ZIVVER WebApp - Administrator manual

Introduction

This document explains how to manage ZIVVER for organizations. You can find the administrator settings tune at the bottom left of your screen when you are logged in to the ZIVVER WebApp. Are the administrator settings missing at the bottom left of your screen? Ask an administrator within your organization to give you administrator rights.

This manual uses the fictitious organization Voorbeeld BV as an example organization. Vorbeeld BV has its own website: www.vorbeeldbv.com. Everyone within this organization has an e-mail address of the form {name}@vorbeeldbv.com

The Organization overview

Organization overview in the WebApp

In the Overview view_compact tab you can see the most important statistics, notifications and settings for your organization at a glance. - Under Statistics you can see the number of administrators, users and the total number of messages sent. - Under Alerts items that demand your attention as administrator are grouped.

Example notifications:

warning Only one administrator has been set up

warning 2 users forgot their passwords

In the overview window you can find all organization settings organized as cards. The organization settings are also shown as tabs in the side panel on the left side of your screen.

Organization account

Organization Account business is where you manage organization identity elements and delete organizations.

Change Organization Name

Enter or change the name of your organization.

ZIVVER will automatically scale the logo to the correct size.

The logo must meet the following conditions: - Has an aspect ratio of 2:1
- Is at least 250 pixels wide and 125 pixels high

Organization branding for guest users

You can select organization branding for guest users. Select an Organization branding and click SAVE. The corporate identity for the host environment ensures that the guest recipients are presented with your organization’s brand elements when using ZIVVER. You will only see a Standard theme if a guest branding theme is not available.

At the bottom of the Organization account page, a button appears which allows you to delete the complete organization. The DELETE button only becomes visible when you move the mouse over this section. You must enter your password before you can permanently delete the organization.

ZIVVER can not recover deleted messages and files after an organization is deleted! Only remove an organization after consultation with ZIVVER.

After this, all messages and accounts for the organization are deleted.

Branding guest environments

Please send the following information to your ZIVVER project manager:

  • Contact person in your organization’s communication department
  • Organization logo (in RGB) in vector format (for example .eps,.ai or .svg)
  • The color code (in RGB) of the primary color and possibly the secondary color of the corporate identity of your organization, ZIVVER uses these colors to create a color palette for the house style in the guest environment.
  • Optional: for the background in the first screen, choose a photo in high resolution, at least 1920 x 1280 pixels.

This data is then forwarded to the ZIVVER design department. They will make a first draft and share it with your communication department. If you agree with the design, it is developed and tested, and is available within 1-2 weeks. In the meantime, the guest environment can be used, but not your logo can be seen but the ZIVVER logo.

Enable guest environment branding

As soon as the guest environment is available, you will receive a notification from ZIVVER. You can then activate guest environment branding in the management panel. For questions about the host environment, you can always contact your project manager.

Creating branding for guest environments is an additional service and does not fall under the basic functionality. Contact ZIVVER if your organization wants to apply for branding services.

Organizational Units

From the ZIVVER perspective Organizational Units (in what follows, “OUs”) are sub-sets of an organization, which include some of the users in an organization, but can have their own administrators, branding and notification settings. Normally, you would map ZIVVER OUs to existing OUs in your (LDAP) environment.

Add Organizational Units

If you wish to assign different settings to a part of your organization, you must first create a new OU:

  1. Log in to the ZIVVER WebApp as an administrator
  2. Go to tuneOrganization Settings
  3. Go to powerOrganizational Units
  4. Click ADD NEW
  5. Enter a name and an identifier for your new OU
  6. Press CREATE
    Your new OU is created and its name will be displayed in a box, below the page header
An OU cannot be removed unless all user accounts in it are moved or deleted

You can assign a logo to your new organizational unit. This will be displayed in place of the logo of your organization..

  1. Click to expand the Logo dropdown
  2. Click UPLOAD LOGO
  3. Select the appropriate file. The logo is now displayed to the left of the OU header
The logo should have a 2:1 aspect ratio and be at least 250x125px. The logo size and aspect ratio is NOT enforced. You can choose any image, but choosing an image outside the recommended parameters may break various layouts.

Click REMOVE LOGO if you ever wish to remove the logo. It is possible to replace the existing logo by simply uploading a new one.

OU branding for guest users

You can choose a branding set to apply to your organizational unit, if customized guest environment brandings have been added:

  1. Click to expand the Branding for guest users dropdown
    A list of brandings is shown
  2. Click to select a branding
  3. Click SAVE

Select the Default branding for none.

You can add custom text to the end of each notification message that any account in an organizational unit sends, to give the recipient more information about the secure message.

  1. Click to expand the Notification message dropdown
  2. Choose a language from the drop-down menu
  3. Enter a notification message footer text
  4. Press SAVE

OU Introduce ZIVVER to new recipients

It is possible to configure ZIVVER to send new recipients an introductory email, explaining what ZIVVER is and does, just before they receive their first ZIVVER notification email. To do so:

  1. Click the newly created OU box
    OR click settings then click EDIT
    The Organizational Unit page is displayed
  2. Click to expand Introduce ZIVVER to new recipients
  3. Enter a subject line and a body for the introductory email, then click SAVE
    OPTIONAL: when editing an existing message, press REVERT to revert to the version you saved earlier.
  4. Click SEND EXAMPLE to send a sample introduction email to your own inbox
    A sample introduction email with the subject and body you chose
  5. Check that the sample you have received is correct
  6. Toggle Send introduction email to new recipients on toggle_on
    A notification that introductory emails are now being sent is displayed.

OU Accounts

ZIVVER users can be assigned to any OU, or to none of them, within an organization. Users which are not assigned to any OUs are assigned to the default organization. To assign users to your new OU from the admin interface, you should:

  1. Click the newly created OU box
    OR click settings then click EDIT
    The Organizational Unit page is displayed
  2. Click to expand Accounts
  3. Click ADD
    The list of all accounts in your organization pops up.
  4. Select accounts as needed by clicking the check box in the last column
  5. Click ADD ACCOUNTS
    The accounts have been added to the OU, and a list of accounts is now displayed.
    Whenever a user account is moved (to or from an OU), the user is logged out.
User accounts can only be assigned to a single OU.

It is possible to assign users to an OU using the ZIVVER SyncTool.

OU log events

Organizational unit event names are prefixed with ‘Organizational unit’. Currently, four event types are logged:

  • Organizational unit account moved
  • Organizational unit created
  • Organizational unit updated
  • Organizational unit deleted

Domains

The Domains public tab is where you manage which domain names are claimed by your organization. ZIVVER will ask your permission to create accounts using e-mail addresses pertaining to a claimed domain. You must also claim at least one domain to use Single Sign-on (Chapter 9) and the SyncTool. You can only claim your own domain. You can not claim public domain names such as outlook.com or gmail.com.

The overview shows which domains are used in your organization. If your organization just started using ZIVVER, only the domain of your own email address will be displayed.

Claim a domain

  1. Click the ADD DOMAIN button next to Organization owned domains A new window opens.
  2. Enter the domain name in the first field.
    Do not use @ in the domain name.
  3. In the second field, select one of the default domain management e-mail addresses. You can only choose from one of the following default administrator email addresses to ensure you are the owner of this domain.
    • admin@vorbeeldbv.com
    • administrator@vorbeeldbv.com
    • hostmaster@vorbeeldbv.com
    • postmaster@vorbeeldbv.com
    • webmaster@vorbeeldbv.com
      Do you not have access to one of these five e-mail addresses? Then discuss with your domain administrator which e-mail address you can select here. For example, the domain administrator can set up one of the above five e-mail addresses as an alias for your own e-mail address. Then all messages sent to this e-mail address will be received by you in your own e-mail inbox.
  4. Click ADD DOMAIN.
    The domain is now in the list and has the status ** verify ** .
  5. Open the mailbox of the e-mail address you selected in step 3.
  6. Copy the code from the verification e-mail.
  7. Go back to the Domains tab.
  8. Click VERIFY
    A new window opens to verify the domain name.
  9. Enter the code from the verification e-mail.
  10. Click VERIFY DOMAIN.
    You now manage this domain name for your organization within ZIVVER .
    The status is now shown as claimed .

Hand over a domain

It is possible to hand over the management of ZIVVER accounts in a domain that has been claimed by a different organization, to that organization. If a domain with ZIVVER accounts managed by your organization is successfully claimed by another organization, its status will be shown as not_interested taken in the domains list.

The administrator account which performs the handover must not be tied to an email address belonging to the domain that is handed over. For example, admin@bijvorbeeld.com cannot hand over the bijvoorbeeld.com domain. Therefore, it may be necessary to create a new admin account to perform a handover.

To hand over the administration of ZIVVER accounts on the taken domain to the other organization:

  1. Press the HAND OVER button.
    A confirmation window appears
  2. Choose YES After a short pause, the domain you have handed over is removed from the domains list
    The domain change has succeeded
Accounts in the domain that was handed over, including any functional accounts, will be managed by the new organization. Any aliases within the domain will be removed. Conversation starters that had been set up for email addresses within the domain will be removed.

Adopt Free Accounts

It is possible that freemium ZIVVER accounts already exist for a domain that you have claimed. In this case, a message appears next to the domain name in the list: <#> Account(s) not yet adopted. To adopt all the free accounts for this domain to the organization:

  1. Click Adopt in the list of domain names.
  2. Click Adopt in the confirmation window.

The users will immediately receive an email to announce that their ZIVVER accounts are managed by your organization but the adoption does not take place until the next login of the user or, if the user is already logged in, until they perform their next action.

New events are then added to the log in two categories: * Join accounts to organization when you click Adopt. * Account joined organization when the account is successfully adopted.

Notification messages

Notification messages in the WebApp

ZIVVER sends a notification message when you send a message to a recipient. Under the tab Notifications email you can adjust the contents of the notification message. You can also have a personalized introduction message sent in advance if the recipient has never received a ZIVVER message. At the bottom of the page, you can modify the sender of the notification message. The sender then becomes the e-mail address of the sender within one of your claimed domains, instead of noreply@zivver.com.

Customize text of notification message

Each notification message has space for personalized text at the bottom, to explain that your organization is safely mailing with ZIVVER. Contact details of your organization should be included here. This can be useful when recipients have questions about the notification message. The text of the notification can be set separately for each language supported by ZIVVER.

  1. Select the language under Language of the notification message.
  2. Write the text for the notification message in the language you have selected. For example: Write the text in the notification message in English if you selected ‘English’ in step 1.
  3. Click SAVE.
  4. Optional: Repeat these steps for another language in step 1. Click SEND EXAMPLE to receive an example of a notification message by e-mail. You then see what the notification message looks like for recipients. This example is sent to the e-mail address with which you are logged in to ZIVVER. You can send an example to yourself in the languages ​​German, English and Dutch.

Introduce ZIVVER to new recipients

New guest users can receive an introductory e-mail if they have never received a ZIVVER message before. In this introduction e-mail you can explain why your organization has chosen to securely mail with ZIVVER and explain how the recipient can open messages.

You must adjust both the subject and the message of this introductory e-mail. The default values ​​are not ready to use immediately. This is a sample text. Click SEND EXAMPLE to receive a sample e-mail by e-mail. You will see how the e-mail looks for recipients. This example is sent to the e-mail address with which you are logged in to ZIVVER. Set the switch for Send introduction mail to new recipients to use this functionality. Then click the SAVE button.

A new guest user is someone who has never received a ZIVVER message for that e-mail address before.

DNS settings

To ensure that ZIVVER servers can send e-mail on behalf of your organization, you should add the appropriate entries to your DNS records.
ZIVVER checks whether your domain records are set up correctly. The results are displayed in a table at the bottom of the page.
Clicking the keyboard arrow down keyboard_arrow_down on the last row of the table will display the DNS records for that particular domain and show which entries may be missing or misconfigured.

DNS settings in the WebApp

Once the DNS records are set up correctly, ZIVVER will be able to send emails on behalf of your organization (such as notification e-mails), using the organization domain name(s). This prevents trouble with spam filters and ensures that any bounce messages will be processed by ZIVVER.

SPF

SPF (TXT record): verifies that spf.zivver.com is an authorized host for your organization.

DKIM

DKIM(TXT record): verifies that mail coming from the domain was authorized by the owner.

SES

SES code (TXT record): including this record verifies that your organization actually controls the domain that email is being sent from, for the benefit of Amazon simple email service (SES).

CNAME

CNAME: aliases a subdomain controlled by your organization to the domain used by the ZIVVER server so that emails sent from ZIVVER servers can be marked as originating from your organization. As an administrator, you should create a subdomain called zivverbounce.<your.domain> and set your CNAME record to point to that subdomain. ZIVVER only checks the zivverbounce subdomain for the existence of a CNAME record. Any other subdomains which you create and add CNAME records to will be ignored.

If a CNAME record is configured, no other records should be set for the same subdomain.

Names and values (where available) of records that can be added are listed in the table below:

Type Name Host Value
CNAME CNAME zivverbounce.<your.domain> returnpath.zivver.com
TXT DKIM zivver._domainkey.<your.domain> see app.zivver.com/organization/dns-settings
TXT SES CODE <your.domain> see app.zivver.com/organization/dns-settings
TXT SPF <your.domain> v=spf1 mx include:_spf.zivver.com -all

DANE

DANE enables domain administrators to specify the keys used by TLS servers or clients in their domain. This removes the need to depend on third-party certificates attesting the keys are legitimate.
ZIVVER tests for the presence of a TLSA record and of DNSSEC proof.

If DANE is set up correctly for your domain(s), delivery of verified and encrypted SMTP becomes possible. You can then choose to have ZIVVER directly deliver inbound ZIVVER messages to your organization.

Inbound Direct Delivery

ZIVVER messages are not emails, but can be securely delivered as emails when the Inbound Direct Delivery option is enabled. This option is useful in situations where, for example, you want to store incoming messages in a document management system, without having to first export them from ZIVVER. Inbound Direct Delivery can only be activated if DANE records are present and correct for your domain.

If inbound direct delivery is enabled, incoming messages from ZIVVER domains are stored as regular email on the recipient machine, not as encrypted text on your ZIVVER server, so that authentication with ZIVVER 2FA is not needed to read them.
Please make alternate mail storage security arrangements as appropriate in this case.

Toggle Inbound Direct Delivery

You can choose to have ZIVVER deliver inbound messages directly, as opposed to via ZIVVER client software. This option is only available if connection security is adequate. To toggle Inbound Direct Delivery:

  1. Go to the DNS Settings page.
  2. Scroll down to the Inbound Direct Delivery panel.
  3. Click the appropriate radio button to toggle Inbound Direct Delivery on for Everyone or to turn it Off.

Accounts

Accounts in the WebApp

In the Accounts assignment_ind tab you can manage accounts belonging to your organization. Most options in this chapter are located behind Edit edit . User accounts and functional accounts can be found in this chapter.

Create a functional account

Use functional accounts for general-use e-mail addresses such as contact@vorbeeldbv.com, helpdesk@vorbeeldbv.com or info@vorbeeldbv.com. Functional accounts are also called shared accounts or shared mailboxes. Users can not log in directly to a functional account, but can be granted access by administrators. Users are automatically logged in to the functional account when they log in with their user account.

  1. Go to the Accounts page.
  2. Click the ADD FUNCTIONAL ACCOUNT button at the top right. A new window opens.
  3. Enter a name for the functional account (eg Helpdesk).
  4. Enter the e-mail address of the functional account (for example helpdesk@vorbeeldbv.com).
  5. Click ADD.
    The functional account has been created.

Invite user to your organization without Single Sign-on

These steps only work when Single Sign-On (SSO) is disabled and your organization does not create accounts via the SyncTool. Does your organization use SSO? Learn more about inviting a user to your organization with Single Sign-On.
Learn more about the SyncTool
  1. Go to the Accounts page.
  2. Click INVITATION.
    A new window opens.
  3. Enter the details of the user. Enter a personal message as an option.
  4. Click OK.
    The user receives an e-mail with instructions to create a ZIVVER account and to join your organization. If the recipient already has a ZIVVER account, the e-mail can be used to connect the user to the organization.

Invite user to your organization with Single Sign-on

  1. Go to the Accounts page.
  2. Click ADD NEW. A new window opens.
  3. Enter a name.
  4. Enter a password. Click GENERATE to have ZIVVER generate a password.
  5. Enter the e-mail address. You can only invite an e-mail address from a claimed domain.
  6. Click ADD.
    The user receives an e-mail that an account has been created. The user can log in with the specified password and can then log in with his workplace credentials.

    These steps only work when Single Sign-On (SSO) is enabled and your organization does not create accounts via the SyncTool. Does your organization not use SSO or the SyncTool?
    Learn more about inviting a user to your organization without Single Sign-On.
    Learn more about the SyncTool

Re-sending invitations

  1. Go to the Accounts page.
  2. Click Resend invitation refresh next to the user name.
    The invitation e-mail is sent again.

Revoking an invitation

  1. Go to the Accounts page.
  2. ClickRevoke invitation remove_circle next to the user name.
    The link in the invitation e-mail becomes unusable.

Add an account

  1. Go to the Accounts page.
  2. Click the edit edit icon.
  3. Enter a new account name, nickname (optional), language and/or timezone.
  4. Click SAVE.

Change password

You can only change a password for a user account or an administrator account. Functional accounts have no password associated.

  1. Go to the Accounts page.
  2. Click the edit edit icon to the right of the account name.
  3. Scroll down to password.
  4. Click CHANGE PASSWORD.
  5. Enter the new password.
  6. Optionally check User should choose another password after the next login.

Change account type

Convert a user account to a functional account if this account has been created incorrectly. After the conversion, users can no longer log in with the e-mail address and password. Settings such as aliases, active sessions, additional login method, backup codes and trusted devices are deleted. You can also indicate here that a user is an administrator.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Scroll down to Account type.
  4. Click the account type that you want to choose.
  5. Click SAVE CHANGES.
Functional accounts cannot be promoted to administrator.

Promote a user to administrator with SSO present

A ZIVVER password must be set, for normal accounts that are upgraded to an administrator account. This is to make sure that admins can always log in to manage organization settings, even when SSO is not working.

When promoting a user account to administrator, if SSO is enabled, you will be prompted to choose a new, temporary password for the new administrator after performing step 5. above.

The new administrator will be prompted to change the temporary password with one of their own choosing, either the next time they login via ZIVVER or when they try to access the Organization overview.

The new administrator will receive an email listing the new functionalities they can make use of.

Promote a user to administrator without SSO

If ZIVVER does not have SSO enabled, there is no need to choose a temporary password for administrators.

The new administrator will receive an email listing the new functionalities they can make use of.

Set alias

ZIVVER messages that are sent to an alias automatically end up in the primary account mailbox. For example, the ZIVVER message that is sent to the alias hugo@vorbeeldbv.com can be entered in the primary account mailbox hugo.admin@vorbeeldbv.com.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Mail aliases.
  4. Enter the alias.
  5. Select a domain. You can only set an alias for a claimed domain .
  6. Click ADD ALIAS.
  7. Optional: make the set alias the primary e-mail address.

Users log in to the primary e-mail address or an alias. The password is the same. ZIVVER messages that are sent to an alias arrive in the primary account mailbox. At this moment it is only possible to send from the primary e-mail address.

Merge accounts

You can merge two existing accounts. Enter an existing account as an alias with another existing account to merge them.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Mail aliases.
  4. Enter an existing account.
  5. Select a domain.
    You can only set an alias for a claimed domain .
  6. Click ADD ALIAS.
    _A new window opens to merge the accounts. ** Please note: ** You can not undo the merging of accounts! _
  7. Click CONFIDENTIAL.
    The acccounts are merged. Access permissions to the merged account are not included.
  8. Optionally make the alias you have set the primary e-mail address.

Users log in to the primary e-mail address or an alias. The password is the same. ZIVVER messages that are sent to an alias arrive in the primary account mailbox. At this moment it is only possible to send e-mail from the primary e-mail address.

  • You can not merge an administrator account with a user account or functional account. The reverse works.
  • You can not merge accounts when the email address is an alias instead of a user account or functional account.

Grant access

You can give a user access to the account of another user or functional account. This can be useful when a user goes on holiday and another colleague has to observe the mailbox, or for sharing functional accounts. As a user with access, you can not change personal settings such as the password. Only an administrator can control access permissions. A user can not grant another user access to their account.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Scroll down to Grant access.
  4. Enter the name or e-mail address of the user you want to grant access to in the search box.
  5. Select the user you intend to grant access to. The user receives an e-mail notification. The user is automatically logged in to the user account they have been granted access to in the Office plugin. The user can change accounts in the WebApp by clicking on the profile photo at the top right of the screen.
  6. Optionally: Indicate whether you want the recipients to see who is sending a message on behalf of this account. The default organization setting can be found under Functional accounts settings on the Accounts page.

Delete active sessions

Active sessions are created when a user logs in. The active session is removed in the following scenarios.

  • The user logs out.
  • The administrator deletes the active session.
  • The active session is automatically deleted after 30 days.

You can only delete active sessions from user accounts and administrator accounts. Functional accounts are logged in via a user account. The login session is automatically deleted when you delete the active sessions from the user with access to the functional account.

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Active sessions.
  4. Click DELETE SESSIONS.
  5. Click OK.
    The active sessions have been deleted. The user must log in again.

View communication log

To view the communication log:

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Communication Log.
  4. Click VIEW LOG.
  5. Use the filter at the top of the page to select log entries by event categories.

Reset 2FA

If the second authentication factor for a user is lost or compromised, it may become necessary to remove it and have the user set a new one:

  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Go to Authentication Factors.
  4. Click DELETE
  5. Click OK at the confirmation prompt shown.
    The 2FA method for that user is reset. The user is notified by email that they will need to set up 2FA again.
ZIVVER supports multiple 2FA methods. All methods that a user has set are removed.

Suspend or delete account

When accounts are suspended or deleted users are immediately logged out and cannot login anymore. Information in a suspended account remains accessible to administrators. Information such as ZIVVER conversations is not accessible anymore after an account is deleted.

Account deletion is final and cannot be undone.
  1. Go to the Accounts page.
  2. Click the edit edit icon next to the account name.
  3. Scroll down to Suspend or Delete Account.
  4. Click DELETE or SUSPEND.
  5. Click OK.

Accounts can also be suspended or deleted automatically through use of the SyncTool.

Functional accounts settings

  1. Go to the Accounts page.
  2. Scroll down to Functional accounts’ settings.
  3. Check or uncheck Show real sender to recipient when sending from a functional account. With the check mark, the recipient will see which user account has responded on behalf of a functional account. This is the default organization setting. You can deviate from the standard organization setting at the account level. See Grant access in this chapter.

Restore access to messages

Under the Accounts page you see an overview of users who have lost access to messages. This happens when users forget their password and create a new password. ZIVVER messages are encrypted with a key that is based on the password of the account. If the password is reset, the user will receive a new key. This new key no longer fits the lock of the old conversations. Click REKEY ALL to restore access to old messages for users.

Does your organization use Single Sign-On? Then users will not lose access to old messages when their password changes. Users log in with Single Sign-On with their workplace credentials. When those change, ZIVVER functionality is unaffected.

Functional accounts

Functional accounts in the WebApp

In previous versions of the management panel, user accounts and functional accounts were separate sections. From version 2.13.24-a all kinds of accounts are located under the Accounts page. All functionalities related to functional accounts can be found under the Accounts chapter in this administrative manual.

Single Sign-On (SSO)

Single Sign-On (SSO) in the WebApp

ZIVVER supports logging in via Single Sign-On vpn_key . Users can then log in to ZIVVER with their workplace login details. They do not have to create a separate password and to remember for ZIVVER.

SSO works through SAML. ZIVVER supports the following Identity Providers:

Setting SSO incorrectly can result in users who can no longer log in. Consider contacting ZIVVER if your organization wants to use SSO.

Trusted networks

Trusted networks in the WebApp

Does your organization use Single Sign-On? Then this section does not apply to your organization.

Click Trusted networks wifi_lock so that users in a specified network do not have to log in to ZIVVER with an additional login method (2FA).

  1. Click the ADD button to add a trusted network.
  2. Specify the network string for the trusted network.
  3. Provide a description of the network sequence.
  4. Click the ADD button.
  5. Indicate whether users do not need an additional login method (2FA) within the trusted network by placing a check mark in front of this setting. Users who log in to ZIVVER from the trusted network no longer need to enter an additional login method. This can pose a security risk!
  6. Indicate whether access outside the trusted network is blocked by placing a check mark for this setting. Users who are outside the trusted network can no longer log in to ZIVVER with this setting.

Export user data

Export user data in the WebApp

With the function Export user data get_app it is possible to download ZIVVER messages via File Transfer Protocol (FTP). FTP lets you download ZIVVER messages unencrypted as .EML files. The files contain information about the sender, recipient, read receipt and attachments of the ZIVVER messages.

The ZIVVER FTP server requires explicit TLS (Transport Layer Security), also known as ftp(e)s. Even though you connect to ftp://, FTP programs will attempt to set up a secure connection. If that does not work, then no connection will be established, so that no unsafe situations arise.

Activate FTP export

The instructions in this chapter explain how to connect to the ZIVVER FTP server, but do not pertain to a specific FTP client. Details may vary.

  1. Log in to the WebApp.
  2. Go to the tab Export user data get_app .
  3. Install an FTP program (such as FileZilla).
  4. Open the FTP program.
  5. Create a new connection or session.
  6. Enter as host: ftp.zivver.com.
  7. Enter the user name at the bottom of the Export user data page in the ZIVVER WebApp.
  8. Enter an API key as a password.
    Generate a new API key.
  9. Enter “21” as the port number.
  10. Optionally specify FTP as the protocol.
  11. If necessary, set the encryption to TLS / SSL Explicit Encryption.
  12. Confirm the entry.
  13. Connect.
  14. If necessary: ​​Click OK to trust the new certificate. This differs per FTP program. FileZilla asks to trust the new certificate when you connect for the first time.

You are now connected to ZIVVER via FTP. You can download the ZIVVER messages from your organization as unencrypted .eml files.

Business rules

Business rules in the WebApp

Click the Business Rules assignment tab in the left side panel to see which business rules your organization can use. Business rules protect your organization against users inadvertently sending sensitive information in an insecure manner. Business rules automatically check messages and attachments for sensitive content. Triggering a business rule produces one or more warnings based on the content of the message and the attachment. You can set the business rules as desired.

Enable and disable business rules by placing a checkmark under the Enabled column. Determine the security level of the business rules in the Security level column. Learn more about different security levels

Are there no business rules listed in the Business Rules assignment tab? Then please contact us.

Trusted domains list

It is possible to choose domains for which ZIVVER messaging is not used. For addresses in such domains, ZIVVER will deliver a regular email, instead of a ZIVVER message.

Recipients in trusted domains are not verified. Messages to addresses in trusted domains are not encrypted by ZIVVER.

To exempt messages between certain domains from ZIVVER encryption and authentication:

  1. Go to the Business rules tab in the WebApp.
  2. Add the domain(s) that are used by your organization to the Trusted domain list, one per line.
  3. Add the third-party domain(s) you wish to exclude from ZIVVER messaging to the Trusted domain list, one per line.
  4. Press SAVE
    The list is updated within the next 5 minutes. The list of domains is automatically sorted in alphabetical order.
Every domain name should be on its own line.
Every domain name should be on its own line.

Verification suggestions

Verification Suggestions in the WebApp

Click Verification suggestions contact_phone in the left side panel to manage default authentication methods for recipients. You can search, upload, edit, and delete default authentication methods. Mobile numbers and shared access codes entered by users are automatically added to the Verification Suggestions list. Users within your organization automatically use the authentication methods in this list. This means that users do not have to choose an authentication method every time they message a known recipient. The advantage for recipients is that they can always use the same verification method.

ZIVVER automatically chooses the most secure standard authentication method. Users can not change the default authentication method. Only an administrator can change the default. Users can choose to use a different authentication method.

You can set a default authentication method for recipients in two different ways: manually and via a .csv file.

Manually add verification suggestion

  1. Click the add button person_add .
    A new window opens.
  2. Enter the first name and last name.
  3. Enter the e-mail address.
  4. Enter a mobile phone number. Can’t use a mobile phone number? Then enter an Access Code in the following steps.
  5. Enter an access code.
  6. If necessary, enter a hint for the access code. The hint is added in the notification message for the recipient.

Learn more about the security level of the SMS code and Access Code

Import verification suggestions csv file

  1. Click the upload button publish .
    A new window opens.
  2. Download the sample file.
  3. Fill the sample file with the correct data. The file indicates how to write down the recipient control to be imported.
  4. Click the upload button publish .
    A new window opens.
  5. Click the UPLOAD button. ZIVVER checks the file and shows a preview on the next screen.

Under the tab REJECTED you can see entries that are not correct, with reasons listed. Entries under the REJECTED tab are not included in the import. Under the tab ACCEPTED the entries are correct. These inputs are included within the import.

Manage verification suggestions

Adjust a verification suggestion by clicking the edit edit icon on the right side of your screen. You can change the name, e-mail address, authentication method and value.

Remove a shared recipient check by clicking Delete delete_forever on the right side of your screen. The shared recipient check is no longer available to users.

Search verification suggestions

You can search shared recipient control by email address and name. Click Search search at the top right of your screen to search.

Message revocation

ZIVVER messages can be revoked after sending, either for every participant (including the sender) or just for recipients. Message revocation can be scheduled to occur after a set period, or immediately. Access revocation is designed to fulfill two major functions: - to allow the withdrawal of a message that was sent in error - to allow for situations in which laws or organizational policy require that copies of messages are not kept indefinitely

Set message revocation defaults

As an administrator, you can set a default period of time after which ZIVVER messages sent from your organization expire in the Messages Revocation tab. You can choose to remove messages from recipients’ ZIVVER inboxes (revoke for Recipients), or remove them entirely (revoke for Everyone).

To set an organization-wide message revocation interval:

  1. Go to the Messages Revocation tab.
  2. Toggle Set a default expiration date
  3. Input a suitable interval and time unit in the respective boxes.
  4. Choose whether to revoke messages for Recipients only, or for Everyone.
It is impossible to recover messages which have been revoked for Everyone.

Even if an organization-wide revocation interval is set, users can still modify the default interval and default action at any point before the set revocation date.

This also means that expiry can be cancelled outright, by any user.
ZIVVER versions older than 2.13.24 do not support this functionality.

Audit log

Audit log in the WebApp

The Audit Log lists events in ZIVVER. Filter filter_list by one of the various categories to find the events you’re looking for. Monthly logs can also be saved as .csv files by pressing the download get_app button.

Statistics

Statistics in the WebApp

Statistics bar_chart shows you how ZIVVER is used within your organization. At the top right of your screen you can filter the statistics so that you see the last 7 days or everything since you started using ZIVVER.

Statistics types

  • Sent messages
    Shows the number of messages sent on the Y-axis and the date on the X-axis. The colors indicate which authentication method has been used.
  • Messages sent by users
    Shows the number of sent messages per user over the period you select at the top right of your screen. In the right column you see a trend. You can use this trend to monitor possible problems with usage. Click DOWNLOAD COMPLETE OVERVIEW get_app to download these usage statistics for all users. Download of usage statistics using Internet Explorer 11 is not possible.
  • Read messages
    Shows what percentage of the messages is read and what percentage of messages is unread. Move your mouse over the chart to see the exact percentage.
  • Verification methods used
    You can see which authentication methods are most commonly used. Move your mouse over the chart to see the exact percentage.
  • Types of recipients
    Shows what kind of recipients receive the most messages. You can see the number of messages sent on the Y-axis and the date on the X-axis.
  • Active users
    Shows the number of active ZIVVER users. You can see the number of users on the Y-axis and the date on the X-axis.
  • Replies
    Shows the percentage of messages that are answered. Move your mouse over the chart to see the exact percentage.
  • Revoked messages
    Shows the number of revoked messages. You can see the number of revoked messages on the Y-axis and the date on the X-axis.

Plug-in settings

Plug-in settings in the WebApp

With the ZIVVER Office Plugin you send ZIVVER messages directly from Microsoft Outlook. In the Plugin settings power tab, you can determine which settings are on or off and whether users are allowed to change the setting locally.

Place a check mark under the ON column to enable a setting. With a check mark, this setting is ON for users.

Place a checkmark under the Forced column to force the choice under the ON column - users can not adjust this setting locally.

Leave out the check mark under the Forced column when you want users to be allowed to change the setting locally.

Plug-in settings explained

  • Collect information about non-ZIVVER mails Turn this option ON if you want ZIVVER to collect information about ignored warnings and also about when and to whom users send messages.
  • Activate ‘Secure mailing’ after a business rule recommends it
    Set this option to ON if you want ZIVVER to automatically enable ‘Secure Mail’ when a user receives a warning from a business rule. The user can always deactivate ‘Secure Mail’ himself.
  • Show newest message on top
    Turn this option ON if you want the newest messages to appear at the top of the conversation.

    Let this setting match the appearance of normal e-mails in Outlook.
    
  • Save opened ZIVVER messages decrypted

    This functionality is only available with ZIVVER Office Plugin.
    

    If this option is ON, when you click the link provided in the ZIVVER notification email in outlook, the ZIVVER message is opened and the decrypted content is copied to Outlook mail, so when you open the same notification email again, even on another platform, it now contains the decrypted content, not the notification text. Opened messages can then be read using any e-mail program, but you are not protected by ZIVVER against data leaks.

  • Save received ZIVVER messages decrypted
    Set this option to ON if you want all ZIVVER messages to be automatically stored unencrypted after you read them. This means that messages can be read in every mail program, but in case of theft of the laptop you are not protected against a data breach.

  • ‘Secure mailing’ for every message
    Turn this option ON if you want ‘Secure Mail’ to be turned on for each new message. The user can always deactivate ‘Secure Mail’ himself.

API keys

API keys in the WebApp

Here you can add, activate, deactivate or delete API keys settings_input_component . API keys are used in the ZIVVER SyncTool to connect with your organization within ZIVVER or to export user data (Chapter 10).

Generate an API key

  1. Click the GENERATE button. A new window opens.
  2. Enter a name for the API key. For example SyncTool if you use it for the ZIVVER SyncTool.
  3. Click ADD.
    On the top of the list with existing API keys the new API key appears .

    Copy and save the API key immediately! The key is only shown once.

Deactivate or delete the existing API key

Created API keys can be deactivated or deleted.

EITHER click the check mark under column Active to deactivate an API key.

OR click Delete delete to remove API key.

A new window opens to confirm the deletion. Click YES

Conversation starters

Conversation starters in the WebApp With a Conversion Starter link you create a link to allow people without a ZIVVER account to send a ZIVVER message to an e-mail address within your organization. This link can be then published on the website behind an email safely button. You can also share the link by e-mail.

Create a conversation starter

  1. Click ADD at the top right of your screen. A new window opens.
  2. Enter a description. _The description is only visible within the ZIVVER management environment.
  3. In the Recipient field, enter an e-mail address with a ZIVVER account. This e-mail address will receive the messages.
  4. Enter a subject line. This is the subject of the conversation. The topic is the same for every conversation.
  5. Enter a Welcome note. The sender sees this text when composing the message.

### Using a conversation starter 1. Click the Link link to use the conversation starter. 2. Share the URL with external parties. 3. Copy the Integrated code to your website for a ‘Mail this organization safely’ button. 4. Click CLOSE if you have copied the URL or the code. You can customize the conversation starter data or remove the conversation starter from Settings settings .

Support

Support in the WebApp In the Support help tab, you can contact ZIVVER using the CONTACT button. People at ZIVVER will be happy to help you! Have you seen a suggestion or something that is not right? Then you can report this on support.zivver.com or via the GIVE FEEDBACK button.

Mail Submission

Mail Submission in the WebApp Mail Submission call_merge makes it possible to send messages directly from systems via the secure ZIVVER platform. Emails submitted to the ZIVVER MSA (mail submission agent) in a secure manner are converted to ZIVVER messages.

Mail Submission is an additional service and does not fall under the basic functionality. Contact ZIVVER if your organization wants to use Mail Submission

If it has been agreed in the contract that your organization will use mail submission, you can generate the necessary data here.

  1. Click GENERATE.
  2. Enter a description.
  3. Click GENERATE.
    A new window opens with a user name and password.

<div class="notice-inner">
    This data is only shown once. Save it immediately.
</div>


4. Enter the SMTP login details in the source system from which you want to send ZIVVER messages.

Created SMTP credentials can be deactivated or deleted:

  • Click the check mark under column Enabled to deactivate SMTP login data.

  • Click Delete delete to delete the SMTP login data.
    A new window opens to confirm the deletion.
    Click YES.

Specials

Specials extension are customization and an additional service. Specials are therefore not covered by the basic functionality. Contact ZIVVER if you want to know more about this.

Was this article helpful?

thumb_up thumb_down