Zivver WebApp - Administrator manual


This document explains how to manage Zivver for organizations. You can find the administrator settings tune at the bottom left of your screen when you are logged in to the Zivver WebApp. Are the administrator settings missing at the bottom left of your screen? Ask an administrator in your organization to give you administrator rights.

This manual uses the fictitious organization Voorbeeld BV as an example organization. Voorbeeld BV has its own website: www.vorbeeldbv.com. Everyone in this organization has an e-mail address of the form {name}@voorbeeldbv.com

The Organization overview

Organization overview in the WebApp

In the Overview view_compact tab you can see the most important statistics, notifications and settings for your organization at a glance. - Under Statistics you can see the number of administrators, users and the total number of messages sent. - Under Alerts items that demand your attention as administrator are grouped.

Example notifications:

warning Only one administrator has been set up

warning 2 users forgot their passwords

In the overview window you can find all organization settings organized as cards. The organization settings are also shown as tabs in the side panel on the left side of your screen.

Organization account

Organization Account business is where you manage organization identity elements and delete organizations.

Change Organization Name

Enter or change the name of your organization.

Zivver will automatically scale the logo to the correct size.

The logo must meet the following conditions:

  • Has an aspect ratio of 2:1
  • Is at least 250 pixels wide and 125 pixels high

Organization branding for guest users

You can select organization branding for guest users. Select an Organization branding and click SAVE. The corporate identity for the host environment ensures that the guest recipients are presented with your organization’s brand elements when using Zivver. You will only see a Standard theme if a guest branding theme is not available.

At the bottom of the Organization account page, a button appears. With this button, you can delete the full organization. The DELETE button only becomes visible when you move the mouse over this section. You must enter your password before you can permanently delete the organization.

Zivver can not recover deleted messages and files after an organization is deleted! Only remove an organization after consultation with Zivver.

After this, all messages and accounts for the organization are deleted.

Branding guest environments

Send this information to your Zivver project manager:

  • Contact person in your organization’s communication department
  • Organization logo (in RGB) in vector format (for example .eps,.ai or .svg)
  • The color code (in RGB) of the primary color and possibly the secondary color of the corporate identity of your organization, Zivver uses these colors to create a color palette for the house style in the guest environment.
  • Optional: for the background in the first screen, choose a photo in high resolution, at least 1920 x 1280 pixels.

This data is then forwarded to the Zivver design department. They will make a first draft and share it with your communication department. If you agree with the design, it is developed and tested, and is available in 1-2 weeks. In the meantime, the guest environment can be used, but not your logo can be seen but the Zivver logo.

Enable guest environment branding

As soon as the guest environment is available, you will receive a notification from Zivver. You can then activate guest environment branding in the management panel. For questions about the host environment, you can always contact your project manager.

Creating branding for guest environments is an additional service and does not fall under the basic functionality. Contact Zivver if your organization wants to apply for branding services.

Organizational Units

From the Zivver perspective Organizational Units (in what follows, “OUs”) are sub-sets of an organization, which include some of the users in an organization, but can have their own administrators, branding and notification settings. Normally, you would map Zivver OUs to existing OUs in your (LDAP) environment.

Add Organizational Units

If you wish to assign different settings to a part of your organization, you must first create a new OU:

  1. Log in to the Zivver WebApp as an administrator
  2. Go to tuneOrganization Settings
  3. Go to powerOrganizational Units
  4. Click ADD NEW
  5. Enter a name and an identifier for your new OU
  6. Press CREATE
    Your new OU is created and its name will be displayed in a box, below the page header
An OU cannot be removed unless all user accounts in it are moved or deleted

You can assign a logo to your new organizational unit. This will be displayed in place of the logo of your organization..

  1. Click to expand the Logo dropdown
  2. Click UPLOAD LOGO
  3. Select the appropriate file. The logo is now displayed to the left of the OU header
The logo should have a 2:1 aspect ratio and be at least 250x125px. The logo size and aspect ratio is NOT enforced. You can choose any image, but choosing an image outside the recommended parameters may break various layouts.

Click REMOVE LOGO if you ever wish to remove the logo. It is possible to replace the existing logo by simply uploading a new one.

OU branding for guest users

You can choose a branding set to apply to your organizational unit, if customized guest environment brandings have been added:

  1. Click to expand the Branding for guest users dropdown
    A list of brandings is shown
  2. Click to select a branding
  3. Click SAVE

Select the Default branding for none.

You can add custom text to the end of each notification message that any account in an organizational unit sends, to give the recipient more information about the secure message.

  1. Click to expand the Notification message dropdown
  2. Choose a language from the drop-down menu
  3. Enter a notification message footer text
  4. Press SAVE

Zivver supports rich text in notification messages.

OU Introduce Zivver to new recipients

Zivver can be configured to send new recipients an introductory email, explaining what Zivver is and does, just before they receive their first Zivver notification email. To do so:

  1. Click the newly created OU box
    OR click settings then click EDIT
    The Organizational Unit page is displayed
  2. Click to expand Introduce Zivver to new recipients
  3. Enter a subject line and a body for the introductory email, then click SAVE
    OPTIONAL: when editing an existing message, press REVERT to revert to the version you saved earlier.
  4. Click SEND EXAMPLE to send a sample introduction email to your own inbox
    A sample introduction email with the subject and body you chose
  5. Check that the sample you have received is correct
  6. Toggle Send introduction email to new recipients on toggle_on
    A notification that introductory emails are now being sent is displayed.

Zivver supports rich text in introductory emails.

OU Accounts

Zivver users can be assigned to any OU, or to none of them, in an organization. Users which are not assigned to any OUs are assigned to the default organization. To assign users to your new OU from the admin interface, you should:

  1. Click the newly created OU box
    OR click settings then click EDIT
    The Organizational Unit page is displayed
  2. Click to expand Accounts
  3. Click ADD
    The list of all accounts in your organization pops up.
  4. Select accounts as needed by clicking the check box in the last column
    The accounts have been added to the OU, and a list of accounts is now displayed.
    Whenever a user account is moved (to or from an OU), the user is logged out.
User accounts can only be assigned to a single OU.

It is possible to assign users to an OU using the Zivver SyncTool.

OU log events

Organizational unit event names are prefixed with ‘Organizational unit’. Currently, four event types are logged:

  • Organizational unit account moved
  • Organizational unit created
  • Organizational unit updated
  • Organizational unit deleted


Claiming your domain in Zivver gives you control over all the accounts under your claimed domain on the Zivver platform and is required for the use of following features:

  • Preventing your users to create rogue accounts under your domain
  • Create email aliases for users
  • Single Sign-On
  • Automated account provisioning via the Zivver Synctool.

Claim a domain

How to claim a domain

Hand over a domain

It is possible to hand over the management of Zivver accounts in a domain that has been claimed by a different organization, to that organization. If a domain with Zivver accounts managed by your organization is successfully claimed by another organization, its status will be shown as not_interested taken in the domains list.

The administrator account which performs the handover must not be tied to an email address belonging to the domain that is handed over. For example, admin@example.com cannot hand over the example.com domain. Therefore, it may be necessary to create a new admin account to perform a handover.

To hand over the administration of Zivver accounts on the claimed domain to the other organization:

  1. Press the HAND OVER button.
    A confirmation window appears
  2. Choose YES After a short pause, the domain you have handed over is removed from the domains list
    The domain change has succeeded
Accounts in the domain that was handed over, including every functional account, will be managed by the new organization. Every alias in the domain will be removed. Conversation starters that had been set up for email addresses in the domain will be removed.

Adopt Free Accounts

How to adopt accounts for a claimed domain

Notification messages

Notification messages in the WebApp

Zivver sends a notification message when you send a message to a recipient. Under the tab Notifications email you can adjust the contents of the notification message. You can also have a personalized introduction message sent in advance if the recipient has never received a Zivver message. At the bottom of the page, you can modify the sender of the notification message. The sender then becomes the e-mail address of the sender in one of your claimed domains, instead of noreply@zivver.com.

Customize text of notification message

Each notification message has space for personalized text at the bottom, to explain that your organization is safely mailing with Zivver. Contact details of your organization should be included here. This can be useful when recipients have questions about the notification message. The text of the notification can be set separately for each language supported by Zivver.

  1. Select the language under Language of the notification message.
  2. Write the text for the notification message in the language you have selected. For example: Write the text in the notification message in English if you selected ‘English’ in step 1.
  3. Click SAVE.
  4. Optional: Repeat these steps for another language in step 1. Click SEND EXAMPLE to receive an example of a notification message by e-mail. You then see what the notification message looks like for recipients. This example is sent to the e-mail address with which you are logged in to Zivver. You can send an example to yourself in the languages ​​German, English and Dutch.

Introduce Zivver to new recipients

New guest users can receive an introductory e-mail if they have never received a Zivver message before. In this introduction e-mail you can explain why your organization has chosen to securely mail with Zivver and explain how the recipient can open messages.

You must adjust both the subject and the message of this introductory e-mail. The default values ​​are not ready to use immediately. This is a sample text. Click SEND EXAMPLE to receive a sample e-mail by e-mail. You will see how the e-mail looks for recipients. This example is sent to the e-mail address with which you are logged in to Zivver. Set the switch for Send introduction mail to new recipients to use this functionality. Then click the SAVE button.

A new guest user is someone who has never received a Zivver message for that e-mail address before.

DNS settings

To ensure that Zivver servers can send e-mail on behalf of your organization, you should add the appropriate entries to your DNS records.
Zivver checks whether your domain records are set up correctly. The results are displayed in a table at the bottom of the page.
Clicking the keyboard arrow down keyboard_arrow_down on the last row of the table will display the DNS records for that particular domain and show which entries may be missing or misconfigured.

DNS settings in the WebApp

Once the DNS records are set up correctly, Zivver will be able to send emails on behalf of your organization (such as notification e-mails), using the organization domain name(s). This prevents trouble with spam filters and ensures that any bounce messages will be processed by Zivver.

How to set up DNS for Zivver explains SPF, DKIM, SES CODE and CNAME more in-depth.


SPF (TXT record): verifies that spf.zivver.com is an authorized host for your organization.


DKIM(TXT record): verifies that mail coming from the domain was authorized by the owner.


SES code (TXT record): including this record verifies that your organization actually controls the domain that email is being sent from, for the benefit of Amazon simple email service (SES).


CNAME: aliases a subdomain controlled by your organization to the domain used by the Zivver server so that emails sent from Zivver servers can be marked as originating from your organization. As an administrator, you should create a subdomain called zivverbounce.yourdomain.com and set your CNAME record to point to that subdomain. Zivver only checks the zivverbounce subdomain for the existence of a CNAME record. Any other subdomains which you create and add CNAME records to will be ignored.

If a CNAME record is configured, no other records should be set for the same subdomain.

Names and values (where available) of records that can be added are listed in the table below:

Type Name Host Value
CNAME CNAME zivverbounce.<your_domain> returnpath.zivver.com or
TXT DKIM zivver._domainkey.<your_domain> see app.zivver.com/organization/dns-settings
TXT SES CODE <your_domain> see app.zivver.com/organization/dns-settings
TXT SPF <your_domain> v=spf1 mx include:_spf.zivver.com -all

To know whether you must add a trailing dot (.), speak to your domain provider.


DANE enables domain administrators to specify the keys used by TLS servers or clients in their domain. This removes the need to depend on third-party certificates attesting the keys are legitimate.
Zivver tests for the presence of a TLSA record and of DNSSEC proof.

If DANE is set up correctly for your domain(s), delivery of verified and encrypted SMTP becomes possible. You can then choose to have Zivver directly deliver inbound Zivver messages to your organization.

Inbound Direct Delivery

Zivver messages are not emails, but can be securely delivered as emails when the Inbound Direct Delivery option is enabled. This option is useful in situations where, for example, you want to store incoming messages in a document management system, without having to first export them from Zivver. Inbound Direct Delivery can only be activated if DANE records are present and correct for your domain.

If inbound direct delivery is enabled, incoming messages from Zivver domains are stored as regular email on the recipient machine, not as encrypted text on your Zivver server, so that authentication with Zivver 2FA is not needed to read them.
Make arrangements for alternate mail storage security as appropriate in this case.

Toggle Inbound Direct Delivery

You can choose to have Zivver deliver inbound messages directly, as opposed to via Zivver client software. This option is only available if connection security is adequate. To toggle Inbound Direct Delivery:

  1. Go to the DNS Settings page.
  2. Scroll down to the Inbound Direct Delivery panel.
  3. Click the appropriate radio button to toggle Inbound Direct Delivery on for Everyone or to turn it Off.

Proof of delivery reports

Zivver provides proof of delivery for Zivver messages in the form of a proof of delivery report.

The Proof of delivery report has two main purposes: * to inform the sender of a message what the status is of the delivery of their (notification) message. * to provide the sender of a message with detailed information on the delivery process of their message

In some cases, the report will also show whether the message was opened or not.

For the report to be available, proof of delivery must be turned on for your organisation by Zivver.

A proof of delivery report contains * A summary showing whether the message was indeed sent and delivered and whether it was encrypted in transit.

Inbound Direct Delivery and NTA messages are sent as plaintext.

  • Zivver event flow from message creation onwards, including, for example, any delivery failures.

    If a recipient’s email server does not honor DSN (delivery status notification) requests, failure to deliver a message cannot be detected by Zivver and thus will not be logged.
  • NTA 7516 message status if it applies.

  • Zivver message revocation status.


Accounts in the WebApp

In the Accounts assignment_ind tab you can manage accounts belonging to your organization. Most options in this chapter are located behind Edit edit . User accounts and functional accounts can be found in this chapter.

Create a functional account

Use functional accounts for general-use e-mail addresses such as contact@vorbeeldbv.com, helpdesk@vorbeeldbv.com or info@vorbeeldbv.com. Functional accounts are also called shared accounts or shared mailboxes. Users can not log in directly to a functional account, but can be granted access by administrators. Users are automatically logged in to the functional account when they log in with their user account.

  1. Go to the Accounts page.
  2. Click the ADD FUNCTIONAL ACCOUNT button at the top right. A new window opens.
  3. Enter a name for the functional account (eg Helpdesk).
  4. Enter the e-mail address of the functional account (for example helpdesk@vorbeeldbv.com).
  5. Click ADD.
    The functional account has been created.

Invite user to your organization without Single Sign-on

These steps only work when Single Sign-On (SSO) is disabled and your organization does not create accounts via the SyncTool. Does your organization use SSO? Learn more about inviting a user to your organization with Single Sign-On.
Learn more about the SyncTool
  1. Go to the Accounts page.
  2. Click INVIT NEW.
    A new window opens.
  3. Enter the details of the user. Enter a personal message as an option.
  4. Click OK.
    The user receives an e-mail with instructions to create a Zivver account and to join your organization. If the recipient already has a Zivver account, the e-mail can be used to connect the user to the organization.

Invite user to your organization with Single Sign-on

  1. Go to the Accounts page.
  2. Click ADD NEW. A new window opens.
  3. Enter a name.
  4. Enter a password. Click GENERATE to have Zivver generate a password.
  5. Enter the e-mail address. You can only invite an e-mail address from a claimed domain.
  6. Click ADD.
    The user receives an e-mail that an account has been created. The user can log in with the specified password and can then log in with his workplace credentials.

    These steps only work when Single Sign-On (SSO) is enabled and your organization does not create accounts via the SyncTool. Does your organization not use SSO or the SyncTool?
    Learn more about inviting a user to your organization without Single Sign-On.
    Learn more about the SyncTool

Re-sending invitations

  1. Go to the Accounts page.
  2. Click Resend invitation refresh next to the user name.
    The invitation e-mail is sent again.

Revoking an invitation

  1. Go to the Accounts page.
  2. ClickRevoke invitation remove_circle next to the user name.
    The link in the invitation e-mail becomes unusable.

Add an account

  1. Go to the Accounts page.
  2. Click the edit edit icon.
  3. Enter a new account name, nickname (optional), language and/or timezone.
  4. Click SAVE.

Change password

You can only change a password for a user account or an administrator account. Functional accounts have no password associated.

  1. Go to the Accounts page.
  2. Click the edit edit icon to the right of the account name.
  3. Scroll down to password.
  5. Enter the new password.
  6. Optionally check User should choose another password after the next login.

Change account type

Convert a user account to a functional account if this account has been created incorrectly. After the conversion, users can no longer log in with the e-mail address and password. Settings such as aliases, active sessions, additional login method, backup codes and trusted devices are deleted. You can also indicate here that a user is an administrator.

You can also convert a functional account to a user account.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Scroll down to Account type.
  4. Click the account type that you want to choose.
  5. Click SAVE CHANGES.
Functional accounts cannot be promoted to administrator.

Promote a user to administrator with SSO present

A Zivver password must be set, for normal accounts that are upgraded to an administrator account. This is to make sure that admins can always log in to manage organization settings, even when SSO is not working.

When promoting a user account to administrator, if SSO is enabled, you will be prompted to choose a new, temporary password for the new administrator after performing step 5. above.

The new administrator will be prompted to change the temporary password with one of their own choosing, either the next time they login via Zivver or when they try to access the Organization overview.

The new administrator will receive an email listing the new functionalities they can make use of.

Promote a user to administrator without SSO

If Zivver does not have SSO enabled, there is no need to choose a temporary password for administrators.

The new administrator will receive an email listing the new functionalities they can make use of.

Set alias

Zivver messages that are sent to an alias automatically end up in the primary account mailbox. For example, the Zivver message that is sent to the alias hugo@vorbeeldbv.com can be entered in the primary account mailbox hugo.admin@vorbeeldbv.com.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Mail aliases.
  4. Enter the alias.
  5. Select a domain. You can only set an alias for a claimed domain .
  6. Click ADD ALIAS.
  7. Optional: make the set alias the primary e-mail address.

Users log in to the primary e-mail address or an alias. The password is the same. Zivver messages that are sent to an alias arrive in the primary account mailbox. At this moment it is only possible to send from the primary e-mail address.

Merge accounts

You can merge two existing accounts. Enter an existing account as an alias with another existing account to merge them.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Mail aliases.
  4. Enter an existing account.
  5. Select a domain.
    You can only set an alias for a claimed domain .
  6. Click ADD ALIAS.
    _A new window opens to merge the accounts.

    Merged accounts cannot be un-merged!
    The acccounts are merged. Access permissions to the merged account are not included.

  8. Optionally make the alias you have set the primary e-mail address.

Users log in to the primary e-mail address or an alias. The password is the same. Zivver messages that are sent to an alias arrive in the primary account mailbox. At this moment it is only possible to send e-mail from the primary e-mail address.

  • You can not merge an administrator account with a user account or functional account. The reverse works.
  • You can not merge accounts when the email address is an alias instead of a user account or functional account.

Grant access

You can give a user access to the account of another user or functional account. This can be useful when a user goes on holiday and another colleague has to observe the mailbox, or for sharing functional accounts. As a user with access, you can not change personal settings such as the password. Only an administrator can control access permissions. A user can not grant another user access to their account.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Scroll down to Grant access.
  4. Enter the name or e-mail address of the user you want to grant access to in the search box.
  5. Select the user you intend to grant access to. The user receives an e-mail notification. The user is automatically logged in to the user account they have been granted access to in the Office plugin. The user can change accounts in the WebApp by clicking on the profile photo at the top right of the screen.
  6. Optionally: Indicate whether you want the recipients to see who is sending a message on behalf of this account. The default organization setting can be found under Functional accounts settings on the Accounts page.

Delete active sessions

Active sessions are created when a user logs in. The active session is removed in the following scenarios.

  • The user logs out.
  • The administrator deletes the active session.
  • The active session is automatically deleted after 30 days.

You can only delete active sessions from user accounts and administrator accounts. Functional accounts are logged in via a user account. The login session is automatically deleted when you delete the active sessions from the user with access to the functional account.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Active sessions.
  5. Click OK.
    The active sessions have been deleted. The user must log in again.

View communication log

To view the communication log:

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Communication Log.
  4. Click VIEW LOG.
  5. Use the filter at the top of the page to select log entries by event categories.

Reset 2FA

If the second authentication factor for a user is lost or compromised, it may become necessary to remove it and have the user set a new one:

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Authentication Factors.
  4. Click DELETE
  5. Click OK at the confirmation prompt shown.
    The 2FA method for that user is reset. The user is notified by email that they will need to set up 2FA again.
Zivver supports multiple 2FA methods. All methods that a user has set are removed.

Suspend or delete account

When accounts are suspended or deleted users are immediately logged out and cannot login anymore. Information in a suspended account remains accessible to administrators. Information such as Zivver conversations is not accessible anymore after an account is deleted.

Account deletion is final and cannot be undone.
  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Scroll down to Suspend or Delete Account.
  4. Click DELETE or SUSPEND.
  5. Click OK.

Accounts can also be suspended or deleted automatically through use of the SyncTool.

Functional accounts settings

  1. Go to the Accounts page.
  2. Scroll down to Functional accounts’ settings.
  3. Check or uncheck Show real sender to recipient when sending from a functional account. With the check mark, the recipient will see which user account has responded on behalf of a functional account. This is the default organization setting. You can deviate from the standard organization setting at the account level. See Grant access in this chapter.

Restore access to messages

Under the Accounts page you see an overview of users who have lost access to messages. This happens when users forget their password and create a new password. Zivver messages are encrypted with a key that is based on the password of the account. If the password is reset, the user will receive a new key. This new key no longer fits the lock of the old conversations. Click REKEY ALL to restore access to old messages for users.

Does your organization use Single Sign-On? Then users will not lose access to old messages when their password changes. Users log in with Single Sign-On with their workplace credentials. When those change, Zivver functionality is unaffected.

Functional accounts

Functional accounts in the WebApp

In previous versions of the management panel, user accounts and functional accounts were separate sections. From version 2.13.24-a all kinds of accounts are located under the Accounts page. All functionalities related to functional accounts can be found under the Accounts chapter in this administrative manual.

Single Sign-On (SSO)

Single Sign-On (SSO) in the WebApp

Zivver supports logging in via Single Sign-On vpn_key . Users can then log in to Zivver with their workplace login details. They do not have to create a separate password and to remember for Zivver.

SSO works through SAML. Zivver supports the following Identity Providers:

Setting SSO incorrectly can result in users who can no longer log in. Consider contacting Zivver if your organization wants to use SSO.

Trusted networks

Does your organization use Single Sign-On? Or does your organization have less than 50 users? Then, this section does not apply to your organization.

You can configure trusted networks as such that users in the specified network do not need the additional login, 2FA, for Zivver. This configuration is less safe. You can also prevent that users from outside the trusted network log in to Zivver.


  1. Open Trusted networks in the WebApp.
    You can also click Trusted networks wifi_lock .
  2. Click Add.
    A new window opens.
  3. Enter the IP range in CIDR notation and a description.
  4. Click Add.
  5. Optional Choose whether or not you want these options.
    • Second authentication factor (2FA) not needed…
    • Block access outside the trusted networks.

Export user data

Export user data in the WebApp

With the function Export user data get_app it is possible to download Zivver messages via File Transfer Protocol (FTP). FTP lets you download Zivver messages unencrypted as .eml files.

You can (bulk) export Zivver messages sent from or received by email addresses in your organization as .eml files. It is possible to export messages from any number of accounts, ranging from one up to all accounts in your Zivver organization. The exported .eml files contain the corresponding Zivver message bodies, as well as information about the sender, recipient, read receipt and attachments of the exported Zivver messages. Attachments sent through Zivver are also attached to the exported .eml files.

The Zivver FTP server requires explicit TLS (Transport Layer Security), also known as ftp(e)s. Even though you connect to ftp://, FTP programs will attempt to set up a secure connection. If that does not work, then no connection will be established, so unsafe connections are not possible.

Activate FTP export

The instructions in this chapter explain how to connect to the Zivver FTP server, but do not pertain to a specific FTP client. Details may vary.

  1. Log in to the WebApp.
  2. Go to the tab Export user data get_app .
  3. Install an FTP program (such as FileZilla).
  4. Open the FTP program.
  5. Create a new connection or session.
  6. Enter as host: ftp.zivver.com.
  7. Enter the user name at the bottom of the Export user data page in the Zivver WebApp.
  8. Enter an API key as a password.
    Generate a new API key.
  9. Enter “21” as the port number.
  10. Optionally specify FTP as the protocol.
  11. If necessary, set the encryption to TLS / SSL Explicit Encryption.
  12. Confirm the entry.
  13. Connect.
  14. If necessary: ​​Click OK to trust the new certificate. This differs per FTP program. FileZilla asks to trust the new certificate when you connect for the first time.

You are now connected to Zivver via FTP. You can download the Zivver messages from your organization as unencrypted .eml files.

Business rules

Business rules in the WebApp

Click the Business Rules assignment tab in the left side panel to see which business rules your organization can use. Business rules protect your organization against users inadvertently sending sensitive information in an insecure manner. Business rules automatically check messages and attachments for sensitive content. Triggering a business rule produces one or more warnings based on the content of the message and the attachment. You can set the business rules as desired.

Enable and disable business rules by placing a checkmark under the Enabled column. Determine the security level of the business rules in the Security level column. Learn more about different security levels

Are there no business rules listed in the Business Rules assignment tab? Then, contact us.

Trusted domains list

Choose for which domains you do not need to use Zivver. For example, because the mail system can deliver messages to those domains through an internal relay. For addresses in such domains, Zivver shows the suggestion that it is not necessary to enable Zivver for this message. But the sender can still enable Zivver for that message.

Recipients in trusted domains are not verified. Messages to addresses in trusted domains are not encrypted by Zivver.

To exempt messages between certain domains from Zivver encryption and authentication:

  1. Go to the Business rules tab in the WebApp.
  2. Add the domain(s) that are used by your organization to the Trusted domain list, one per line.
  3. Add the third-party domain(s) you wish to exclude from Zivver messaging to the Trusted domain list, one per line.
  4. Press SAVE
    The list is updated in the next 5 minutes. The list of domains is automatically sorted in alphabetical order.
Every domain name should be on its own line.

Recipient Verification

Recipient Verification in the WebApp

Click Recipient Verification contact_phone in the left side panel to manage default authentication methods for recipients. You can search, upload, edit, and delete default authentication methods. Mobile numbers and shared access codes entered by users are automatically added to the Verification Suggestions list. Users in your organization automatically use the authentication methods in this list. This means that users do not have to choose an authentication method every time they message a known recipient. The advantage for recipients is that they can always use the same verification method.

Zivver automatically chooses the most secure standard authentication method. Users can not change the default authentication method. Only an administrator can change the default. Users can choose to use a different authentication method.

You can set a default authentication method for recipients in two different ways: manually and via a .csv file.

Manually add verification suggestion

  1. Click the add button person_add .
    A new window opens.
  2. Enter the first name and last name.
  3. Enter the e-mail address.
  4. Enter a mobile phone number. Can’t use a mobile phone number? Then enter an Access Code in the following steps.
  5. Enter an access code.
  6. If necessary, enter a hint for the access code. The hint is added in the notification message for the recipient.

Learn more about the security level of the SMS code and Access Code

Import verification suggestions csv file

  1. Click the upload button publish .
    A new window opens.
  2. Download the sample file.
  3. Fill the sample file with the correct data. The file indicates how to write down the recipient control to be imported.
  4. Click the upload button publish .
    A new window opens.
  5. Click the UPLOAD button. Zivver checks the file and shows a preview on the next screen.

Under the tab REJECTED you can see entries that are not correct, with reasons listed. Entries under the REJECTED tab are not included in the import. Under the tab ACCEPTED the entries are correct. These inputs are included in the import.

Manage verification suggestions

Adjust a verification suggestion by clicking the edit edit icon on the right side of your screen. You can change the name, e-mail address, authentication method and value.

Remove a shared recipient check by clicking Delete delete_forever on the right side of your screen. The shared recipient check is no longer available to users.

Search verification suggestions

You can search shared recipient control by email address and name. Click Search search at the top right of your screen to search.

Message revocation

Zivver messages can be revoked after sending, either for every participant (including the sender) or just for recipients. Message revocation can be scheduled to occur after a set period, or immediately. Access revocation is designed to fulfill two major functions: - You can withdraw a message that was sent in error. - You can comply to rule where laws or organizational policy require that copies of messages are not kept indefinitely.

Set message revocation defaults

As an administrator, you can set a default period of time after which Zivver messages sent from your organization expire in the Messages Revocation tab. You can choose to remove messages from recipients’ Zivver inboxes (revoke for Recipients), or remove them entirely (revoke for Everyone).

To set an organization-wide message revocation interval:

  1. Go to the Messages Revocation tab.
  2. Toggle Set a default expiration date
  3. Input a suitable interval and time unit in the respective boxes.
  4. Choose whether to revoke messages for Recipients only, or for Everyone.
It is impossible to recover messages which have been revoked for Everyone.

Even if an organization-wide revocation interval is set, users can still modify the default interval and default action at any point before the set revocation date.

This also means that expiry can be cancelled outright, by any user.
Zivver versions older than 2.13.24 do not support this functionality.

Verification Methods

Verification Methods in the WebApp.

In the Organization-wide Verification Methods pane, administrators can choose which recipient verification methods can be used by users in their organization, as well as decide on how these are used. An explanation of the various options available is presented below:

In reading the following, keep in mind that Zivver users normally have access to two separate contact lists, a personal contacts list and an organization contacts list. The latter is shared with all the users in the same organization or organizational unit.
  • Access code
    Zivver will send a notification message to the recipient with a link to the secure web portal. Your organization should separately communicate the personal access code with the recipient beforehand so that they can access the message.
    • Access code to personal contact
      When this option is checked, users can set and use access codes for recipients in their personal contacts list.
    • Access codes for existing organization contacts
      Zivver sends a notification message to the recipient with a link to the secure web portal. The recipient can then access the message using an access code. The access code is stored in the organization contacts list and must be communicated to the recipient beforehand.
    • Users can set organization access codes
      When checked, users can set an organization access code if it doesn’t already exist, otherwise has no impact
  • SMS to new number
    Zivver sends a notification message to the recipient with a link to the secure web portal. The recipient gets a one-time-password over SMS which they can use to access the message.
    • SMS to personal contact
      When checked, users can do SMS verification of recipients using the phone number of a recipient as listed in a Zivver user’s personal contacts list.
      When SMS to personal contact is unchecked and SMS to new number is checked, users must enter a mobile phone number for every new conversation with any recipient, and that mobile phone number is not saved in the personal contacts list. Mobile numbers are saved in a user’s personal contacts list only if SMS to personal contact is checked.

    • SMS to organization contact
      Zivver will offer to verify recipients by SMS, using the recipients phome numbers listed in the organization contacts list.
  • Verification email
    Zivver sends a notification message to the recipient with a link to the secure web portal. The recipient can access the message by filling in a password that Zivver sends in a separate email.


Audit log

Audit log in the WebApp

The Audit Log lists events in Zivver. Filter filter_list by one of the various categories to find the events you’re looking for. Monthly logs can be saved as .csv files by pressing the download get_app button.


Statistics in the WebApp

Statistics bar_chart shows you how Zivver is used in your organization. Use the provided selector to select a date range. Click Download to download statistics for a selected date range. Refer to the associated reference document for detailed explanations of the values in the report.

Dashboard sections


This section offers an at-a-glance overview of Zivver usage in your organization.

  • Number of accounts that sent at least one Zivver message in the selected period. It is unusual for everyone in an organization to be expected to send secure messages regularly. You must compare this metric compared against how many people in your organization you’d actually expect to be sending sensitive information.

    For messages sent from a delegated account, the account that initiated sending the message is counted as the sender. This means that messages from functional accounts are not counted in this metric.
  • Number of messages that were sent securely after a business rule was triggered. Gives an indication of the amount of sensitive information shared in the organization

  • Number of Zivver messages that were manually revoked by the user before they were read by any recipient.

    Does not include scheduled revocations.
  • Percentage of messages sent with Zivver after a business rule was triggered.

    This metric only works if logging non-Zivver messages is enabled for the organization. If it is not, the number shown will always be 100%. This is because only messages sent from clients able to send and log both Zivver and non-Zivver messages (that is, users of Zivver Office Plugin and Zivver Outlook Web Access Add-in) are counted and from accounts that have opted in to log non-Zivver messages.
  • Percentage of Zivver message recipients secured with a verification method other than Email verification.

  • Percentage of Zivver message recipients that have opened their message at least once.

Adoption statistics

These figures show how much usage Zivver gets in your organization:

  • Number of Zivver messages sent by month
  • Number of accounts that sent at least one Zivver message by month
  • Number of Zivver messages sent split by total attachment size
  • Number of Zivver messages sent per user
Business rules statistics

Understand what kind of information is being sent by your organization and whether users are sending this information securely when expected to. These stats show how much use the business rules get. In particular, they show how likely users are to follow or ignore Zivver recommendations.

  • percentage of messages sent with Zivver after a business rule was triggered by month
  • Number of messages with a specific business rule triggered and the percentage of these messages sent with Zivver
Recipient security Statistics

These stats show which recipient verification methods are used and also which domains or types of users get the most Zivver messages. They help you understand whether verification methods set for recipients are in line with policy. Also identify whether messages sent are opened successfully.

  • Recommended verification method usage over time
  • Number of Zivver messages sent to each type of recipient
  • The top domains by number of Zivver messages received, % opened and % secured with SMS, access code or a Zivver account
  • Number of Zivver messages sent to guest recipients, by verification method used
Message revocation statistics

Shows the number of manually revoked Zivver messages, sorted by whether they were opened or not. May be an indicator of data leakage.

Sender statistics

Shows key performance indicators per user. This table can be downloaded via the Download button.

Plug-in settings

Plug-in settings in the WebApp

With the Zivver Office Plugin you send Zivver messages directly from Microsoft Outlook. In the Plugin settings power tab, you can determine which settings are on or off and whether users can change the setting locally.

Place a check mark under the ON column to enable a setting. With a check mark, this setting is ON for users.

Place a checkmark under the Forced column to force the choice under the ON column - users can not adjust this setting locally.

Leave out the check mark under the Forced column when you want that users can change the setting locally.

These are the recommended plug-in settings.

Plug-in settings explained

  • Collect information about non-Zivver mails Turn this option ON if you want Zivver to collect information about ignored warnings and also about when and to whom users send messages.
  • Activate ‘Secure mailing’ after a business rule recommends it
    Set this option to ON if you want Zivver to automatically enable ‘Secure Mail’ when a user receives a warning from a business rule. The user can always deactivate ‘Secure Mail’ himself.
  • Show newest message on top
    Turn this option ON if you want the newest messages to appear at the top of the conversation.

    Let this setting match the appearance of normal e-mails in Outlook.
  • Save opened Zivver messages decrypted

    This functionality is only available with Zivver Office Plugin.

    If this option is ON, when you click the link provided in the Zivver notification email in outlook, the Zivver message is opened and the decrypted content is copied to Outlook mail, so when you open the same notification email again, even on another platform, it now contains the decrypted content, not the notification text. Opened messages can then be read using any e-mail program, but you are not protected by Zivver against data leaks.

  • Save received Zivver messages decrypted
    Set this option to ON if you want all Zivver messages to be automatically stored unencrypted after you read them. This means that messages can be read in every mail program, but in case of theft of the laptop you are not protected against a data breach.

  • ‘Secure mailing’ for every message
    Turn this option ON if you want ‘Secure Mail’ to be turned on for each new message. The user can always deactivate ‘Secure Mail’ himself.

API keys

API keys in the WebApp

Here you can add, activate, deactivate or delete API keys settings_input_component . API keys are used in the Zivver SyncTool to connect with your organization in Zivver or to export user data (Chapter 10).

Generate an API key

  1. Click the GENERATE button. A new window opens.
  2. Enter a name for the API key. For example SyncTool if you use it for the Zivver SyncTool.
  3. Click ADD.
    On the top of the list with existing API keys the new API key appears .

    Copy and save the API key immediately! The key is only shown once.

Deactivate or delete the existing API key

Created API keys can be deactivated or deleted.

EITHER click the check mark under column Active to deactivate an API key.

OR click Delete delete to remove API key.

A new window opens to confirm the deletion. Click YES

Conversation starters

Conversation starters in the WebApp With a Conversion Starter link you create a link to allow people without a Zivver account to send a Zivver message to an e-mail address in your organization. This link can be then published on the website behind an email safely button. You can also share the link by e-mail.

Create a conversation starter

  1. Click ADD at the top right of your screen. A new window opens.
  2. Enter a description. _The description is only visible in the Zivver management environment.
  3. In the Recipient field, enter an e-mail address with a Zivver account. This e-mail address will receive the messages.
  4. Enter a subject line. This is the subject of the conversation. The topic is the same for every conversation.
  5. Enter a Welcome note. The sender sees this text when composing the message.

Using a conversation starter

  1. Click the Link link to use the conversation starter.
  2. Share the URL with external parties.
  3. Copy the Integrated code to your website for a ‘Mail this organization safely’ button.
  4. Click CLOSE if you have copied the URL or the code.

You can customize the conversation starter data or remove the conversation starter from Settings settings .


Support in the WebApp In the Support help tab, you can contact Zivver using the CONTACT button. People at Zivver will be happy to help you! Have you seen a suggestion or something that is not right? Then you can report this on support.zivver.com or via the GIVE FEEDBACK button.

Mail Submission

Mail Submission in the WebApp

Mail Submission call_merge makes it possible to send messages directly from systems via the secure Zivver platform. Emails submitted to the Zivver MSA (mail submission agent) in a secure manner are converted to Zivver messages.

Mail Submission is an additional service and does not fall under the basic functionality. Contact Zivver if your organization wants to use Mail Submission

If it has been agreed in the contract that your organization will use mail submission, you can generate the necessary data here.

  1. Click GENERATE.
  2. Enter a description.
  3. Click GENERATE.
    A new window opens with a user name and password.
  4. Enter the SMTP login details in the source system from which you want to send Zivver messages.
This data is only shown once. Save it immediately.

Created SMTP credentials can be deactivated or deleted:

  • Click the check mark under column Enabled to deactivate SMTP login data.

  • Click Delete delete to delete the SMTP login data.
    A new window opens to confirm the deletion.
    Click YES.


Specials extension are customization and an additional service. Specials are therefore not covered by the basic functionality. Contact Zivver if you want to know more about this.

Was this article helpful?

thumb_up thumb_down