Zivver WebApp administrator manual



WebApp overview

In the Zivver WebApp, the users can do work on conversations. The administrators can use the WebApp to configure their Zivver products. The Organization overview in the WebApp is the window from where you access the functions of the Zivver WebApp.
The WebApp is a cloud application. As such, installation, uninstallation, and updating are not required
Deployment
To start the WebApp administrator panel, you open the page Organization Overview in a web browser.

WebApp system requirements

The Zivver WebApp runs in a browser. For details, refer to the Product compatibility guide.

Change the WebApp interface language

IntroductionThe WebApp user interface is available in these languages:
  • English
  • Dutch
  • German

Procedure

  1. Open the Profile Settings
    Profil-Einstellungen, Profiel.
  2. In the dropdown box Language, select the language.

Organization Overview window

The Organization overview in the WebApp is the window from where you access the functions of the Zivver WebApp. You can access those functions through the menu structure, the tiles, and through a URL.


Organization Branding of your (sub)organization

Configure the appearance of the Zivver notifications.

In the Zivver WebApp, the administrator can make customizations of your Zivver WebApp messages. You can also configure the appearance of units that are part of your organization.
To review the functions, open these WebApp pages.
If you want to have more customizations in the guest environment, refer to Customize the guest portal screen

Change organization name

IntroductionThe administrator can change the organization name. The notification emails show this name.

Procedure

  1. Open the Organization Account page in the Zivver WebApp.

Business account holder

The business account holder is the contact person between your organization and Zivver.

After the implementation of Zivver in your organization, you can stay connected with Zivver. For an efficient communication, the administrator can appoint a contact person to become responsible for Zivver-related matters. Zivver can offer personalized support and share information with your contact person.
To enter the contact information, open the page in the Zivver WebApp Organization Account in the WebApp. Then, scroll down to Zivver Business Account Holder.

Delete your organization from the WebApp

Introduction
If you remove the account of your organization in the Zivver WebApp, you also remove all the conversations and files of all the users. If you claimed a domain, this domain becomes available again. Zivver cannot restore the data.
WARNING
If you delete your organization, all the data is lost. There is no possibility to restore the data.

Procedure

  1. Open Organization account in the WebApp.
  2. Scroll down to the section Delete organization.
    A button Delete becomes visible when you hover over this section.
  3. Click Delete.


Network configuration overview

To use the functions of the Zivver WebApp, you must configure your network. Refer to the particular articles.

DNS configuration overview

The Zivver WebApp does checks on the domains that you administer for the presence of DNS records. In the DNS settings, you can see the results.
By default, the Zivver notification message appear to come from noreply@zivver.com. The recipient can think that this message is spam. But you can change noreply@zivver.com to your own address. To change, you must configure your DNS settings in the WebApp.
For more information, refer to Sent Zivver mails from your own domain.
You can change the DNS configuration so that your messages appear to come from your domain.

SPF

SPF verifies that spf.zivver.com is an authorized host for your organization.

The Zivver Sender Policy Framework (SPF) entry shows that Zivver is allowed to send email on behalf of your organization.

DKIM

DKIM verifies that the domain owner authorized the email that the sender sent from that domain.

With DomainKeys Identified Mail (DKIM) Zivver can take responsibility for a message. In this process, a recipient can verify that message. Zivver generates a public key in the Zivver DNS settings in the admin portal. Then, Zivver signs the emails with a private key so that the receiving mail servers can verify the email.

DANE

With DANE the domain administrators can specify the keys for TLS servers or clients in their domain. With this feature, you do not depend on third-party certificates that attest the legitimacy of the keys. Zivver does tests for a TLSA reclord and of DNSSEC proof
If you configure DANE correctly for your domain, delivery of verified and encrypted SMTP becomes possible. You can then choose that Zivver directly deliver inbound Zivver messages to your organization.

Returnpath CNAME

The returnpath CNAME is for the processing of non-delivery reports (¨bounces¨)

The Return-Path CNAME points the return path of Zivver emails back to Zivver. These are the consequences:
  • Zivver receives non-delivery reports (NDR) and the other email feedback that the receiving mail servers sent.
  • Zivver can pass this feedback to the Zivver user. For example, Zivver tells the user whether a Zivver message caused an NDR.
  • The email passes the SPF alignment test. This is a part of DMARC.
When you create a CNAME record, you create a subdomain zivverbounce. and point it to returnpath.zivver.com. With this, email providers can route emails back to Zivver.
The administrator must create a subdomain zivverbounce.yourdomain.com and set the CNAME record to point to that subdomain. Zivver does checks only on the zivverbounce subdomain for the existence of a CNAME record. Zivver ignores every other subdomains that you create and to which you added CNAME records.
If a CNAME record is configured, do not set other records for the same subdomain.

Secure delivery of unencrypted messages

Use Inbound Direct Delivery for secure delivery of unencrypted messages. Inbound Direct Delivery is useful, for example, when you want to store incoming messages in a document management system.
The administrator can configure Inbound Direct delivery in the Zivver WebApp under DNS Settings. For more information, refer to the Inbound Direct Delivery article.


Accounts

Typical user administration task include these tasks. You can do these tasks from the Accounts page in the Zivver WebApp.
Note
To prevent lockout, make sure that you have two administrator accounts. To add an administrator, refer to How to add a second administrator account.

Add user account or functional account

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Add a user account or a functional account.
    The email address must be an address of your claimed domain.

(Un)suspend an account

Introduction
To suspend an active account, unsuspend a suspended account, do these steps.

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Highlight the account that you want to process. Then, click Edit edit_black_24dp.svg
  3. Scroll to Suspend or Delete Account.
  4. Click Suspend, or Unsuspend.

Delete an account

Introduction
To delete an account, do these steps.

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Highlight the account that you want to process. Then, click Edit edit_black_24dp.svg
  3. Scroll to Suspend or Delete Account.
  4. Click Delete.

Change account type

Promote, demote an account or change to functional.

Introduction
In the Zivver WebApp, you can change an account into an administrator, personal user account, or functional account.
If the users use single sign-on (SSO), you can upgrade a user account to a administrator account. But then, you must set a new temporary password. This is to make sure that administrators can always log in even when SSO does not function (temporarily).

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Highlight the account that you want to process. Then, click Edit edit_black_24dp.svg
  3. Scroll to Account type. Then, choose the account type.

Create mail alias

Requirements

You must have a claimed domain.
Introduction
In the Zivver WebApp, you can add a mail alias to an existing account.

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Highlight the account that you want to process. Then, click Edit edit_black_24dp.svg
  3. Scroll to Mail aliases.

Grant access to read and send on behalf

Introduction
In the Zivver WebApp, you can grant other accounts the permission to read and send emails on behalf of a different account. The users of the other accounts cannot change the host account settings and password.
This name of this function is Account Delegation.

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Highlight the account that you want to process. Then, click Edit edit_black_24dp.svg
  3. Scroll down until you see the relevant section.

Single sign-on overview

With single sign-on (SSO), users can access more than one applications with one password.
For more information, refer to Single Sign-on Setup.
In the Zivver WebApp, you can configure SSO in the Single sign-on page. Select Use Single-sign On.

Invite users to your organization

Introduction
The procedures to invite users to your organization are different for an organization that uses single sign-on and that does not use single sign-on.
Open the links for the procedure.

Send invitation again

Introduction
If the status of an account is Invited, you can send the invitation again or revoke the invitation.

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Highlight the account.
  3. Click Resend invitationrefresh_black_24dp.svg

Revoke invitation

Introduction
If the status of an account is Invited, you can send the invitation again or revoke the invitation.

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Highlight the account.
  3. Click Revoke invitationremove_circle_black_24dp.svg.

Merge of accounts

In the Zivver WebApp, an administrator can merge two existing accounts. You must enter an existing account as an alias with a second existing account.
Users log in to the primary e-mail address or an alias. The password is the same. Zivver messages that senders send to an alias arrive in the primary account mailbox. At this moment, it is only possible to send e-mails from the primary email address.
  • You must have a claimed domain.
  • You cannot merge an administrator account with a user account or functional account. You can do the reverse.
  • You cannot merge accounts if the email address is an alias instead of a user account or functional account.
WARNING
You cannot undo the merge.

Merge accounts

Introduction
WARNING
You cannot undo the merge.

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Highlight the account that you want to process. Then, click Edit edit_black_24dp.svg
  3. Scroll to Mail aliases.
  4. Enter an existing account.
  5. Select a claimed domain.
  6. Click Add alias.
  7. In the new window, click Merge.
  8. Make the alias that you set the primary email address.

Change password (administrator)

Introduction
In the Zivver WebApp, an administrator can change the password of a user or an administrator.
You cannot change the password of a functional account because a functional account does not have a password.
You cannot change a user password if the users use single sign-on

Procedure

  1. Open the accounts page in the Zivver WebApp.
  2. Highlight the account that you want to process. Then, click Edit edit_black_24dp.svg
  3. Scroll down until you see the relevant section.


Export user data

We have disabled this functionality by default to improve the security of the application. Please request Support to enable the FTP export for your organization. With the function Export user data, you can download data these artifacts of your organization.
  • Zivver message bodies
  • Information about the sender
  • Information about the recipient
  • Information about the read receipt
  • Information about the attachment.
The function downloads the data with the File Transfer Protocol (FTP) as EML files.
A user can export their data. For more information, refer to Export user data via FTP.

Export user data

Requirements

Make sure to have an FTP client where you can configure explicit TLS.

Introduction

Do these steps to export your organization data by FTP.

Procedure

  1. Open Organization Settings > Export user data.
  2. In your FTP client, create a connection to ftp.zivver.com
  3. Configure for this connection:
    • Explicit TLS
    • Port 21
  4. Connect to the host with these credentials:
    • User name: In the Organization Settings > Export user data, copy the user name from the username field.
    • Password: In Organization Settings > API Keys, generate an API key. Then, copy this key.
    Trust the new certificate.
Results

You can now download the files with the FTP client.



Security policies

Configure Business rules, recipient verification, messages revocation, verificaion methods for your organization.

In the Zivver WebApp, the administrator can configure these policies for secure mailing of your organization. For information about the functions, open the links to the WebApp in the Policy column.

Business Rules in the WebApp

Business Rules are the rules that causes an audit event, suggestion, warning or, error when a user writes an email. In the The Zivver WebApp, you configure the Business Rules for your organization.
For details about the Business Rules and the optimal use, refer to Business Rules in Zivver.
In the Business rules page, you can enable a rule and set the warning level.

Encourage regular or Zivver emails

please read Encourage regular or Zivver emails for more information about (un)trusted domains.

Message revocation

Message revocation is useful in these situations
  • The user wants to withdraw a message that the user sent in error.
    Examples: wrong recipient, wrong content.
  • The user must comply to retention policies or laws.
A user can revoke the message that they sent manually. The administrator can set the defaults for their organization. Refer to Set organization message revocation policy.
Users can change the default interval and default scope before the message expires. They can also cancel the expiration.
For more information, refer to Zivver data access, retention, and deletion.
To monitor the message revocation in your organization, use Zivver Insights. Refer to Message revocation statistics.

Verification methods administration

The Recipient Verification list in the Zivver WebApp shows the mobile-phone numbers and shared access codes that users entered. Users in your organization automatically use the authentication methods in this list.
These are the consequences.
  • The senders do not need to choose an authentication method every time that they send an email to a known recipient.
  • The recipients can always use the same verification method.
Zivver automatically chooses the most secure standard authentication method. Users cannot change the default authentication method. Only an administrator can change the default. Users can choose to use a different authentication method.
You can set a default authentication method for recipients manually and with a CSV file.

Verification methods in the WebApp (administrator)

The administrator can configure the verification methods for each recipient in the Set verification methods window. These settings are valid for the full organization.
These are the available alternatives.
  • SMS to personal contact
  • Access code
  • SMS to new number
  • Verification email
You can configure the verification method for each recipient manually or with a CSV file.
Note
Zivver users can have two separate contact lists, a personal contacts list and an organization contacts list. The latter is shared with all the users in the same organization or organizational unit.
Note
If you select SMS to new number, these are the consequences:
  • The users must enter a mobile-phone number for every new conversation with every recipient.
  • Mobile numbers are saved in a user’s personal contacts list only if you select SMS to personal contact.
For more information about verification methods, refer to Recipient verification methods

Import verification methods

Introduction
With a CSV file, you can set a default authentication method for recipients in the Zivver WebApp.
This is an example of such CSV file. This file results in two entries. One uses SMS on phone number 611111111, the other uses the access code .
email_address,full_name,phone_number,access_code,access_code_hint
imported_sms@zivverimport.nl,use sms,611111111,,
imported_acc@zivverimport.nl,use accescode,,1234567,how many days is a week?

Procedure

  1. Prepare the CSV file that you want to import.
  2. Open Recipient Verification.
    Import access rights opens.
  3. Click Upload upload_black_24dp.svg
  4. Import the CSV file that you prepared.
    The next screen reports which rows are rejected and accepted.

Add verification method manually

Procedure

  1. Open Recipient Verification.
  2. Click Editedit_black_24dp.svg
  3. Fill out the fields. Then click OK.

Manage the default verification method

Introduction
For each user, the administrator can update the settings of the default verification method in the Zivver WebApp. You can also delete the entry.

Procedure

  1. Open Recipient Verification.
    • Update the default verification.
      1. Click Editedit_black_24dp.svg
      2. In the new window, make your changes.
      3. Click Ok.
    • Remove the user from the list.
      1. Click Delete delete_forever_black_24dp.svg

Data leaks prevention

Use Zivver Insights to prevent data leaks.

With the metrics of the email traffic, you can assess the security of your emails. From Insights for Zivver Secure Email you can get the metrics. This tool shows how well you prevent email data leaks and where you can improve. For more information, refer to Insights for Zivver Secure Email

View events in the WebApp

Introduction
You can view administrative actions in the Zivver WebApp. This information can be useful to troubleshoot (security) issues.
You can save monthly logs as .CVS files with Download monthly records get_app_black_24dp.svg.

Procedure

  1. Open the Audit log page.
    You can filter the data and export.

Statistics Insights - monitor data leaks

The Zivver WebApp collects usage information. With this information, you can monitor data leaks.
The WebApp shows these dashboard sections of the Zivver Insights statistics.

Overall overview of Zivver usage

The KPI section shows an overall overview of the Zivver usage in your organization.
The section is part of the Statisticsbar_chart_black_24dp.svg in the Zivver WebApp.
  • Number of accounts that sent at least one Zivver message in the selected period. It is unexpected that everyone in an organization sends secure messages regularly. You must compare this metric against how many people in your organization you actually expect to send sensitive information.
    Note
    For messages sent from a delegated account, the account that initiated sending the message is counted as the sender. This means that messages from functional accounts are not counted in this metric.
  • Number of messages that were sent securely after a business rule was triggered. Gives an indication of the amount of sensitive information shared in the organization
  • Number of Zivver messages that were manually revoked by the user before they were read by any recipient.
    Note
    Does not include scheduled revocations.
  • Percentage of messages sent with Zivver after a business rule was triggered.
    Note
    This metric works only if logging non-Zivver messages is enabled for the organization. If it is not, the number shown is always 100%. This is because only messages sent from clients able to send and log both Zivver and non-Zivver messages (that is, users of Zivver Office Plugin and Zivver Outlook Web Access Add-in) are counted and from accounts that have opted in to log non-Zivver messages.
  • Percentage of Zivver message recipients secured with a verification method other than Email verification.
  • Percentage of Zivver message recipients that have opened their message at least once.

Statistics of sent Zivver messages

The Adoption section shows statistics of the sent messages in your organization.
The section is part of the Statisticsbar_chart_black_24dp.svg in the Zivver WebApp.
  • Number of Zivver messages sent by month
  • Number of accounts that sent at least one Zivver message by month
  • Number of Zivver messages sent split by total attachment size
  • Number of Zivver messages sent for each user

Statistics of business rules usage

Understand what kind of information your organization sends and whether users send this information securely when expected to. These stats show how much use the business rules get. In particular, they show how likely users are to follow or ignore Zivver recommendations.
The section is part of the Statisticsbar_chart_black_24dp.svg in the Zivver WebApp.
  • Percentage of messages sent with Zivver after a business rule was triggered by month.
  • Number of messages with a specific business rule triggered and the percentage of these messages sent with Zivver.

Statistics recipient security methods

The Recipient security section shows the usage of the different verification methods.
The section is part of the Statisticsbar_chart_black_24dp.svg in the Zivver WebApp.
These stats show which recipient verification methods are used and also which domains or types of users get the most Zivver messages. They help you understand whether verification methods set for recipients are in line with policy. Also, they identify whether messages sent are opened successfully.
  • Recommended verification method usage over time
  • Number of Zivver messages sent to each type of recipient
  • The top domains by number of Zivver messages received, % opened and % secured with SMS, access code or a Zivver account
  • Number of Zivver messages sent to guest recipients, by verification method used

Message revocation statistics

The Message revokes chart shows the number of manually revoked Zivver messages. The sort is by whether they were opened or not. You can use this information as an indicator of data leakage.
The section is part of the Statisticsbar_chart_black_24dp.svg in the Zivver WebApp.

Sender statistics

The Sender statistics table shows key performance indicators per user. With Export data, you can download this table.
The section is part of the Statisticsbar_chart_black_24dp.svg in the Zivver WebApp.


Integrations of Zivver products with the WebApp

In the WebApp, you can do administrative task of these Zivver products.

Office Plugin for Outlook Desktop integration with the WebApp

In the Plugin Settings in the Zivver WebApp, you can adjust the settings for your users in your organization.
You can set the settings as follows.
On
If you select On, the setting is enabled by default for all the users
Mandatory
If you select Mandatory, the users cannot change this setting in their own environment.
These are the options that you can choose for this Zivver product.
Collect information about emails sent without Zivver
If you select this setting, the WebApp collects information also from regular emails. We recommend for this setting On and Mandatory. For more information refer to Which emails to log
Automatically use Zivver when a business rule recommends
If you select this setting, the email client automatically sends the email securely when a business rule recommends secure send. But users can send the email as regular email.
Show newest message on top
If you select this setting, the email client sorts the order of the Zivver messages in a conversation newest first.
Save sent Zivver messages without encryption
If you select this setting, you can read the sent Zivver messages directly in every email client. But this setting leaves the sent messages and files unprotected. That situation causes a risk when, for example, a user's laptop or phone is stolen.
Save received Zivver messages without encryption
If you select this setting, you can read the received Zivver messages directly in every email client. But this setting leaves the received messages and files unprotected. That situation causes a risk when, for example, a user's laptop or phone is stolen.
Automatically use Zivver for every new message
If you select this setting, the email client sends every new email as a secure Zivver message. But user can also send a message or file as a regular email. Select this setting for users in your organization who send sensitive information in almost every email.

Outlook Web Access Add-in integration with the WebApp

In the Plugin Settings in the Zivver WebApp, you can adjust the settings for your users in your organization.
You can set the settings as follows.
On
If you select On, the setting is enabled by default for all the users
Mandatory
If you select Mandatory, the users cannot change this setting in their own environment.
These are the options that you can choose for this Zivver product.
Collect information about emails sent without Zivver
If you select this setting, the WebApp collects information also from regular emails. We recommend for this setting On and Mandatory. For more information refer to Which emails to log
Automatically use Zivver when a business rule recommends
If you select this setting, the email client automatically sends the email securely when a business rule recommends secure send. But users can send the email as regular email.

Chrome Extension integration with the WebApp

In the Plugin Settings in the Zivver WebApp, you can adjust the settings for your users in your organization.
You can set the settings as follows.
On
If you select On, the setting is enabled by default for all the users
Mandatory
If you select Mandatory, the users cannot change this setting in their own environment.
These are the options that you can choose for this Zivver product.
Automatically use Zivver when a business rule recommends
If you select this setting, the email client automatically sends the email securely when a business rule recommends secure send. But users can send the email as regular email.

Synctool integration with the WebApp

You can connect the Zivver Synctool with your Zivver organization. To achieve this, the Synctool must connect over port 443 to the Zivver API https://app.zivver.com/api/. You authenticate with an API-key.
You can do the API key administration in the WebApp in the window Organization API keys, Organization settingsApps & integrationsAPI keys.
Note
Copy and save the API immediately after you generate it. The WebApp does not save that key.
For more information, refer to the Synctool documentation.


Optional WebApp functions

Speak to your representative at Zivver for the optional functions of the Zivver WebApp. You can ask for a quotation.

Customize the guest portal screen

The portal screen is the screen that a recipient without Zivver account, guest user, gets before they open the secure Zivver message. The steps to open the portal screen are as follows.
  1. Open the notification message.
  2. In the notification message, click Open message.
A window opens where the guest user enter the 2FA code, access code or SMS code. This window is the portal screen.
You can get this screen with your own logo, colors, and additional images. See the example of the Zivver guest portal. If you want to customize this screen, speak to your representative at Zivver.
guest_portal.png

Allow users without Zivver account email your organization

In the Zivver WebApp, you can allow users without a Zivver account, guests, to send emails to recipients in your organization. For this, you can use the function Conversation Starter in the Zivver WebApp.
These type are available:
  • Personal conversation starter
  • Open conversation starter
An important difference is that in the personal conversation starter, you set up a specific recipient for the guest user. In the other type, the guest user specifies the recipient in your organization. For more information, refer to Set up conversation starters
To purchase this feature, send an email to sales@zivver.com or speak to your representative at Zivver.

Proof of delivery report

Zivver can make function available for a proof of delivery report.
Note
This function is available if Zivver makes it available for your organization. Speak to your representative at Zivver.
The proof of delivery report has these main purposes:
  • Inform the sender of a message what the status is of the delivery of their (notification) message.
  • Give the sender of a message detailed information about the delivery process of their message.
This is the contents of a proof of delivery report.
  • A summary that shows whether the message was indeed sent and delivered and whether it was encrypted in transit.
  • Zivver event flow from message creation onwards. That includes, for example, delivery failures.
  • NTA 7516 message status if relevant.
  • Zivver message revocation status.
Remarks
  • Zivver sends Inbound Direct Delivery and NTA messages as plain text.
  • If a recipient’s email server does not honor DSN (delivery status notification) requests, Zivver does not detect delivery failure of a message. Thus, the log does not contain such failure.

Secure email without Zivver client

You can securely send messages from your mail server or third-party application without Zivver client or integration. For this, you can use Zivver Mail Submission. To use Mail Submission, your mail server or application must support SMTP.
In the Zivver WebApp Mail Submission panel, you can generate and delete SMTP credentials.
For more information, refer to Mail Submission.
To purchase this feature, send an email to sales@zivver.com or speak to your representative at Zivver.

WebApp customizations

The Zivver WebApp can host optional services that are customized to your needs. For more information, speak to your representative at Zivver or send a message.


Service and support

For service and support, create a case.