Difference between revisions of "Retain Authentication"
| Line 63: | Line 63: | ||
#Under the Mailboxes tab: add the mailbox server or the required mailboxes. | #Under the Mailboxes tab: add the mailbox server or the required mailboxes. | ||
#Under the Miscellaneous tab: increase the Display Number to 100, the Message Age Display to 3 years and the timeout to 60 minutes. | #Under the Miscellaneous tab: increase the Display Number to 100, the Message Age Display to 3 years and the timeout to 60 minutes. | ||
| + | |||
| + | ==Troubleshooting SSL== | ||
| + | |||
| + | To add secure connections to Retain you add a certificate to [http://support2.gwava.com/kb/?View=entry&EntryID=1993 apache] or tomcat [http://support2.gwava.com/kb/?View=entry&EntryID=1692 Windows][http://support2.gwava.com/kb/?View=entry&EntryID=1692 Linux] | ||
| + | |||
| + | Sometimes it happens that the Worker or R&M Server is unable to connect. This is a simple troubleshooting algorithm: | ||
| + | #Make sure that all the steps above are in place. | ||
| + | #Set the port to 443 | ||
| + | #Save the bootstrap | ||
| + | #Stop tomcat | ||
| + | #Remove the bootstrap from the appropriate /cfg directory | ||
| + | #Start tomcat | ||
| + | #Load the new bootstrap. | ||
Revision as of 15:53, 25 September 2015
This is where we will explain the various authentication methods.
Contents |
Users
This section discusses user rights assignments.
New users get listed in Retain as they log in. They will be authenticated automatically against the address book that had been synced during setup.
One of the easiest and more convenient things to do is to change the Session Timeout duration for the admin user. The max is 480 minutes (8 hours). It is a pain to try troubleshooting job issues and to have it timeout on you while doing that kind of thing.
One thing that makes life easier for many customers is to set the default Display Number 100 per page and the Message Age Display to 3 years.
Hands On
One of the major uses of Retain is for eDiscovery. The entire archive can be searched by the admin user to provide requested information for legal, Freedom of Information Act, or other sunshine law purposes. However, we know that network administrators are busy people and running a query about which user sent what to whom on a particular date only requires a user with modest technical skill and proper rights. This might be a helpdesk manager user or junior sysadmin. We also know that we don't want to give users too many rights or they might change something important on the server as they explore.
Create an eDiscovery User
- Go to the User section of the Retain Web Console.
- Click on Add User.
- Set Authentication Method to "Offline" (the user does not need a mailbox on the email system).
- Set a password.
- Go to the User Rights tab, and give them "Search all mailboxes" and "Publish Messages", you may consider giving them "See Confidential Items [other mailboxes]" rights as well.
- Go to the Miscellaneous tab and set "Display Number" to 100 and "Message Age Display" to "Last 3 years".
- Press "Save Changes".
Groups
This section discusses group rights assignments and how they interact with specific user rights. In some cases, user rights take precedence; yet in others, group rights are king.
Hands On
It is not unusual for organizations to have some kind of auditing process in place to make sure business processes are working as expected. This will often be comprised of a few people within the organization checking up on things. As auditing is not a continuous process and the people charged with doing that may change over time rather than give an individual user rights. This way a sysadmin won't be trying to remember which user has what rights they aren't supposed to, they just need to update the group membership to reflect the current needs.
Create an Auditor Group
- In the Retain Web Admin Console of your test system, select Groups.
- Click "Add Group."
- Under the Core Settings tabs: Add a few users.
- Under the Group Rights select the appropriate rights:
Administrator level rights Access all audit logs Deletion Manager Add, edit, remove global tag definitions Apply or remove litigation hold Manage Server Manage Users and Groups Manage Workers, Schedules, Profiles, Jobs Publish Messages Restore messages [Any Mailbox] Search all mailboxes See Confidential Items [other mailboxes] User level rights Apply Confidential Tag [other mailboxes] View/Save attachments View personal audit log Delete messages in other mailboxes Delete personal Messages Export Messages Forward Messages Print Messages Read Configuration (Redline) Restore messages [My Mailbox] Apply Confidential Tag [own mailbox] Add, edit, remove user tag definitions
- Under the Mailboxes tab: add the mailbox server or the required mailboxes.
- Under the Miscellaneous tab: increase the Display Number to 100, the Message Age Display to 3 years and the timeout to 60 minutes.
Troubleshooting SSL
To add secure connections to Retain you add a certificate to apache or tomcat WindowsLinux
Sometimes it happens that the Worker or R&M Server is unable to connect. This is a simple troubleshooting algorithm:
- Make sure that all the steps above are in place.
- Set the port to 443
- Save the bootstrap
- Stop tomcat
- Remove the bootstrap from the appropriate /cfg directory
- Start tomcat
- Load the new bootstrap.
