through a browser. Before you prepare to onboard users, decide whether you want them to use the optional IBM Notes client in addition to or instead of SmartCloud Notes web. About this task For the following reasons, many companies decide to use SmartCloud Notes web and not the Notes client: Users get access to new features automatically as they are aailable in the serice. IT departments sae money by aoiding the need to upgrade and maintain Notes clients. SmartCloud Notes web is easy to use and the interface is similar to that of recent ersions of IBM inotes and Notes. There might be little or no training needed. Most Notes clients features are aailable in SmartCloud Notes web. A recommended approach is to start all users in the serice with SmartCloud Notes web. After users become familiar with it, you hae a better sense of which users, if any, still need the Notes client. The following table describes some reasons to use the Notes client, as well as alternatie options. Table 27. Reasons you might use the Notes client Reason Users need access to IBM Domino applications on-premises. Users need access to mail when disconnected from the network. Considerations and alternaties The Notes Browser Plug-in is an alternatie option to the Notes client. This plug-in proides access to on-premises Notes applications through a browser. Currently, only the Notes client supports local, disconnected access to mail. Local mail file access is proided through managed mail replicas (in hybrid enironments) or standard local mail file replicas (in serice-only enironments). Before you choose the Notes client for this reason, consider that with the increased use of mobile deices, some users might no longer require offline access through notebooks or desktops. 101
Table 27. Reasons you might use the Notes client (continued) Reason Considerations and alternaties Internet connections are slow. In hybrid enironments, users with slow Internet connections, for example, users with limited bandwidth connections, see better performance if they use managed mail replicas on Notes clients. In serice-only enironments, these users benefit from using standard local mail file replicas on Notes clients. Users are starting with new mail files in the serice and want access to old mail archied on-premises. Users want features that are aailable only with the Notes client. In hybrid enironments, users want to manage (be delegates for) the mail files of on-premises users. Currently, accessing mail that is archied on-premises requires a Notes client. For a feature comparison, see the technote Comparison tables of features between IBM Notes, IBM inotes, and IBM SmartCloud Notes web. Managing on-premises mail files of users who are not proisioned for the serice requires the Notes client. Related information: Preparing for onboarding Technote: Comparison tables of features between IBM Notes, IBM inotes & IBM SmartCloud Notes web Notes Browser Plug-in IBM SmartCloud Notes client requirements To prepare for onboarding, complete these tasks to prepare users, clients, and mail files. Before you begin Before you prepare for onboarding, complete the following tasks: Chapter 4, Configuring the serice, on page 25 Deciding whether to use the Notes client on page 101 About this task Table 28. Tasks to prepare for onboarding Task Create a detailed proisioning schedule and require your project team to sign off on it. Why the task is important This step ensures that proisioning happens in planned stages that take into account factors such as pilot users, work schedules, geographic locations, and clients used. Additional information Delegates of mail files must proisioned to manage mail files of proisioned users. For more information see Mail file delegation on page 118. Complete? 102 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 28. Tasks to prepare for onboarding (continued) Task Prepare communications and training. Deelop a method to track proisioning. Request remoal of trial accounts. In hybrid enironments, if users will not use the IBM Notes client with the serice, erify that the users hae Notes ID files to which they or administrators hae local access. Customize mail file access. Familiarize yourself with password requirements for logging in to the serice Why the task is important This step allows for a smooth transition to the serice and reduces help desk calls. This step helps you understand at what stage users are at in the transition to the cloud and is also useful for proiding status reports to executie management. Proisioning can fail for users who hae trial accounts. Though not required,notes ID files enable users to sign email, read encrypted email, and to recall mail messages. ID files are typically required to enable administrators to change users' Notes names. This step is required if you want to allow people who are not the owners of mail files to access mail files without being delegates. Typically this access is proided by adding a customer-specific administrator group to mail file ACLs. The password requirements might be different from ones that are currently used in your on-premises enironment. Additional information Preparing communications and training on page 117 Contact Support to determine whether users at your company hae trial accounts. Preparing customized mail file ACLs on page 68 Password rules by authentication method on page 45 Complete? Chapter 5. Onboarding users 103
Table 28. Tasks to prepare for onboarding (continued) Task In hybrid enironments only, erify that users Person documents comply with serice requirements. (Optional) In hybrid enironments only, configure multiple Internet addresses for users (Optional) Ensure that a custom mail template is uploaded to the serice, if you plan to use one. (Optional) Set up batch user proisioning with the integration serer. Prepare for specific clients. Why the task is important This step helps to ensure a smooth transition to the serice. This step applies only if users hae more than one Internet email address, for example, if users hae two email addresses as a result of a company merger. You can apply the custom template during user proisioning so that users see the custom design when they first use the serice. This step allows you to use comma-separatedalue (CSV) files to proision batches of users. There are special considerations for each type of client that can be used with the serice. Additional information See Preparing to use custom mail file templates on page 61. See the section on user proisioning and identity management in the Integration serer documentation. Preparing for the web client Preparing for Notes Traeler deices on page 106 Preparing for Notes clients on page 108 Preparing for IMAP clients on page 114 Complete? Preparing for the web client Before you proision users who will access IBM SmartCloud Notes using the web client, prepare for the web client. Before you begin Read about the web client. 104 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
About this task Table 29. Tasks to prepare for the web client Task Prepare for onboarding. Reiew the supported browsers and browser ersions, decide which to use, and upgrade browsers if necessary. If users currently use IBM inotes, compare the features that are supported for SmartCloud Notes web. Assess network capacity. If the Notes client is used with shared login enabled, but the client won't be used in the cloud, disable the shared login feature before you proision users. (Optional) Deploy an extension forms file to customize the web client Why the task is important There are tasks to prepare that apply to all or most clients. Using a supported browser ersion ensures the best experience for your users. Most IBM inotes features are supported in the cloud. Making your users aware of the few differences can reduces help desk calls and improe user satisfaction. This step ensures that your site has the network capacity to support the number of web client users you plan to hae This step enables administrators or web client users to upload Notes ID files to the ault in the serice manually after proisioning. Use an extension forms file if you want to customize the isual theme, fonts, the action bar, and other aspects of the web client. Additional information Preparing for onboarding on page 102 SmartCloud Notes web requirements Technote: Comparison tables of features between IBM Notes, IBM inotes & IBM SmartCloud Notes web Network capacity for the web client on page 14 An ID enabled for shared login cannot be uploaded to the serice ID ault manually by a web client user or an administrator. It can only be uploaded automatically through the use of a Notes client. For more information on shared login, see the Securing section of the Domino documentation. Using extension forms files to customize the look of the web client on page 64 Complete? Chapter 5. Onboarding users 105
Table 29. Tasks to prepare for the web client (continued) Task Disable on-premises IBM inotes login redirection, if used. Why the task is important This step ensures that users are not redirected to their on-premises mail serers after the moe to the cloud. Additional information For information on Using inotes IBM inotes redirect, see the Domino documentation. An IBM Software Serices for Collaboration representatie can proide a custom redirector for cloud login. Complete? Preparing for Notes Traeler deices Before enabling users to use IBM Notes Traeler mobile deices with the serice, prepare your enironment and the deices. Before you begin Read about Notes Traeler deices. About this task Before you proision users with a Notes Traeler subscription, complete the tasks in the following table to prepare. Table 30. Tasks to prepare for Notes Traeler deices Task Prepare for onboarding. Ensure that your firewall configuration allows deices to access the serice oer WiFi. Reiew the Notes Traeler deice memory and operating system requirements. Why the task is important There are tasks to prepare that are not client-specific. Connections to hosts in the serice oer Port 443 are required for WiFi access. Using a mobile deice that complies with these requirements ensures the best experience for your users. Additional information Preparing for onboarding on page 102 Configuring the firewall for outbound connections on page 17 Notes Traeler requirements for the cloud. Complete? 106 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 30. Tasks to prepare for Notes Traeler deices (continued) Task If you plan to use BlackBerry 10 deices, first erify that your wireless carrier supports the minimum operating system leel that is required in the cloud. Enable cookies in deice browsers. Reiew Notes Traeler deice policy settings. Reiew deice limitations in the cloud. (Optional) Enable application passwords. Why the task is important Some carriers might not support the minimum required Blackberry 10 operating system leel. Cookies must be enabled to connect to the serice and to sync mail on deices. Be aware of policy settings that the serice enforces that might be different than your current settings. This step makes you aware of any changes that users might see after the moe to the cloud. This step is required only if your company enables full federated identity authentication and Android deices that run Notes Traeler 9.0.1.3 or a higher are not used. Additional information Notes Traeler requirements for the cloud. Notes Traeler deice settings Notes Traeler Troubleshooting, known limitations, and restrictions. Enabling application passwords on page 43 Setting up federated identity management on page 36 Complete? Notes Traeler deice settings The serice enforces the following deice settings. Deice passwords of at least 4 characters are required. Deice lockout occurs after 30 minutes of inactiity. There is no limit to the number of incorrect password attempts. On Android, Apple, Windows Tablet, and BlackBerry 10 deices, there is no size limit to attachments in receied emails. Attachments are always downloaded during deice syncs. On Windows Mobile deices, there is a 4 MB limit to attachments in receied emails. When the combined attachment size exceeds the limit, attachments are remoed from emails that are synced to the deice. Note: Windows Tablet requires a deice password of at least eight characters. The password must include at least three of the following types of characters: upper case, lower case, number, special character. Chapter 5. Onboarding users 107
Preparing for Notes clients Use of the IBM Notes client to connect to the serice is optional. If you want your users to use the Notes client, understand the steps to prepare. Before you begin Read about the Notes client on page 7 and decide whether to use it. About this task Skip this task is you do not plan to use the Notes client. Table 31. Tasks to prepare for the Notes client Task Prepare for onboarding. Compare the features that are supported for the on-premises client to the featured that are supported in the cloud. Why the task is important There are tasks to prepare that apply to all or most clients. Most features are also supported in the cloud, but there are some differences to be aware of. Additional information Preparing for onboarding on page 102 Technote: Comparison tables of features between IBM Notes, IBM inotes & IBM SmartCloud Notes web Complete? 108 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 31. Tasks to prepare for the Notes client (continued) Task Ealuate your currently deployed clients. If necessary, upgrade to newer ersions of the client. Why the task is important A ersion of Notes (Standard configuration) that is supported in the cloud is required. Additional information To ensure a smooth transition, leae plenty of time to complete client upgrades, and, if necessary, related hardware upgrades, before you proision users for the cloud. Complete? In hybrid enironments, configure managed mail replicas Assess network capacity Managed mail replicas are recommended to proide Notes users quick, local access to their mail when connected or disconnected from the serice. This step ensures that your site has the network capacity to support the number of Notes client users that will connect to the cloud. There are arious upgrade methods aailable, including desktop push technology, Notes Smart Upgrade, and end-user controlled upgrades.. Technote: SmartCloud Notes client requirements Upgrade Central: Planning your upgrade to IBM Notes and Domino 9.0 Social Edition Search for Using Notes Smart Upgrade in the IBM Domino documentation. Use an on-premises policy to configure managed mail replicas. Complete this step before you proision users so that you can resole any issues specific to this feature ahead of time. Network capacity for the Notes client on page 14 Chapter 5. Onboarding users 109
Table 31. Tasks to prepare for the Notes client (continued) Task (Optional) Use a custom mail file template to customize the mail file design. In hybrid enironments, reiew policy settings (Optional) In hybrid enironments, if you are not transferring mail files, export contacts, and calendar entries that hae future dates. (Optional) In hybrid enironments, if you are not transferring mail files, create mail archies on-premises before the moe to the cloud. Why the task is important If you prepare a custom mail file template in adance, you can apply the custom template during user proisioning so that users' first experience with the cloud is with the custom design. Be aware of policy settings that the serice enforces that might be different than your current settings. Also, optionally customize settings. After users moe to the cloud, they can import the contacts and calendar entries into their new mail files. Mail archies proide users with access to old mail content after the moe to the cloud. Note: Users cannot create local archies of their on-premises mail after the moe to the cloud. Additional information A short contract with IBM Software Serices for Collaboration is required to test and approe the template design. For more information on requirements and steps, see Preparing to use custom mail file templates on page 61. Exporting calendar entries allows users to sae calendar entries in local.ics files. After users are proisioned, they can import the files into their new mail files in the serice. Contacts are imported along with the saed calendar entries. For more information, see the topic about exporting and importing calendars in the Notes client help. You can use Domino policies to archie mail. For information, see the topic about understanding mail archiing and policies in the IBM Domino documentation. Alternatiely, you can use a third-party archiing application. Complete? 110 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 31. Tasks to prepare for the Notes client (continued) Task (Optional) Install the IBM Connections Actiity Plug-in Why the task is important If your company purchases a collaboration subscription, this step proides access to cloud Actiities from the Notes client sidebar. Additional information Connecting to cloud Actiities through the Notes client sidebar on page 113 Complete? How the Client Configuration tool configures the Notes client To set up the IBM Notes client for use with the serice, users download and run the Client Configuration tool (config.nsf) from their workstations. The tool performs the following configuration checks and tasks on the client. Checks for the following information: The client is a ersion supported for IBM SmartCloud Notes access. The config.nsf file contains information needed to perform the configuration. The downloaded data is less than 24 hours old. If it is older than 24 hours, an message informs users. They can continue to use the tool if they choose. Performs other small consistency tests, such as checking that the current Location document can be located. Creates a wildcard Connection document that the client will use to connect to a mail serer in the serice through the proxy serer in the serice. The serer name in the Connection is */your_certifier, where your_certifier is the name of the OU certifier you proided for your mail serers during serice configuration. If the user is already using the Notes ID that they will use in the serice, tests connectiity to their new mail serer on port 1352. If the tool needs to close the Notes client to force a download of the user ID file, it attempts to find an Offline location: If an Offline location is found, the tool switches to it to preent the client from doing a final replication when it closes. If no Offline location is found, the tool creates an Offline location (named Offline) for this purpose. If a location named Offline already exists, but is not suitable for configuration purposes, a the tool creates a location named Temporary location for cloud mail setup - safe to delete. Note: If the tool closes the Notes client for reasons other than to download the Notes ID an Offline location is not needed. Creates a Location document called SmartCloud for username, or updates it if it already exists and is incorrect. If the user has Connection documents (Contacts > Adanced iew) that restrict which locations can be used, and the list includes the current location, then the tool updates those connections to allow the cloud location document. This is necessary so that users can continue to access on-premises application serers using the new cloud location. Chapter 5. Onboarding users 111
If the user has Account documents (Contacts > Adanced iew) that restrict which locations can be used, and one of the locations is the current location, the tool updates the Account documents so that they can be used from the cloud location. If the user is not yet using the Notes ID file they will use in the serice, the tool sets the Notes client to download the new ID the next time the user logs in to the Notes client. This is done by assigning alues to the following Notes.ini settings: Location KeyFileName KeyFileName_Owner MailSerer MailFile ID VaultLastSerer ID VaultLastFlushTime Note: The IDVault settings are cleared. Then when the user logs in to the Notes client using the serice Notes ID, they are prompted to change their password (in most cases). When they do, the client immediately updates the Notes ID in the Connections Cloud ID ault. Depending on the configuration tasks that hae been completed at this time, the tool might shut down the Notes client. If so, a message informs the user, and proides instruction for what to do next (for example, restart Notes and enter the password for your SmartCloud Notes ID, to download the ID file). Again note that sometimes the shutdown is done for purposes other than downloading an ID file. Downloading Notes client software and other entitled software You can easily access the IBM Software Download Center to download IBM Notes and other software to which your company is entitled. Software entitlement is goerned by the serice Terms of Use and applicable License documents. About this task You can access the site if you hae the Administrator account role. You can use the site to download software before or after user subscriptions are actiated. To access the Download Center, complete the following steps: 1. Log in to the serice as an administrator. 2. Click Apps > Downloads and Setup. 3. In the Software Entitlements section, click View aailable software to get to the Download Center. 112 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
4. In the Software Downloads page, type the partial or full name of the entitled software in the Find by search text box. Then, click the search icon. Search filter options are aailable to narrow product results by language and operating system. For more information, see Technote 1674504. Related information: Technote 1674504 Connecting to cloud Actiities through the Notes client sidebar Users with collaboration subscriptions in addition to SmartCloud Notes subscriptions are automatically logged in to the cloud Actiities serer through the Actiities sidebar. About this task The Actiities sidebar must be installed on the client. To install the Actiities sidebar in Notes 8.5.2 or later 8.5x ersions, select the IBM Connections Notes installation option. Chapter 5. Onboarding users 113
To install the sidebar in IBM Notes 9.0 Social Edition or later ersions, install the IBM Connections Plug-ins. For more information, see the wiki article Where is the Actiities Sidebar for Notes 9.0 Social Edition? Actiities integration is not supported for Notes 8.5.1. Preparing for IMAP clients If you plan to use IMAP clients, complete these tasks to prepare. Before you begin Read about IMAP clients. About this task Table 32. Tasks to prepare for IMAP clients Task Prepare for onboarding. Verify that users hae a supported IMAP client installed. Be aware of the IMAP client limitations. Open the firewall ports that are required for IMAP access. Enable IMAP access in IBM SmartCloud NotesAdministration. Why this task is important There are tasks to prepare that apply to all or most clients. Using a supported client is required because it proides the best experience for users. This information can help with troubleshooting. Ports 993 and 465 must be open to allow connections to the serice ia IMAP. IMAP access is not enabled by default. Additional information Preparing for onboarding on page 102 IMAP client requirements IMAP client limitations Configuring the firewall for outbound connections on page 17 Configuring IMAP access on page 98 Complete? Preparing to use BlackBerry deices If you plan to use BlackBerry deices that are supported by a Hosted BlackBerry Serices subscription, complete these tasks to prepare. Before you begin Read about BlackBerry deices with a Hosted BlackBerry Serices subscription on page 8. 114 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
About this task Table 33. Tasks to prepare for BlackBerry deices Task Prepare for onboarding. Verify that this subscription supports the BlackBerry deices that you want to use. Plan for time that is required to accept and process the Research in Motion terms of use agreement. Why this task is important There are tasks to prepare that apply to all or most clients. The Hosted BlackBerry Serices subscription does not support BlackBerry 10. This step must be complete before you can proision users and can take three to four weeks. Additional information Preparing for onboarding on page 102 An IBM SmartCloud Notes for Hosted BlackBerry Serices subscription enables users to access the serice through BlackBerry deices that run operating system ersions 4.0 through 7.x. Users who use BlackBerry 10 deices require SmartCloud Traeler for Notes subscriptions instead. For more information about deice requirements for each of these subscriptions, see the client requirements. After your company purchases a Hosted BlackBerry Serices subscription, you must accept the Research in Motion terms of use agreement. Then, wait for an IBM representatie to indicate that your subscription setup is complete. Complete? Chapter 5. Onboarding users 115
Table 33. Tasks to prepare for BlackBerry deices (continued) Task Ensure that deices are set up to use an Enterprise data plan. Be aware of the BlackBerry deice settings that are enforced in the serice, such as password requirements. BlackBerry browser is not supported Why this task is important An enterprise data plan is required to actiate the BlackBerry deices for the serice. These setting requirements might be different from ones that are currently implemented at your company. You can notify users if this behaior is different from what they are accustomed to. Additional information If users currently use personal plans such as BlackBerry Internet Serice, they must conert to enterprise data plans. Allow time for users to contact the phone company to make the change and to set up the new plans on their deices. Users should know that they can no longer use personal accounts in the cloud. When users switch from personal plans to enterprise plans, you are likely to see increased costs that are associated with purchasing the new plans and with data usage. If your current policies are different from the cloud policies, communicate this change to users. For more information, see Settings enforced for BlackBerry smartphones. Access to web applications in your corporate intranet or on the Internet through the deice is not supported. Complete? Settings enforced for BlackBerry smartphones This topic describes the settings that the serice currently enforces for BlackBerry smartphones. Table 34. Settings enforced for BlackBerry smartphones Policy Value Allow users to send outbound messages No through serices other than IBM SmartCloud Notes 116 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 34. Settings enforced for BlackBerry smartphones (continued) Policy Value The maximum size of a single natie 10240 (KB) attachment that can be downloaded to a smartphone The total size of all natie attachments that can be uploaded from a smartphone The maximum size of a single natie attachment that can be uploaded from a smartphone 5242880 (Bytes) 3145728 (Bytes) Allow users to disable smartphone No passwords Password pattern checks At least 1 alphabetic character and 1 numeric character Number of days after which a smartphone 90 password expires and the smartphone prompts the user to set a new password The number of minutes of inactiity allowed before the smartphone is locked and the user must proide a password to unlock it. Minimum smartphone password length Smartphone password required The number of preious passwords that are preented from being used as new passwords Reset smartphone to factory default settings when smartphone is wiped Allow users to place calls while the smartphone is locked 30 8 characters Yes 8 Yes Yes Preparing communications and training Prepare a communications and training plan to help your users, administrators, and help desk personnel make the transition to the serice. About this task Prepare to communicate to your users the benefits of the serice, the changes to expect, and the steps to take to make the transition. Ensure that your help desk personnel are aware of the communications plan and are prepared to help users follow instructions that are proided in it. For seeral client-specific sample communications to use as a starting point, see the wiki article Preparing communications about the transition to SmartCloud Notes. Consider use of the following training resources to help users, help desk personnel, and administrators become familiar with the clients and features aailable with the serice: Preparing training for IBM SmartCloud Notes wiki article Technote 7040248: Comparison tables of features between IBM Notes, IBM inotes & IBM SmartCloud Notes web IBM Multimedia Library for IBM Notes, affordable and proen resource for Notes client training Chapter 5. Onboarding users 117
Getting started with SmartCloud Notes clients, getting started resources that are proided through the wiki Mail file quota Currently a size limit (quota) of 25 GB is enforced on the mail files of users who were proisioned before Noember 22, 2014; the mail file size limit of users who are proisioned after this date is 50 GB. An exception is the mail files of SmartCloud Notes Entry users, whose mail files hae a 1 GB limit. The sizes of the following mail file elements are factored into the quota calculation: design elements documents iew index Domino Attachment and Object Store (DAOS) element white space attachments Full-text index size is not a factor in the quota calculation. Users do not receie warning notifications if they are approaching their mail quota. Howeer, web client users and Notes client users can see how close they are to quota by clicking the quota status bar that is shown near their name in the mail file. When a user s mail file quota is reached, the user cannot receie mail and the sender of a message receies a deliery failure notification. Some clients continue to allow mail to be sent when quota is reached, as described in the following table. When a user with an oer-quota mail file sends a message that cannot be deliered, the user does not receie a deliery notification failure. The serice retries sending the deliery failure notification for about a day, and if not successful, deletes the notification. Table 35. Send mail behaior when quota is reached Client Sending mail without saing a copy Sending mail and saing a copy Notes Mail is sent. Mail is sent but not saed. web client Mail is sent. Mail is not sent or saed. Notes Traeler Not supported. Mail is not sent. Mail stays in the Outbox and the client tries to resend. BlackBerry smartphone Mail is sent. Mail is not sent. Mail stays in the Sent folder and can be resent later. Mail file delegation Using delegation preferences, users can allow other users to manage their mail, calendar, contacts, and to do items. Depending on which client is used, there are some differences in how delegation works with IBM SmartCloud Notes. 118 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Notes client Delegation works in the following way for users who access their mail using the IBM Notes client: To set up delegation, users set a Mail > Access & Delegation preference. Once set, this preference applies to both the Notes client and the web client. In the Notes client, users can also delegate management of their Calendar, Contacts, and To Do tasks. A delegate cannot assign other delegates to a mail file. Web client Delegation works in the following way for users who access mail using the web client: To set up delegation, users set a Delegation user preference. Once set, this preference applies to both the Notes client and the web client. In the web client, users can also delegate management of their Calendar, Contacts, To Do tasks, and Notebook. A delegate cannot assign other delegates to a mail file. Reassigning delegation after a user name change If a delegate s Notes user name changes, then the owner of the mail file must reassign delegation to the new name. Doing so updates the mail file ACL (access control list) with the new name, which allows the user access to the database. Related tasks: Changing a user name on page 145 When the name of a user changes, you edit the user account to change the name in one or more fields that include the user name. After you change the name, a multi-step process occurs. Many of the steps occur asynchronously, so there is no set time by which the rename process completes, although renames generally complete within one day. Adding a SmartCloud Notes subscription to a user account Perform the steps in this procedure to add a IBM SmartCloud Notes subscription to a user account. Adding a subscription is also referred to as proisioning. Before you begin Prepare for onboarding. About this task If you want to add subscriptions for many users at once, you can instead use proisioning change files and the Connections Cloud integration serer. Note: In the Account Login section described in this procedure, if you do not proide a distinguished name when you create an account, a system-generated one is created. It is recommended that you allow the system to create this name for you. Doing so ensures that the formula is applied correctly. Note, howeer, that when the system generates the distinguished name, it does not display in the Distinguished Name field. The distinguished name for each user must be unique. If the system-generated name is already in use, then you are prompted to create Chapter 5. Onboarding users 119
one manually. To determine the text to add to the user's name to form the Distinguished Name, complete the task Forming a distinguished name. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click User Accounts. 4. Perform one of the following steps: If the user already has an account, select the user name and click Edit User Account. If the user does not hae account yet, click Add User Account. 5. If this is a new account, complete the User Information fields. Otherwise, continue to the next step. Table 36. User Information Field Gien Surname Language Department Role Steps Type the users' gien name, which is sometimes referred to as the first name. Type the user's surname, which is sometimes referred to as the last name. Select a language. The language you select here must be the same language as the user's mail file template. Optionally proide information such as a department name or organizational code. Select one or more of the following roles: AppDeeloper -- Select this role to gie deelopers sufficient access to create extensions or add internal applications. User -- This role is required for subscriptions. Administrator -- Select this role if the user will perform administratie tasks. If you also want to the administrator to hae subscriptions, select the User role as well. Admin Assistant -- An admin assistant can reset logon passwords for a user. If you also want to the admin assistant to hae subscriptions, select the User role as well. Important: You cannot assign both the Administrator and the Admin Assistant role to a user. e-discoery administrator -- If your company purchased the IBM SmartCloud Archie Essentials subscription, select this role to enable the user to perform e-discoery administrator tasks. e-discoery user -- If your company purchased the IBM SmartCloud Archie Essentials subscription, select this role to enable the user to perform e-discoery user tasks, such as working with searches. 6. Click Next and in the Subscriptions page select IBM SmartCloud Notes as the mail subscription. Select any other subscriptions that are aailable that you want to assign to the user. 7. Click Next and complete the Account Login fields: 120 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 37. Account Login Field Notes email or Email Distinguished Name Initial password for user Steps Complete the following steps to specify the user's Internet mail address. 1. Determine the correct field to use: If the user account is new, enter the address in the Email field. The alue of this field is used as the user's Internet mail address and as the web client login identity. If the user account already existed, enter the address in the Notes email field. In this case, the alue of the Notes email field is used for the user's Internet mail address and the alue of the Email field is used as the web client login identity. 2. Enter the first part of the user's SmartCloud Notes Internet email address, typically based on the user's name. For example, for Samantha Daryn you might enter sdaryn. 3. If your company uses more than one Internet domain, select the domain in which the user resides, for example, renoations.com. Leae this field blank so the system generates a Notes distinguished name. If the system-generated name is in use, you see a prompt. In this case, you must proide a different distinguished name manually, following the rules described in the topic Forming a distinguished name. If this is a new user account, create and confirm a temporary password. This is the password users will use when they log on to the serice with the web client for the first time. Important: Make a note of this password to proide to the user. 8. Click Finish. What to do next Check user proisioning status to determine when proisioning is complete or if any proisioning errors occur. Related tasks: Checking user proisioning status on page 122 After you add IBM SmartCloud Notes subscriptions to user accounts, check the proisioning status of the users. Related information: Integration serer Forming a distinguished name A distinguished name is a unique name that is associated with a IBM Notes ID file. It is used to authenticate a Notes client user, and is seen in Notes mail messages, directories, in database ACLs, and in other groups used by the serice. When you create a new user account, the Add User form includes a Distinguished Name field. In most instances you will not complete this field; you can leae it blank and the system will generate a distinguished name for the account based on the user's Chapter 5. Onboarding users 121
name and other information you proide. Howeer, if you decide to create the distinguished name yourself, or if the system-generated one is already in use, you must use the correct formula to create it. About this task It is recommended that you allow the system to create a distinguished name for you. Doing so ensures that the formula is applied correctly. Howeer, the distinguished name for each user must be unique. If the system attempts to generate a name and finds that it is already in use, then you are prompted to create one manually. In this scenario, the formula is proided for you, and you can simply change the user name portion. When the name of a user changes, you can update the information in the Distinguished Name field. Again, you are prompted to create a different one if the name you enter is already in use. Note: System-generated distinguished names do not display in the Distinguished Name field on the Add User or Edit User forms after they are created. Only names you proide display in this field. Use these steps to determine how to form the distinguished name. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. In the SmartCloud Notes Administration window, click Account Settings. 5. When the Account Setup window displays, look at the IBM Notes Names field. This field identifies how your Notes names are formed: Your IBM Notes Names are: User Name/Renoations@Renoations 6. To form the distinguished name, begin with the common name, for example: Samantha Daryn Next add the forward slash (/). Now the example looks like this: Samantha Daryn/ And finally, use the text after the slash but before the at sign (@) to complete the formula. Here is the distinguished name, for this example: Samantha Daryn/Renoations Checking user proisioning status After you add IBM SmartCloud Notes subscriptions to user accounts, check the proisioning status of the users. Before you begin Complete the procedure Adding a SmartCloud Notes subscription to a user account on page 119. 122 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. In the Proisioning section of the SmartCloud Notes Administration window, click Proisioning Status. 5. Display the names of the users whose status you want to check. In the Search box, type the beginning characters of any of the following user alues: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 6. In the Status field, select one of the following options: Option In Progress Description Show all users in the search results who are in the process of being proisioned. The serice is setting up mail files and doing other steps to prepare user accounts. Users that are shown in this iew cannot use the SmartCloud Notes serice yet. Note: It is possible for user accounts to be in a Held state. This state can be seen only in IBM Connections Cloud user accounts by clicking Home and then User Accounts. The Held state indicates that serice is performing routine checks. It does not indicate that there is a problem. Do not delete and then re-add the account. Resolution often takes a few hours or less; howeer, on some occasions it can take a few days. If you are concerned that the Held state is not changing, contact customer support. Chapter 5. Onboarding users 123
Option Done Error Description Show all users in the search results who are successfully proisioned. The serice has finished preparing the mail files and accounts of these users, and the users can use the serice. One of the following states is shown for each user: Pending: This state indicates that a user has not yet logged in to the SmartCloud Notes serice and accepted the terms of use. Actie: this state indicates that a user has logged in to the serice and accepted the terms of use. Show all users in the search results who cannot be proisioned because of an error. If you see a user in this state, contact support to help you resole the error. What to do next Helping users get started When users are listed in the proisioning status page as Done and in the Pending state, complete the following steps: 1. If you do not want users to use the default IBM Notes mail file template, assign the users a mail file template. 2. If your company uses extension forms files and you do not want users to the default forms file, assign users an extension forms file. 3. Help users get started with the serice. Related tasks: Changing user mail file templates on page 139 You can change the mail file template assigned to a user. For example, change the mail template if the IBM Notes client of a user is upgraded to a new ersion. Assigning extension forms files to users on page 140 After an IBM representatie uploads an approed extension forms file to the serice, you can assign the forms file to users. Extension forms file enable you to customize the isual theme, fonts, the action bar, and other aspects of the web client. Helping users get started After user proisioning is complete, help users get started with their mail in the cloud. After user proisioning is complete, help users get started with their mail in the cloud. Before you begin Check user proisioning status; users in the Pending state are ready to begin to use the serice. 124 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Proiding account information to users After you add a IBM SmartCloud Notes subscription to user account, proide the user with the information that is required to log in to the serice. Before you begin Complete the procedure Checking user proisioning status on page 122 and erify that users are listed in the proisioning status page as Done and in the Pending state. About this task Users must log in to the serice from a browser within 30 days after being assigned a SmartCloud Notes subscription. After logging in, users can begin to use the web client immediately. Users who want to use the IBM Notes client must download and run the SmartCloud Notes client configuration tool to connect the client to the mail serer in the serice. This tool is aailable within the serice after logging in from a browser. A ersion of the Notes client that is supported by the serice must be installed and set up. The Notes client is aailable for download from the IBM Notes product page. A SmartCloud Notes subscription includes a license for the client. Note: If a user sees the error ID in ault has expired download time when attempting to connect to the serice for the first time from a Notes client, reset the Notes ID password and instruct users to log in again with the new password. Procedure Proide the following information to each user: The login URL http://www.ibmcloud.com/social. The web login name The alue of the Email field in the Account Login tab of the user's Connections Cloud user account. To see user accounts, log in to the serice as an administrator, click Administration > Manage Organization, and click User Accounts. The temporary password -- The first time users log on, they use a temporary password that is created for them at the time their account is created. They are asked to change this password the first time they log on. Note: If users already use another Connections Cloud serice, they use the existing web login password. Results When users log in from the browser, they are presented with the Account Updates form. They must click Submit to complete the user registration and actiate their account. What to do next Help users get started with the clients they will use in the cloud. Related tasks: Chapter 5. Onboarding users 125
Getting started with the web client Complete the following tasks to help users get started with the web client. Getting started with the Notes Traeler deices on page 127 Complete the following tasks to help users get started in the cloud with IBM Notes Traeler deices. Getting started with the Notes client on page 130 If the IBM Notes client is used with the serice, complete the following tasks to help users get started. Getting started with IMAP clients on page 131 If IMAP clients are used, complete the following tasks to help users get started with them. Getting started with the web client Complete the following tasks to help users get started with the web client. Before you begin Complete the procedures Proiding account information to users on page 125 and Preparing for the web client on page 104. About this task Table 38. Getting started with the web client Task Point users to the web client documentation. Prepare to troubleshoot any login problems. (Optional) If instant messaging is enabled for your company, make sure that users also enable it in client preferences. Why this task is important Users can refer to the documentation as they begin using the client. If any user has trouble logging in to the serice, you can quickly resole the problem. Instant messaging must be enabled in client preferences and in SmartCloud Notes Administration. Additional information SmartCloud Notes web documentation See Technote 1496881: SmartCloud Notes user cannot log on To enable instant messaging in the web client, users click More > Preferences > Instant Messaging and select Enable instant messaging. For information on configuring instant messaging in SmartCloud Notes Administration, see Configuring instant messaging on page 83. Complete? 126 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 38. Getting started with the web client (continued) Task (Optional) In hybrid enironments, install and configure the IBM Notes Browser Plug-in Why this task is important The plug-in allows web client users to access Notes applications on on-premises Domino serers. Additional information Notes Browser Plug-in requirements Notes Browser Plug-in documentation for the serice Complete? Getting started with the Notes Traeler deices Complete the following tasks to help users get started in the cloud with IBM Notes Traeler deices. Before you begin Complete the procedures Proiding account information to users on page 125 and Preparing for Notes Traeler deices on page 106. About this task Table 39. Getting started with Notes Traeler deices Task If you did not add the Notes Traeler add-on subscription during user proisioning, add it now. Uninstall any preious Notes Traeler accounts from deices. Remoe user accounts from any on-premises Notes Traeler serers. Point users to the Notes Traeler documentation. Why this task is important This subscription must be added for users to access their mail in the cloud through mobile deices that are supported by the Notes Traeler serice. This step preents deices from attempting to continue to get mail from an on-premises serer. This step preents the on-premises serers from attempting to connect to mail files in the serice to which they no longer hae access. The documentation describes how to get started with each of the supported deices. Additional information Adding a Notes Traeler subscription to a user account on page 128 Remoing user accounts from on-premises Notes Traeler serers on page 129 Notes Traeler documentation Complete? Chapter 5. Onboarding users 127
Table 39. Getting started with Notes Traeler deices (continued) Task (Optional) On the Apple iphone, recommend that users enable the Ask Before Deleting setting. Prepare to troubleshoot. Why this task is important Additional information Complete? This setting helps preent users from deleting messages by mistake. On the phone, select Settings > Mail, Contacts, Calendars > Ask Before Deleting You can quickly resole any problems. Refer to the following section of the Notes Traeler documentation: Troubleshooting, known limitations, and restrictions Related tasks: Managing IBM Notes Traeler deices on page 156 For each user with an IBM Notes Traeler subscription, you can iew information about the user's mobile deice. You can also wipe the deice to remoe sensitie data from it, for example, if the deice is lost or stolen. Adding a Notes Traeler subscription to a user account To enable a user to connect to the serice through a mobile deice supported by IBM Notes Traeler, add the subscription to the user s account. About this task The following steps describe how to add a subscription to the account of a user who already has a Notes Traeler subscription. You can also add the subscription when you first add the user account. For information about adding user accounts, see the topic Administering user accounts. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click User Accounts. 4. Click the arrow next to a user's name and select Edit User Account. 5. Click Next. 6. In the Subscription Add-ons section, select the Notes Traeler subscription. 7. Click Sae. What to do next The user can now set up the mobile deice to connect to the serice. For information, see thenotes Traeler documentation. Related tasks: Chapter 6, Administering user accounts, on page 137 Though IBM is responsible for the administration and maintenance of the mail serers, there are tasks that you perform through an administration interface at http://www.ibmcloud.com/social. Related information: 128 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Notes Traeler Remoing user accounts from on-premises Notes Traeler serers After a user sets up a deice to connect to the serice, if you use a hybrid enironment, remoe all accounts the user has on on-premises IBM Notes Traeler serers. About this task To remoe users on-premises Notes Traeler accounts, deny users access to the on-premises Notes Traeler serer as described in the topic " Restricting access using serer document access fields." Then delete the users from the Notes Traeler serer. In addition, remoe any preious on-premises Notes Traeler client software or account from mobile deices. Restricting access using serer document access fields: Deny serice users access to on-premises IBM Notes Traeler serers. Procedure 1. From the Domino Administrator client, select the IBM Notes Traeler Serer document. 2. Click Edit Serer. 3. Click the IBM Notes Traeler tab. 4. Populate either the Access Serer or Not Access Serer field with the names of users and groups. Users defined as Domino 'Full Access Administrators' hae access regardless of how the Not Access Serer or Access Serer fields are configured. Users denied access to Domino through the Domino Not Access Serer or Access Serer fields under the Security tab of the serer document cannot access Notes Traeler. Table 40. Serer access fields Field Access Serer Description Select the option users listed in all trusted directories to allow access to Notes Traeler only to people that hae person documents in either the primary directory of this serer or any secondary directories that trusted credentials using Domino directory assistance. You can also select indiidual names of users and groups to allow access to this Notes Traeler serer. A blank entry means that all users can access Notes Traeler except any who are listed in the Not Access Serer field. Chapter 5. Onboarding users 129
Table 40. Serer access fields (continued) Field Not Access Serer Description Select the names of users and groups that should be denied access to this Notes Traeler serer. A blank entry means that no users are denied access. Note: Entering names in the Access Serer field automatically denies access to those names not listed. 5. Click Sae & Close. What to do next Delete users from on-premises Notes Traeler serers. Deleting a user from Notes Traeler serers: Remoe serice users from all on-premises IBM Notes Traeler serers. Procedure 1. Run the following command: tell traeler delete * <username> 2. Run the following command: tell traeler security delete * <username> Note: If the user has already been deleted from the Domino directory, then the full user name must be specified. For example: tell traeler delete * "CN=John Doe/OU=Raleigh/O=IBM" The preious two steps should completely remoe the user, but you can erify with these additional steps: 3. Open the Notes Traeler administration application and erify that there are no entries for the user. 4. Open ntsclcache.nsf and erify that there are no entries for the user. Getting started with the Notes client If the IBM Notes client is used with the serice, complete the following tasks to help users get started. Before you begin Complete the procedures Proiding account information to users on page 125 and Preparing for Notes clients on page 108. 130 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
About this task Table 41. Getting started with the Notes client Task Point users to the documentation. Prepare to troubleshoot any problems. (Optional) If users exported contacts and calendar entries from their original mail files, import the entries into the new mail files in the cloud. (Optional) Manually configure the client to connect to the serice instant messaging community. Why this task is important Users require instructions to download and run the client configuration tool to connect to a mail serer in the cloud. If a user has trouble connecting the Notes client to the cloud mail serer, you can quickly resole the problem. If mail files are not transferred to the serice, this step enables users to presere their existing calendar and contacts. One reason to do this is if you want users to be able to connect to both an on-premises community and the serice community. Additional information For more information, see the Notes section of the IBM SmartCloud Notes user documentation. For complete documentation on using Notes, see the help that comes with the client. Technote: Could not connect to serer when running IBM SmartCloud Notes lieconfig application (config.nsf) For more information, see the topic about exporting and importing calendars in the Notes client help. Manually configuring Notes clients to connect to the serice instant messaging community on page 87 Complete? Getting started with IMAP clients If IMAP clients are used, complete the following tasks to help users get started with them. Before you begin Complete the procedures Adding a SmartCloud Notes subscription to a user account on page 119 and Configuring IMAP access on page 98. Chapter 5. Onboarding users 131
About this task Table 42. Getting started with IMAP clients Task Point users to the documentation. Why this task is important Additional information Complete? The documentation describes how to get started with each supported IMAP client. Enabling IMAP access Read the documentation on IMAP client limitations. This information can be helpful with troubleshooting. IMAP client limitations Getting started with BlackBerry deices If BlackBerry deices supported by a Hosted BlackBerry Serices subscription are used, complete the following tasks to begin using the deices with the serice. Before you begin Complete the procedures Proiding account information to users on page 125 and Preparing to use BlackBerry deices on page 114. About this task Note: If BlackBerry 10 deices are used, see Getting started with the Notes Traeler deices on page 127, instead. Accepting the Research In Motion terms of use An authorized person from your company must accept the Research In Motion terms of use. This person receies an email notification with instructions that include a link to the terms of use document. About this task After you accept the Research in Motion terms of use, you must wait to receie a notification from an IBM Customer Serice Representatie indicating that your company s BlackBerry subscription setup is complete. You must receie this notification before you can add BlackBerry subscriptions to user accounts. Related tasks: Preparing to use BlackBerry deices on page 114 If you plan to use BlackBerry deices that are supported by a Hosted BlackBerry Serices subscription, complete these tasks to prepare. Adding a BlackBerry subscription to a user account To enable a user to connect to the serice through a BlackBerry smartphone, add a SmartCloud Notes for Hosted BlackBerry Serices subscription to the user account. 132 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Before you begin Before you can add BlackBerry subscriptions to user accounts, you must receie a notification from an IBM Customer Serice Representatie that the subscription for your company has been set up. About this task The following steps describe how to add the subscription to a user account that has already been created with a SmartCloud Notes subscription. You can also add the subscription at the same time you create the user account. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click User Accounts. 4. Click the arrow next to a user's name and select Edit User Account. 5. Click Next. 6. Under Subscription Add-ons, select SmartCloud Notes for Hosted BlackBerry Serices. 7. Click Next and then Finish. Related tasks: Adding a SmartCloud Notes subscription to a user account on page 119 Perform the steps in this procedure to add a IBM SmartCloud Notes subscription to a user account. Adding a subscription is also referred to as proisioning. Remoing user accounts from an on-premises BlackBerry Enterprise Serer If your company uses a hybrid enironment and you hae transferred user mail files to the serice, before you actiate deices for the serice, remoe all accounts users hae from any on-premises BlackBerry Enterprise Serers, and then wipe the user deices. If you do not complete these steps, obsolete on-premises information can be proided to the serice. Completing these steps is also important to preent on-premises serers from consuming resources by repeatedly attempting to access mail files in the serice to which they no longer hae access. About this task For information on remoing accounts, see BlackBerry Knowledge Base document KB04169. Related information: BlackBerry Knowledge Base document KB04169 Actiating a user's BlackBerry smartphone After you add a BlackBerry subscription to a user account, the user's smartphone must be actiated to enable it to be used with the serice. Before you begin The user's wireless carrier plan must be an Enterprise plan rather than a Personal plan. A smartphone cannot be actiated for the serice when a Personal plan is used. Chapter 5. Onboarding users 133
Complete the procedures Adding a BlackBerry subscription to a user account on page 132 and Remoing user accounts from an on-premises BlackBerry Enterprise Serer on page 133. About this task To begin the actiation process, a one-time actiation password is created in the serice. You can create this actiation password, or the user can create it. After creation of the actiation password, the user's smartphone is ready to be actiated. To actiate the smartphone, the actiation password and the user's serice Internet email address are entered on the smartphone using the Enterprise Actiation option. The following steps are performed to actiate a user's smartphone. You can perform these steps, or the user can perform them as described in Using your BlackBerry smartphone with SmartCloud Notes. Procedure 1. If the smartphone has been used before, perform the following steps. a. Back up any existing data. For instructions, see the BlackBerry Knowledge Base article How to back up the data on a BlackBerry smartphone. b. Wipe the smartphone. For instructions, see the BlackBerry Knowledge Base article How to delete all data and applications from the BlackBerry smartphone using the Wipe Handheld option. 2. To begin the actiation process, perform the following steps to create an actiation password: a. Log on to the serice as an administrator. b. If your account has the user role, click Admin > Manage Organization. c. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. d. Under User and Groups, click Users. e. In the Search box, type the beginning characters of any of the following user alues to display the user's name: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 134 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
f. Click the user's name in the search results. g. Click Manage BlackBerry Smartphone. h. Click Actiate Now, create a one-time actiation password, and then click Set Password. Note: Alternatiely, the user can create the actiation password through the serice web site. 3. To actiate the smartphone, refer to the following table and perform the steps that are shown for the operating system (OS) ersion of the smartphone. Actiation can take from a few minutes to an hour, depending on the size of the mail file. After performing these steps, look for the Actiation Complete message on the smartphone, which indicates that actiation is successful. OS ersion OS4, OS5 Steps to actiate 1. From the Home screen of the smartphone, click Manage Connections and then enable your Mobile Connection. 2. From the Home screen of the smartphone, click Options > Adanced Options > Enterprise Actiation. 3. Enter your SmartCloud Notes Internet email address, for example sdaryn@renoations.com. 4. Enter the actiation password. 5. Click the track ball and select Actiate. Note: Leae the Actiation Serer Address field blank, if you see it. OS6, OS7 1. From the Main screen of the smartphone, click Options > Deice > Adanced System Settings > Enterprise Actiation. 2. Enter the SmartCloud Notes Internet email address, for example sdaryn@renoations.com. 3. Enter the actiation password. 4. Click the Actiate button. 4. If you backed up data before actiating, restore the data now. For information, see the BlackBerry Knowledge Base article How to use BlackBerry Desktop Software to restore data to a BlackBerry smartphone from a backup file. Related tasks: Proiding documentation to your BlackBerry smartphone users on page 136 BlackBerry smartphone users with a hosted BlackBerry subscription can actiate and manage their smartphones themseles using options aailable through the serice website at http://www.ibmcloud.com/social. To help users perform these tasks and to troubleshoot problems, point them to the user documentation. Ensuring that mail encryption is aailable for BlackBerry smartphone users To encrypt and sign mail with a BlackBerry smartphone, a user s IBM Notes ID file must be uploaded to the ID ault in the serice. Chapter 5. Onboarding users 135
About this task If a user is unable to send and receie encrypted mail, the user s ID file is not in the ID ault. This situation can occur if the user waits more than fie days to log on to the serice after being proisioned. To upload the ID file in this situation, use SmartCloud Notes Administration to reset the Notes password. The smartphone prompts the user to proide the new password and then to change the password. After that point, the user no longer proides a Notes password. The user proides only the smartphone password. Related tasks: Resetting passwords for Notes IDs on page 31 Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. Proiding documentation to your BlackBerry smartphone users BlackBerry smartphone users with a hosted BlackBerry subscription can actiate and manage their smartphones themseles using options aailable through the serice website at http://www.ibmcloud.com/social. To help users perform these tasks and to troubleshoot problems, point them to the user documentation. About this task BlackBerry smartphone users can perform the following tasks themseles: Actiate a smartphone Reactiate a smartphone to correct a problem Actiate a different smartphone Wipe a smartphone Instructions for performing these tasks can be found in the Using your BlackBerry smartphone with SmartCloud Notes section of the user documentation. Note: For information on using a BlackBerry 10 deice, see the Notes Traeler documentation for SmartCloud Notes. Related information: Using your BlackBerry smartphone with SmartCloud Notes Notes Traeler documentation 136 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Chapter 6. Administering user accounts Though IBM is responsible for the administration and maintenance of the mail serers, there are tasks that you perform through an administration interface at http://www.ibmcloud.com/social. About this task You must hae the Administrator role assigned in a user account to perform most administration tasks. An exception is resetting the serice login password for a user account, which can also be performed by someone with the Admin Assistant role. Viewing assigned mail file templates You can iew the mail file template that is assigned to a serice user. About this task If only the template ID displays in the field, the template assigned to the user has been remoed from the template repository. Although the user's mail file is not affected, you should assign a new template. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. In the Search box, type the beginning characters of any of the following user alues to display the user's name: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 137
7. Look in the Mail Template field, which includes the following information: Name Version Language Template ID number Related concepts: Language ersions of the standard mail file template The mail file template supported in the serice is the IBM Notes Standard 8.5 template (STDR85Mail). This topic lists the languages in which this template is proided. Related tasks: Configuring mail file templates on page 63 Configure which mail file templates can be applied to user mail files and configure a mail file template to use by default. Language ersions of the standard mail file template The mail file template supported in the serice is the IBM Notes Standard 8.5 template (STDR85Mail). This topic lists the languages in which this template is proided. English (en) Arabic (ar) Catalan (ca) Czech (cs) Danish (da) German (de) Greek (el) Finnish (fi) French (fr) Hebrew (he) Hungarian (hu) Italian (it) Japanese (ja) Korean (ko) Dutch (nl) Norwegian (no) Polish (pl) Portuguese (pt) Portuguese, Brazil) (pt_br) Russian (ru) Sloak (sk) Sloenian (sl) Swedish (s) Thai (th) Turkish (tr) Chinese, China (zh_cn) Chinese, Taiwan (zh_tw) 138 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Spanish (es) Changing user mail file templates You can change the mail file template assigned to a user. For example, change the mail template if the IBM Notes client of a user is upgraded to a new ersion. Before you begin Make sure that users are offline when you change their templates. About this task When you change a user's mail file template, custom folders in the mail file inherit the design of the Inbox folder. Custom folders are user-created folders or company-created folders from a custom template that is used in the serice. Note: If you change the languages of a user's IBM SmartCloud Notes subscription, you then also need to change the language of the mail file template. Procedure 1. Log on to http://www.ibmcloud.com/social using the email address and password of a SmartCloud Notes user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. In the Search box, type the beginning characters of any of the following user alues to display the user's name: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 6. Select the name of each user to change to a specific template. You can search for and select more names; preiously selected names remain selected. 7. Click Apply Mail Template. 8. Select the template to use. 9. Click Apply Mail Template. Chapter 6. Administering user accounts 139
10. Click Confirm. 11. Click Continue. Related information: Integration serer and user proisioning change files Assigning extension forms files to users After an IBM representatie uploads an approed extension forms file to the serice, you can assign the forms file to users. Extension forms file enable you to customize the isual theme, fonts, the action bar, and other aspects of the web client. About this task You can assign extension forms files to users explicitly. You can also assign extension forms files to users implicitly by setting a default extension forms file. The following topics describe how to use IBM SmartCloud Notes Administration to assign extension forms files. You can also use user proisioning change files and the IBM Connections Cloud integration serer. For more information, see the integration serer section of the Connections Cloud documentation. Related tasks: Using extension forms files to customize the look of the web client on page 64 You can use an extension forms file to customize the isual theme, fonts, the action bar, and other aspects of the web client. For example, you can add graphics, change colors, and add new menu items. Related information: IBM Connections Cloud documentation Setting a default extension forms file Optionally set a default extension forms file that applies to all current and future web client users who are not explicitly assigned an extension forms file. Before you begin An IBM representatie must upload the approed extension forms file to the serice. About this task If you do not specify a default extension forms file, users without an explicit extension forms file see the default serice behaior. The default serice behaior is similar to IBM inotes 9.0. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Extension Forms Files. 5. Select the forms file and click Set as Default. 140 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Results The change takes effect the next time web client users log in to the serice. In the list of files in the Extension Forms Files page, the text [default] is shown after the file name. The file is also shown in the Defaults page, in the Default Extension Forms File section. To see whether a user uses the default forms file, from SmartCloud Notes Administration, click Users and select the name of the user. If the user uses the default extension forms file, the alue of the Forms extension field is Default (forms file), where forms file is the name of the default extension forms file. You can disable a default extension forms file and reert to the default serice behaior. To do so, perform this procedure and in the last step select None in the files list and click Set as Default. The extension forms file remains aailable and you can re-enable it as the default at any time. Explicitly assigning an extension forms file to many current users You can assign a forms file to all current users, to users who are explicitly assigned a different extension forms file, or to users who are not explicitly assigned an extension forms file who use the default behaior. Before you begin An IBM representatie must upload the extension forms file to the serice. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Extension Forms Files. 5. Select the extension forms file to assign and click Apply to Users. Note: To remoe an explicit forms file assignment and reert to the default forms file or the default serice behaior, select None [default]. 6. Perform the steps in the following table that correspond to your objectie. Table 43. Steps to assign an extension forms file to many users Objectie Assign to all users in the serice. Note: An alternatie approach is to set a default extension forms file. A default file is used by all current and future users who are not assigned an extension forms file explicitly. Assign to all users who are not currently assigned to the selected forms file. Steps Click Apply to > All users. 1. Click Apply to > Users of a different extension forms file. 2. Select the current extension forms file of the users. Chapter 6. Administering user accounts 141
Table 43. Steps to assign an extension forms file to many users (continued) Objectie Assign to all users who are not explicitly assigned an extension forms file. Steps 1. Click Apply to > Users of a different extension forms file. 2. Select None (default). 7. Click Apply. Results If you click Cancel or close the window before the changes are complete, the change is cancelled only for users not yet processed. The extension forms file changes take effect the next time the web client users log in to the serice. If you click Users from SmartCloud Notes Administration and select the name of a user, the Forms extension field shows the extension forms file. Explicitly assigning an extension forms file to indiidual current users You can explicitly assign an extension forms file to indiidual current users. The explicit assignment oerrides the default behaior for your company. Before you begin An IBM representatie must upload the extension forms file to the serice. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. Display the names of the users to whom you want to assign the forms file. In the Search box, type the beginning characters of any of the following user alues: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations 142 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 6. Select the names of the users from the search results. 7. Click Apply Extension Forms File. 8. Select the file and click Apply. Results If you click Cancel or close the window before the changes are complete, the change is cancelled only for users not yet processed. The extension forms file changes are isible the next time the user uses the web client to log in to the serice. If you click Users from SmartCloud Notes Administration and click a user name to see details about the user, the Forms extension field shows the extension forms file. To remoe an explicit extension forms file assignment, repeat the procedure and in the last step select None in the list of file names and click Apply. Users then use the default extension forms file, if specified, or the default serice behaior. Resetting serice login passwords Users can reset their own serice login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset serice login passwords for any user at any time. About this task Reset passwords when userd forget their passwords, or when the password might be compromised. Users that log in by clicking Use My Organization's Login are using a federated identity and can reset their passwords only by following their company's process. If administrators enable password synchronization, when users change their serice login passwords, they can also use the new passwords to log in to the IBM Notes client. Follow these steps to reset any user's password: Procedure 1. Click Administration > Manage Organization. 2. Click User Accounts. 3. Select the arrow next to the user that needs the password changed. 4. Select Reset password and enter the new password. This password is a temporary password that the user enters the next time that they log in. At that time, the user is asked to create a password. You can also reset the password by editing the user account. Click the appropriate user name in User Accounts and enter a new password in the Account Login tab. Chapter 6. Administering user accounts 143
5. Notify the user of the password change. The user is not automatically notified that the password was reset. Make sure to communicate this change to the user, along with the new password if needed. What to do next Administrators can enable security settings to enforce password expiration through System Settings > Security. When s user logs in with an expired password, the user is prompted to reset that password. Resetting passwords for Notes IDs Reset the password on an IBM Notes ID file to change the current password. Typically you do this because a user has forgotten the current password. About this task This procedure applies only to passwords associated with Notes ID files used with Notes clients, and not to serice login passwords. Procedure 1. Log on to http://www.ibmcloud.com/social using the e-mail address and password of a SmartCloud Notes user with the Administrator role. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Users. 5. In the Search box, type the beginning characters of any of the following user alues to display the user's name: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 7. Under Aailable actions for this user, click Reset IBM Notes Password. 8. Enter a new password, and then click Sae Changes. The password must be at least eight characters in length. 144 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
9. Proide the new password to the user in a way that complies with your company security policies. Results Changing a user name After you complete this procedure, the user can log on to a SmartCloud Notes serer from an IBM Notes client using the new password. After logging on with the new password, the user is prompted to change the password. Note: If the Wrong Password prompt is displayed, tell the user to re-enter the new password that you proided. If that step does not sole the problem, tell the user to delete the local ID file and then re-enter the password. The user has fie days from the time you reset a password to use the password to log on to a SmartCloud Notes mail serer and download the new password to the Notes client. If the 5-day limit is exceeded, the user sees the following message and you must reset the password again: Contact your company administrator to hae your Notes ID password reset. Related concepts: Notes IDs and passwords on page 35 When users connect to their mail serers in the cloud with IBM Notes clients and Notes IDs, they are authenticated using Notes Remote Procedure Call (NRPC) authentication. Related tasks: Resetting serice login passwords on page 30 Users can reset their own serice login passwords once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset serice login passwords for any user at any time. Setting password expiration for Notes IDs on page 32 For users who access the serice with the IBM Notes client, you can specify when Notes ID passwords expire. This password expiration does not apply to web users because they log in using their web login password rather than a Notes ID password. Enabling password synchronization on page 33 When users change their serice login passwords, password synchronization enables the users to use the new passwords when they log in to the IBM Notes client. When the name of a user changes, you edit the user account to change the name in one or more fields that include the user name. After you change the name, a multi-step process occurs. Many of the steps occur asynchronously, so there is no set time by which the rename process completes, although renames generally complete within one day. Before you begin Before you change the distinguished name, the name that is associated with a Notes ID file and shown in Notes mail, understand how to form a distinguished name. For more information, see Forming a distinguished name. For additional information on changing user names, see the article What You Should Know Before You Change a SmartCloud Notes User s Name in the Connections Cloud wiki. Chapter 6. Administering user accounts 145
About this task If you change a user s distinguished name, follow these guidelines to ensure a successful rename operation: Do not do two successie renames, one right after another. Wait until the user who is being renamed accesses the SmartCloud Notes serice with their existing name before you issue a subsequent rename. Do not change the distinguished name of a user who was just added to the SmartCloud Notes serice. Wait until after the user accesses the serice before you change the name. Be ery careful when you enter the distinguished name. If a rename fails to complete, contact IBM SmartCloud Notes Support. Tip: If the IBM Notes user name of a delegate changes, then the owner of the mail file must reassign delegation to the new name. Reassigning delegation updates the mail file access control list (ACL), allowing the delegate to access the database. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click User Accounts. 4. Click the arrow next to a user's name and select Edit. 5. Change the name in any field. Table 44. Fields that reflect the user name Fields to Change Under User Information, the Gien name and Surname fields Under Account Login, the Distinguished Name field Description When you change the name in one or both of these fields, the account name changes. This name is the one that applies to all subscriptions enabled for the user. Note: Users can change their account names themseles by editing My Account Settings. This name identifies users for authentication in Notes and is used when users send Notes mail. When you change the distinguished name, the name is changed in directories, in database ACLs, and in other groups that are used by the serice. Only the common name portion of a distinguished name changes. For example, in the distinguished name sdaryn/renoations, only sdaryn can be changed. Make sure that you know how to form a distinguished name. Important: Before you sae your changes, make sure that you typed the new name correctly. After you sae your changes, do not make any further corrections or changes to the Distinguished Name field before the name change process completes. See the table that follows for information about the timing of name changes. 146 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 44. Fields that reflect the user name (continued) Fields to Change Under Account Login, the Email field, and the Notes Email field, if shown. Description Email is the account login identity. If there is no Notes Email field, the login identity is also the user s Notes Internet mail address. Notes Email is the user s Notes Internet mail address. This field is shown only if a subscription other than SmartCloud Notes was added first, and the SmartCloud Notes subscription was added later. 6. Click Finish. Results Use the information in this table as a guideline for how long each name change takes to complete. Table 45. Rename Completion Time Field Under User Information, the Gien name and Surname fields Under Account Login, the Distinguished Name field Under Account Login, the Email field, and the Notes Email field, if shown. Rename Completion The change occurs immediately, and the new name displays the next time that the user logs in. This name change usually completes in about a day. Howeer, because renaming is a multi-step sequential process, a delay in any step can cause the rename to take longer. While the name is being changed, the current user name remains alid. After the name change completes, the updated name displays the next time that the user logs in from the Notes client. Tip: You can tell if this change is complete by checking the name in the Users list in SmartCloud Notes Administration. The change occurs immediately, and the user is informed of the change the next time the user logs in. Related information: Integration serer Remoing a SmartCloud Notes subscription from a user account When you remoe a SmartCloud Notes subscription from a user's account, the subscription is aailable for another user. The account identity still exists, unless you delete the user account, and is still actie, unless you suspend the user. The user can still log in to the cloud serice, but the user no longer has access to SmartCloud Notes. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. Chapter 6. Administering user accounts 147
3. In the naigation pane, click User Accounts. 4. Click the name of the user to edit the user account settings. 5. Click Next to select the Subscriptions tab. 6. Perform one of the following steps: If the user has more than one subscription, select Customize the subscriptions for this user and in the Mail field select None selected. If the user has only a SmartCloud Notes subscription, select None. 7. Click Next and then Finish. 8. The Edit User Summary window indicates that subscription remoal is in progress. When you click Back to User Accounts, SmartCloud Notes is remoed from the Subscription column for the user. Results The subscription is no longer assigned and is aailable for another user. The mail file becomes inactie. The owner, or a user who has delegation access, cannot open it. Mail is no longer deliered to the mail file. If you remoe the subscription within seen days of creating it, all user data is remoed from the mail serer in the serice. User data includes the mail file and Notes ID (if the IBM Notes client was used to access mail in the serice). If you remoe a subscription that existed longer than seen days, user data (including the mail file and aulted Notes ID) remains on the serers in the serice for 30 days. To see whether a user's data is still in the serice, from SmartCloud Notes Administration, click Users and then Deleted Users. If the user's name is listed, the data is still in the serice. You can force the data to be deleted by clicking Delete Data. What to do next If you want to add the subscription to the user account once again, be aware of the following considerations: If you remoed the user's SmartCloud Notes subscription and the user name is shown in the Users > Deleted Users page of SmartCloud Notes Administration, the user data is still in the serice. In this case, when you add back the subscription, the user regains access to the mail file and the name is remoed from the Deleted Users page. If you remoed the user's SmartCloud Notes subscription and the user name is not shown in the Users > Deleted Users page, the user data has been remoed from the serice. In this case, when you add back the subscription, the user does not hae access to the preious ersion of the mail file. The user will get a new mail file and a new Notes ID. Related tasks: Deleting a user account on page 149 When you delete a user's account, the user no longer has access to any cloud serices. If you change your mind about the deletion, you hae up to 30 days to restore the account to full functionality. Suspending a user account on page 149 You can suspend a user account. When an account is suspended, the user cannot log in to the serice. If the user is logged in at the time the account is suspended, the user can continue working, but cannot log in again after logging out. No subscriptions are aailable to the user, but they remain assigned to the user. Also, the user identity and user data remain on serers in the serice. Related information: 148 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Integration serer Suspending a user account You can suspend a user account. When an account is suspended, the user cannot log in to the serice. If the user is logged in at the time the account is suspended, the user can continue working, but cannot log in again after logging out. No subscriptions are aailable to the user, but they remain assigned to the user. Also, the user identity and user data remain on serers in the serice. About this task Use these steps to suspend a user account, which affects all subscriptions assigned to a user. If a user has other subscriptions that you want to remain aailable to the user, a Customer Serice Representatie can suspend a subscription, rather than suspending an entire account. In that case, the user can log in to the serice and there is no interruption to other subscriptions. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click User Accounts. 4. Click the arrow next to a user name and then click Suspend. Results Deleting a user account The following results occur when a user account is suspended: Subscriptions remain assigned, and cannot be assigned to other users. The user cannot log in and is not listed in the company directory. The mailbox becomes inactie and the owner cannot open it. Howeer, someone who has delegation access to the mail file can open it. Mail is not deliered to the mailbox. You can reset the user account password. Note: To return a suspended account to actie status, edit the user account using the preious steps, and in Step 4, click Unsuspend Account. When the account is returned to actie status, the mail file is once again aailable to the user. Related information: Integration serer When you delete a user's account, the user no longer has access to any cloud serices. If you change your mind about the deletion, you hae up to 30 days to restore the account to full functionality. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. Chapter 6. Administering user accounts 149
3. In the naigation pane, click User Accounts. 4. Click the arrow next to a user name and then select Delete User. 5. Optional: Enter the email address of a user in your organization to whom you want to transfer the deleted user's collaboration resources, such as files. Note: You cannot transfer ownership of the mail file. 6. Click Trash. Results The user whose account is deleted can no longer log in to the serice. If the user is logged in at the time of account deletion, he or she can continue to use the serice until the session expires. Up to 30 days from the initial account deletion, the following conditions exist: The user account has the status Trash in the User Accounts page. The mail file is inactie and cannot be opened by the owner, or by another user who has delegation access to the mail file. Mail is not deliered to the mail file. The subscriptions associated with the deleted account cannot yet be assigned to other users. The user data remains in the serice. If you deleted the account by mistake, you can restore the account to full functionality, including mail. You can permanently delete the account to remoe the user data and free the subscriptions to be assigned to other users. 31 to 90 days from the initial account deletion, the following conditions exist if you did not permanently delete the account: The account is no longer isible and you cannot restore it or permanently delete it. An IBM customer serice representatie can restore the account. The subscriptions associated with the deleted account cannot yet be assigned to other users. After 90 days from the initial account deletion, the account is permanently deleted and the following conditions exist: The account subscriptions can be assigned to other users. The user data for collaboration subscriptions is permanently deleted. The SmartCloud Notes user data, such as the mail file, remains for 30 more days. You can permanently delete this data yourself, if you do not want to wait the 30 days. An exception is if the initial account deletion occurred within seen days of adding the SmartCloud Notes subscription. In this case, SmartCloud Notes data such as the mail file is permanently deleted along with other cloud data after 90 days. Note: While the SmartCloud Notes data remains, you cannot create a user account with the same common name and email address as that of the deleted account. After 120 days from the initial account deletion, SmartCloud Notes user data is permanently deleted, if it was not deleted preiously. Related tasks: 150 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Restoring a deleted user account After you delete a user account, you hae up to 30 days to restore it if you change your mind. Restoring the account returns it to full functionality, including full mail file access. Permanently deleting a user account After you delete an account, it remains inactie in the serice, and you hae 30 days to restore it. If you are sure that you will not need to restore the account, you can permanently delete it within 30 days of the initial account deletion. Permanently deleting an account frees its subscriptions for other users. Remoing the SmartCloud Notes data for a deleted user account or subscription on page 153 After a user account is permanently deleted or an IBM SmartCloud Notes subscription is remoed from a user account, the SmartCloud Notes data such as the mail file remains for 30 days. Use this procedure to force the deletion of the user data from the serice, if you do not want to wait the 30 days. Related information: Integration serer Restoring a deleted user account After you delete a user account, you hae up to 30 days to restore it if you change your mind. Restoring the account returns it to full functionality, including full mail file access. About this task An IBM customer serice representatie can restore a user account up to 90 days after the account deletion. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click User Accounts. 4. Select Status in the drop-down box and then select Trash to show the deleted user accounts that can be restored. 5. Click the arrow next to the user name and select Restore User. 6. In the window that is shown, click Restore. Related tasks: Deleting a user account on page 149 When you delete a user's account, the user no longer has access to any cloud serices. If you change your mind about the deletion, you hae up to 30 days to restore the account to full functionality. Permanently deleting a user account After you delete an account, it remains inactie in the serice, and you hae 30 days to restore it. If you are sure that you will not need to restore the account, you can permanently delete it within 30 days of the initial account deletion. Permanently deleting an account frees its subscriptions for other users. Chapter 6. Administering user accounts 151
About this task You cannot restore an account after you permanently delete it. If there is a chance you might need to restore the account, do not complete this procedure. A user account is permanently deleted automatically 90 days after the initial account deletion. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click User Accounts. 4. Select Status in the drop-down box and then select Trash. 5. Click the arrow next to the user name and then select Delete User. 6. Optional: Enter the email address of a user in your organization to whom you want to transfer the deleted user's collaboration resources, such as files. Note: You cannot transfer ownership of the mail file. 7. Click Delete. Results The account cannot be restored. The subscriptions associated with the account are free to be assigned to other users. In a serice-only enironment, if the initial account deletion occurred within seen days of adding an IBM SmartCloud Notes subscription, all SmartCloud Notes user data such as the mail file is permanently deleted immediately. Otherwise, the SmartCloud Notes data remains for 30 more days and is automatically deleted after that period. You can delete this data before then yourself. While this data remains, you cannot create a user account with the same common name and email address as that of the deleted account. What to do next If you want to permanently delete the SmartCloud Notes data immediately, complete the procedure Remoing the SmartCloud Notes data for a deleted user account or subscription on page 153. Related tasks: Deleting a user account on page 149 When you delete a user's account, the user no longer has access to any cloud serices. If you change your mind about the deletion, you hae up to 30 days to restore the account to full functionality. Restoring a deleted user account on page 151 After you delete a user account, you hae up to 30 days to restore it if you change your mind. Restoring the account returns it to full functionality, including full mail file access. 152 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Remoing the SmartCloud Notes data for a deleted user account or subscription After a user account is permanently deleted or an IBM SmartCloud Notes subscription is remoed from a user account, the SmartCloud Notes data such as the mail file remains for 30 days. Use this procedure to force the deletion of the user data from the serice, if you do not want to wait the 30 days. About this task In most situations, there is no need to force the deletion of the SmartCloud Notes data. Howeer, if an account is permanently deleted and you want to create a new account that uses the same email address and common name, the SmartCloud Notes data must first be deleted. Note: If the initial account deletion occurred within seen days from the time that you added the SmartCloud Notes subscription, the SmartCloud Notes data is remoed immediately after the account is permanently deleted and this procedure is unnecessary. You can delete the data of a user whose SmartCloud Notes subscription was remoed but who still has a user account. Howeer, do so with caution; if you later add back the subscription, the user starts with a new mail file and Notes ID in the serice. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. In SmartCloud Notes Administration, under Users and Groups, click Users. 5. In the naigation pane, click Deleted Users. 6. Optional: To search for a name if many users are listed, type the beginning characters of any of the following user alues: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. Chapter 6. Administering user accounts 153
Managing groups 7. Click Delete Data next to the name of the user whose data you want to remoe, and then confirm the deletion. Results The user data is remoed from the serice and the user name is remoed from the Deleted Users page. Related tasks: Deleting a user account on page 149 When you delete a user's account, the user no longer has access to any cloud serices. If you change your mind about the deletion, you hae up to 30 days to restore the account to full functionality. Permanently deleting a user account on page 151 After you delete an account, it remains inactie in the serice, and you hae 30 days to restore it. If you are sure that you will not need to restore the account, you can permanently delete it within 30 days of the initial account deletion. Permanently deleting an account frees its subscriptions for other users. Remoing a SmartCloud Notes subscription from a user account on page 147 When you remoe a SmartCloud Notes subscription from a user's account, the subscription is aailable for another user. The account identity still exists, unless you delete the user account, and is still actie, unless you suspend the user. The user can still log in to the cloud serice, but the user no longer has access to SmartCloud Notes. You can create and manage groups that can be used when addressing email and scheduling meetings. For example, you might create a group when users frequently send mail to the same set of people. The groups that you create are aailable from your company's directory in the serice. About this task The size of a group is limited. Depending on the number of characters in the names of group members, the group size aries from approximately 800 to 1200 names. If you get a message that your group contains too many members, you can create multiple, smaller groups, and make each of them a member of a group. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. From SmartCloud Notes Administration, click Groups. 5. Perform any of the following group management tasks. When you hae finished creating or editing a group, click Sae. Table 46. Group management tasks Task Add a group Include an Internet address for the group Steps Click Add Group. Specify the group's Internet address. This address enables you to use the group when sending email to other companies. 154 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 46. Group management tasks (continued) Task Edit a group Add group members Steps Click the name of the group to select it. When the group displays, click Edit. 1. From a new or existing group in edit mode, click Add. 2. Do one of the following: In the window that displays, select one or more members from the list or enter a name that is not on the list using one of these formats: john@renoations.com "John Doe" <john@renoations.com> Click Select All to add eeryone on the list to your group. 3. Click Add to add the names to the Select Names area, and then click OK. Tip: Use Starts With to skip to the letter of the alphabet that the name begins with. Remoe group members Remoe a group Select the name of a group member or click Select All, and then click Remoe Selected. Select the name of one or more groups, and then click Delete Selected Groups. Viewing subscriptions You can iew the subscriptions assigned to existing users, or iew the subscriptions that are aailable to assign to new serice users. In addition to the mail serice, other subscriptions can include collaboration serices. Third-party integrated applications may also display if your organization has enabled them. About this task Use these steps to iew the aailable subscriptions, and find out how many user accounts are aailable for each subscription. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click Subscriptions. Viewing assigned subscriptions About this task To iew the subscriptions that are assigned to an existing user, perform the following steps. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click User Accounts. 4. Locate the user name. The assigned subscriptions are listed in the Subscription column. Chapter 6. Administering user accounts 155
Managing IBM Notes Traeler deices For each user with an IBM Notes Traeler subscription, you can iew information about the user's mobile deice. You can also wipe the deice to remoe sensitie data from it, for example, if the deice is lost or stolen. About this task Note the following information about wiping a deice: After you issue a wipe request, the deice cannot be used with the serice again unless you cancel a pending wipe or reactiate the deice. If you remoe a user's IBM Notes Traeler subscription, the deice information is no longer aailable in the serice and you cannot perform this procedure. In this case, the user can request a deice reset through the mobile carrier. If you cancel a pending wipe, the data is not wiped from the deice. Wipe options are shown only for deices that support them. If a wipe is done outside the IBM Notes Traeler serice, for example, if a user resets a deice, the status is not shown. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Click Users in SmartCloud Notes Administration. 5. In the Search box, type the beginning characters of any of the following user alues to display the user's name: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 7. Click Manage IBM Notes Traeler Deices to see information about the user's deice such as the name, the time it was last synchronized, and the status of a wipe request. If you do not see this option, the selected user does not hae a IBM Notes Traeler subscription. 156 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
8. To remoe data from the deice, click one of the following options: Option Wipe Deice Wipe Traeler Data Description Select this option to remoe the IBM Notes Traeler application and all personal data and settings from the deice. After deice confirmation, the deice is reset to the factory default settings. This option affects all users of the deice. Select this option to remoe only the IBM Notes Traeler application and its data, but leae personal data on the deice. This option affects only the selected user. 9. If you issue a wipe request, the following options are aailable: Option Refresh Deice List Cancel Wipe Reactiate Description Shows the status of a wipe request. Cancels a wipe request that shows the status Wipe pending. Reactiates a deice in the serice after a wipe request is complete or fails with an error. Results The following table describes the messages that you might see in the Wipe status field after you issue a wipe request and click Refresh Deice List. Table 47. Wipe status messages Wipe status message Wipe pending Deactiated Hard reset failed Hard reset confirmed Application wipe failed Application wipe confirmed Not requested Description Wipe Deice or Wipe Traeler Data was selected. The request will be processed when the deice is turned on. The deice was wiped successfully and is no longer connected to IBM Notes Traeler. If Wipe Traeler Data was selected, Wipe Deice can still be selected. Wipe Deice was selected but the deice cannot be reset to factory default settings. This error usually indicates that the deice is an older model that does not support hard resets. Wipe Deice was selected and the deice confirmed the request. A Wipe Traeler Data request failed. This error can occur for older deice models. Wipe Traeler Data was selected and the deice confirmed the request. No wipe has been requested. Related tasks: Chapter 6. Administering user accounts 157
Enabling application passwords on page 43 Application passwords can be used to proide a secure login for applications that do not support forms-based authentication. For example, they can be used to access applications that require passwords on a mobile deice or for organizations that use federated identity and serice login passwords are not used. When you enable application passwords, you also hae the option of requiring the use of application passwords, and of allowing mobile users to bypass IP restrictions. Preparing for Notes Traeler deices on page 106 Before enabling users to use IBM Notes Traeler mobile deices with the serice, prepare your enironment and the deices. Managing BlackBerry smartphones After actiating a user s BlackBerry smartphone, perform any of the following tasks to manage it. Related concepts: Settings enforced for BlackBerry smartphones on page 116 This topic describes the settings that the serice currently enforces for BlackBerry smartphones. Related tasks: Getting started with BlackBerry deices on page 132 If BlackBerry deices supported by a Hosted BlackBerry Serices subscription are used, complete the following tasks to begin using the deices with the serice. Reactiating a user's BlackBerry smartphone If a user experiences a problem using a BlackBerry smartphone, actiating it again often resoles the problem. Before actiating again, back up the smartphone and then wipe it. Wiping remoes all data and preents duplicate Contacts and Calendar entries from occurring when you actiate it again. About this task Alternatiely, the user can reactiate the BlackBerry. Procedure 1. Back up the smartphone. For instructions, see the BlackBerry Knowledge Base article How to back up the data on a BlackBerry smartphone. 2. Log on to the serice as an administrator. 3. If your account also has the User role, click Admin > Manage Organization. 4. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 5. Under User and Groups, click Users. 6. In the Search box, type the beginning characters of any of the following user alues to display the user's name: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: 158 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 7. Click the user's name in the search results. 8. Click Manage BlackBerry Smartphone. 9. Perform the following steps to wipe the smartphone: a. Click Wipe b. Click Wipe again to confirm. 10. To begin the actiation process, perform the following steps to create an actiation password: a. Click Reactiate or Actiate Now, depending on the option that is displayed b. Create a one-time actiation password and then click Set Password. Remember the password because you or the user enter it on the smartphone in the next step. If you do forget it, you can simply repeat this step to set a new one. 11. To actiate the smartphone, refer to the following table and perform the steps that are shown for the operating system (OS) ersion of the smartphone. Actiation can take from a few minutes to an hour, depending on the size of the mail file. After performing these steps, look for the Actiation Complete message on the smartphone, which indicates that actiation is successful. OS ersion OS4, OS5 Steps to actiate 1. From the Home screen of the smartphone, click Manage Connections and then enable your Mobile Connection. 2. From the Home screen of the smartphone, click Options > Adanced Options > Enterprise Actiation. 3. Enter your SmartCloud Notes Internet email address, for example sdaryn@renoations.com. 4. Enter the actiation password. 5. Click the track ball and select Actiate. Note: Leae the Actiation Serer Address field blank, if you see it. OS6, OS7 1. From the Main screen of the smartphone, click Options > Deice > Adanced System Settings > Enterprise Actiation. 2. Enter the SmartCloud Notes Internet email address, for example sdaryn@renoations.com. 3. Enter the actiation password. 4. Click the Actiate button. Chapter 6. Administering user accounts 159
12. If you backed up data before actiating, restore the data now. For information, see the BlackBerry Knowledge Base article How to use BlackBerry Desktop Software to restore data to a BlackBerry smartphone from a backup file. Wiping a user's BlackBerry smartphone if it is lost or stolen If a user's BlackBerry smartphone is lost or stolen, wipe it to remoe all data and deactiate it. About this task Wiping a smartphone remoes all data from it and deactiates it. If the smartphone is off, it is wiped the next time it is turned on. Alternatiely, users can wipe their smartphones themseles. For information on wiping a smartphone as part of reactiating it to correct a problem, see Reactiating a user's BlackBerry smartphone. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Under User and Groups, click Users. 5. In the Search box, type the beginning characters of any of the following user alues to display the user's name: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 7. Click Manage BlackBerry Smartphone. 8. Click Wipe 9. Click Wipe again to confirm. 160 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Setting a deice password on a user's BlackBerry smartphone A deice password helps to preent unauthorized access to a user's BlackBerry smartphone. Use this procedure to set an initial deice password on a user's smartphone or to set a new deice password if a user has forgotten the current one. About this task The deice password is a different password than the one-time actiation password used to actiate the smartphone. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the System Settings section of the naigation pane, click IBM SmartCloud Notes. 4. Under User and Groups, click Users. 5. In the Search box, type the beginning characters of any of the following user alues to display the user's name: Distinguished name, for example, Samantha Daryn/Renoations. Internet email address, for example, sdaryn@renoations. Last name, for example, Daryn. Note: You cannot use the wildcard character (*) when you search. A starts with search is done and the names of any users with matching alues in the directory are displayed. For example, the results of a search on ma include the names of users with the following alues in the directory: Madison Armond/Renoations masmith@renoations Kristin MacGyer This search does not match the following alues: Emarie Klein/Renoations tamado@renoations Ted Amado Search results can include a maximum of 1000 names. 6. Click the user's name in the search results. 7. Click Manage BlackBerry Smartphone. 8. Click Set Deice Password. 9. Enter a password and then click Set Password. The password must be at least eight characters, including at least one numeric character and at least one alphabetic character. Results A message indicating that you hae changed the password is displayed on the smartphone. Chapter 6. Administering user accounts 161
What to do next Proide the password to the user. Related concepts: Settings enforced for BlackBerry smartphones on page 116 This topic describes the settings that the serice currently enforces for BlackBerry smartphones. Remoing a BlackBerry subscription from a user account You can remoe a BlackBerry subscription from a user account. Procedure 1. Log on to the serice as an administrator. 2. If your account also has the User role, click Admin > Manage Organization. 3. In the naigation pane, click User Accounts. 4. Click the arrow next to a user's name, select Edit User Account, and click Next. 5. In the Subscription Add-ons section, clear SmartCloud Notes for Hosted BlackBerry Serices. 6. Click Next and Finish. Results The user can no longer use a BlackBerry smartphone with SmartCloud Notes. Frequently asked questions about BlackBerry smartphone administration Table 48. Frequently asked questions about BlackBerry smartphone administration Question How do I know if a user has a BlackBerry smartphone subscription? How do I know if a user's smartphone is actiated? Answer 1. From SmartCloud Notes Administration, click Users. 2. Search for the user's name and then select it. 3. Do either of the following steps: Select Show BlackBerry only to show only users with BlackBerry smartphone subscriptions and see if the user's name is listed. Click the user's name and see if the alue of the BES subscription field has been set to Enabled. 1. From SmartCloud Notes Administration, click Users. 2. Search for the user's name and then select it. 3. Click Manage BlackBerry Smartphone. 4. If the user's smartphone is not actiated, a message is displayed indicating that it needs to be actiated. 162 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Table 48. Frequently asked questions about BlackBerry smartphone administration (continued) Question Answer What do I do if BlackBerry actiations fails? Perform these steps: 1. If the BlackBerry smartphone is an OS5 or earlier ersion, from the Home screen click Manage Connections and then enable your Mobile Connection. 2. Make sure that the user has an Enterprise plan with the wireless carrier rather than a Personal plan. If there is no Enterprise Actiation option on the smartphone, the user has a Personal plan and needs to change to an Enterprise Plan. After changing to the Enterprise Plan, reactiate the BlackBerry. 3. Reactiate the BlackBerry smartphone. If I set an actiation password, can a user oerride it? What do I do if there are duplicate Calendar or Contact entries on a smartphone? How do I tell which operating system (OS) ersion a BlackBerry smartphone uses? How can I display a user's BlackBerry smartphone deice model and other deice information? Yes, the actiation password is the last one set by either the administrator or the user. Wipe the smartphone and then reactiate it. See the BlackBerry Knowledge Base article How to check the model number and ersion of installed BlackBerry deice software on a BlackBerry smartphone. 1. From SmartCloud Notes Administration, click Users. 2. Search for the user's name and then select it. 3. Click Manage BlackBerry Smartphone. Chapter 6. Administering user accounts 163
164 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Chapter 7. Troubleshooting the serice Use the following tools and resources to help you troubleshoot a problem with the serice. Finding troubleshooting tips in the Support Portal Contacting Support If you need additional troubleshooting information, go to the IBM SmartCloud Notes Support Portal. There you can find troubleshooting information authored by IBM specifically for SmartCloud Notes.. Related information: SmartCloud Notes Support Portal If you are unable to resole a problem, contact Support. About this task For information, go to http://www.ibmcloud.com/social and select Support > Technical Support. 165
166 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Chapter 8. Notices This information was deeloped for products and serices offered in the U.S.A. IBM may not offer the products, serices, or features discussed in this document in other countries. Consult your local IBM representatie for information on the products and serices currently aailable in your area. Any reference to an IBM product, program, or serice is not intended to state or imply that only that IBM product, program, or serice may be used. Any functionally equialent product, program, or serice that does not infringe any IBM intellectual property right may be used instead. Howeer, it is the user's responsibility to ealuate and erify the operation of any non-ibm product, program, or serice. IBM may hae patents or pending patent applications coering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drie Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 19-21, Nihonbashi-Hakozakicho, Chuo-ku Tokyo 103-8510 Japan The following paragraph does not apply to the United Kingdom or any other country where such proisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are proided for conenience only and do not in any manner sere as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. 167
IBM may use or distribute any of the information you supply in any way it beliees appropriate without incurring any obligation to you. Licensees of this program who wish to hae information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Director of Licensing IBM Corporation North Castle Drie Armonk, NY 10504-1785 U.S.A. Such information may be aailable, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material aailable for it are proided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equialent agreement between us. Any performance data contained herein was determined in a controlled enironment. Therefore, the results obtained in other operating enironments may ary significantly. Some measurements may hae been made on deelopment-leel systems and there is no guarantee that these measurements will be the same on generally aailable systems. Furthermore, some measurements may hae been estimated through extrapolation. Actual results may ary. Users of this document should erify the applicable data for their specific enironment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly aailable sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objecties only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of indiiduals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and serice names might be trademarks of IBM or other companies. A current list of IBM trademarks is aailable on the Web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml. Intel is a registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. 168 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Priacy policy considerations Linux is a registered trademark of Linus Toralds in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Jaa and all Jaa-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. The RIM and BlackBerry families of related marks, images and symbols are the exclusie properties and trademarks of Research In Motion Limited used by permission. Research In Motion, RIM, BlackBerry, BlackBerry Enterprise Serer and Always On, Always Connected are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. IBM Software products, including software as a serice solutions, ( Software Offerings ) may use cookies or other technologies to collect product usage information, to help improe the end user experience, to tailor interactions with the end user or for other purposes. In many cases no personally identifiable information is collected by the Software Offerings. Some of our Software Offerings can help enable you to collect personally identifiable information. If this Software Offering uses cookies to collect personally identifiable information, specific information about this offering s use of cookies is set forth below. Depending upon the configurations deployed, this Software Offering may use session cookies that collect each user's user name, session ID, or other application-specific state information for purposes of session management, authentication, or enhanced usability. These cookies cannot be disabled. If the configurations deployed for this Software Offering proide you as customer the ability to collect personally identifiable information from end users ia cookies and other technologies, you should seek your own legal adice about any laws applicable to such data collection, including any requirements for notice and consent. For more information about the use of arious technologies, including cookies, for these purposes, See IBM s Priacy Policy at http://www.ibm.com/priacy and IBM s Online Priacy Statement at http://www.ibm.com/priacy/details the section entitled Cookies, Web Beacons and Other Technologies and the IBM Software Products and Software-as-a-Serice Priacy Statement at http://www.ibm.com/software/info/product-priacy. Chapter 8. Notices 169
170 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Index A access restricting to on-premises serers 129 access control lists see ACL 68 accessibility described 4 account identity deleting 149 remoing 152, 153 restoring 151 account settings configuring your enironment 26 ACL customizing for mail files 68 ActieX enabling 59 address filters described 70 administration tasks described 9 administrator role requirement 137 administrators first logon 25 application passwords enabling for mobile applications 43 B bandwidth Notes client 108 web client 104 BlackBerry deices actiating 133 reactiating 158 BlackBerry documentation proiding to users 136 BlackBerry on-premises serers remoing accounts 133 BlackBerry smartphones backing up data 158 encrypted mail 136 frequently asked questions 162 management tasks 158 resetting passwords 161 wiping 160 BlackBerry subscriptions adding a subscription 133 remoing a subscription 162 C calendar details enabling 83 chat See also instant messaging see instant messaging 89 client configuration tool changes made to Notes client 111 Client Configuration tool for Notes client 111 comparison serice and on-premises 9 custom templates execution security alerts 63 preparing 61 D delegation planning for mail files 119 deployment planning 13 deice passwords resetting for BlackBerry deices 161 deice wipe for SmartCloud Traeler deices 156 differences between serice and on-premises deployments 9 directories finding names in 47 distinguished name forming 122 E ECLs custom templates 63 email filters examples 70 enabling federated identity management 40 encrypted mail on BlackBerry smartphones 136 examples Internet mail routing using company SMTP host 21 using serice SMTP host 23 execution security alerts custom templates 63 expressions in mail filters 70 extension forms files assigning 140 assigning with integration serer 140 oeriew 64 requirements 66 using as default 140 F FAQs administering the serice 9 BlackBerry administration 162 federated identity checklist 39 federated identity management planning 13 firewalls configuring inbound 17 configuring outbound 17 preparing 17 folders trash folder management 57 FTP downloading journal files 94 G getting started preparing a communications plan 117 groups managing 154 H held status for new accounts 119 I IBM inotes control enabling 59 IBM Notes clients described 7 preparing for deployment 108 IMAP configuring access 98 folder names 99 inbound connections configuring firewalls 17 information aailable resources 10 instant messaging configuring 83 configuring communities 87 described 89 on-premises 85 integration serer journal files 93 Internet domains configuring 27 configuring additional 29 configuring an MX record 28 erifying ownership 27 IP range bypassing in mobile applications 43 J journal files downloading 94 Notes client sessions 97 Notes mail 95 oeriew 93 171
Junk Mail Reports customizing 74 enabling 73 K keyword filters described 70 L Licenses Notes 7 logon first time by administrator 25 Lotus Notes distinguished name forming 122 M mail file reducing size of file 58 mail file templates changing 139 configuring 63 language ersions 138 preparing custom 61 iewing assigned template 137 mail files changing templates 139 configuring mail settings 55 configuring trash retention 57 customizing access 68 planning delegation 119 quotas 118 iewing templates 137 mail filters Internet mail creating filters for inbound mail 70 see email filters 70 mail routing planning 17 preparing using SMTP 19, 20 using SMTP 21, 23, 60 using SMTP serers 19 mail rules limiting use 55 mail settings configuring 55 configuring Notes links 56 deleting older mail 58 limiting incoming message size 55 preenting automatic forward 55 mail templates determining template name 119 messages limiting size 55 mobile applications enabling passwords for 43 MX record configuring 28 N name changes best practices in a serice-only enironment 145 name finder configuring 47 Name finder Standard and Adanced options 49 network 13 planning 13 network bandwidth Notes client 108 web client 104 new user accounts proiding information to users 125 newsletter filter described 70 Notes client deciding whether to use 101 Notes clients authentication 35 changes made by Client Configuration tool 111 Notes ID on BlackBerry smartphones 136 resetting passwords 31, 144 Notes links setting style 56 Notes Traeler adding subscriptions 128 deleting users from on-premises serers 130 deice settings 108 preparing deices 106 remoing accounts from on-premises serers 129 restricting access to on-premises serers 129 NRPC authentication 35 O on-premises accounts remoing Notes Traeler 129 P password rules by authentication method 46 passwords enabling for mobile applications 43 resetting for Notes ID 31, 144 set expiration dates 31 setting expiration for Notes clients 32, 91 setting for BlackBerry smartphones 161 synchronizing 34, 92 preparing federated identity management 39 Proisioning checking status 122 Q quotas for mail files 118 R reactiation for BlackBerry smartphone deices 158 for Traeler deices 156 references information resources 10 Research In Motion accepting terms of use 132 RIM see Research In Motion 132 S Sametime configuring 83 feature comparison 89 on-premises 85, 87 SAML planning 13 security planning 13 serice-only enironment configuring 26 settings for BlackBerry smartphones 116 size limits mail files 118 SmartCloud Notes oeriew 1 using in serice-only enironment 5 what's new 2 SmartCloud Notes entry described 6 SmartCloud Notes web described 6 SmartCloud Traeler managing deices 156 SMTP serer using to route mail 60 SMTP serers preparing for Internet mail routing 19 spam reporting 79, 80 spam mail reporting 82 status held status 119 subscriptions actiating BlackBerry serice 133 adding BlackBerry serices 133 Notes Traeler 128 adding in a serice-only enironment 119 in suspended account 149 remoing BlackBerry serices 162 SmartCloud Notes 147 status of new 122 172 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
subscriptions (continued) iewing 155 support troubleshooting tips 165 suspended account status 149 T templates changing 139 configuring 63 language ersions 138 using custom 139 iewing assigned 137 third-party email setting up IMAP 98 troubleshooting contacting support 165 execution security alerts 63 lost BlackBerry smartphone 160 reporting spam mail 82 tools and resources 165 Troubleshooting Resetting Notes ID passwords 31, 144 troubleshooting tips in the Support Portal 165 U user accounts adding in a serice-only enironment 119 administering 137 deleting 149 remoing from BlackBerry on-premises serers 133 restoring 151 reoking 152, 153 suspending 149 user names changing in a serice-only enironment 145 W web client customizing 64 description 6 preparing for 104 what's new 2 Index 173
174 SmartCloud Notes: Administering SmartCloud Notes: Serice-only Enironment March 2015
Printed in USA