Upload
duongduong
View
233
Download
0
Embed Size (px)
Citation preview
iDGARD User Manual Section III, Version 1
1
iDGARD User Manual
Section I: iDGARD at a Glance, Application Fields, Positioning,
iDGARD vs. Others, Security Basics Section II: Service Features Application via Browser Section III: Administrator Manual Setting up Single Sign-on Section IV: Application of Windows Productivity Tool Application of Office Add-In (Outlook, Word, etc.) Section V: Application via iOS App
Application via Blackberry / Android App Application via WebDAV Section VI: Further Tips & Tricks
for Data Rooms Section VII: API Definition
iDGARD User Manual Section III, Version 1
2
Table of Contents: Section III
Table of Contents: Section III ........................................................................................................ 2
1 Registration of a New iDGARD Account .................................................................................. 3
1.1 Non-binding Trial Package ............................................................................................. 3
1.2 Confirmation E-mail & Activation Link ............................................................................ 4
1.3 Direct Acquisition ........................................................................................................... 4
2 Administrator Overview ............................................................................................................ 5
2.1 List of Users ................................................................................................................... 5
2.2 Settings .......................................................................................................................... 7
2.3 Account Status ............................................................................................................... 9
2.4 Orders ............................................................................................................................ 9
2.5 Master Data.................................................................................................................... 9
3 Licenses, Roles, and Rights Overview ................................................................................... 10
4 Account Settings Carried out by Uniscon............................................................................... 10
4.1 Orders .......................................................................................................................... 10
4.2 Master Data.................................................................................................................. 10
4.3 Data Backup (Sealed Backup) ..................................................................................... 10
5 Integration of LDAP / Active Directory .................................................................................... 12
5.1 Installation of EMS ....................................................................................................... 12
5.2 Configuration of EMS ................................................................................................... 12
5.3 Creation of „Enterprise Secrets“ .................................................................................. 13
5.4 Classification of iDGARD Users in LDAP Groups ....................................................... 13
5.5 Cost Minimization with Floating Licenses .................................................................... 13
Guidance for Enterprises ............................................................................................................. 14
iDGARD User Manual Section III, Version 1
3
1 Registration of a New iDGARD Account
iDGARD ensures organisations, businesses and freelancers confidential and
compliant internal and external online communication. For security purposes
(since you are the only party able to access your data), please sign up entering a
user name and password as well as your organization's master data. You may
settle service use via invoice or direct debit. For enterprise package deals, kindly
contact our iDGARD Business Support hotline: (+49-89) 4161598-7.
1.1 Non-binding Trial Package
At www.idgard.de, you can sign up for a non-binding 14-day free trial. In selected
cases, disposing of a Bonus Code entitles you to a longer trial period. For a trial
customized to your needs, please contact our iDGARD Business Support hotline:
(+49-89) 4161598-7.
Registration consists of three steps:
1. Master data entry
2. Creation of user name and password
3. Declaration of consent to
a. the model Commissioned Data Processing Agreement pursuant to §
11 BDSG (ADV), i.e. the Federal Data Protection Act regarding
commissioned collection, processing or use of personal data,
b. the Terms & Conditions and
c. the Data Privacy Statement.
Important Note on User Names & Passwords:
Uniscon, the service provider of iDGARD, can not access the aforemen-
tioned data in any way whatsoever. Therefore, kindly memorize your user
name and password or deposit it with a trustee or other maximum-security
party, since Uniscon has no way of restoring or resetting said data, if you
lose it.
Recommendation:
We suggest creating this account merely for service administration purposes and
(if you, too, wish to use iDGARD) that you create an employee account for your-
self. This allows for administrator rights to be handed over easily and conveniently
to a successor, if and when necessary. We therefore recommend selecting a user
name that is not associated with you but rather with your organization.
Your free trial ends automatically upon expiration. However, you may switch to
further use for a fee through your iDGARD account anytime.
iDGARD User Manual Section III, Version 1
4
Please make sure your e-mail address is spelled correctly. Once registration is
completed, you will receive an activation link with which to clear your iDGARD ac-
count. Login is not possible until you have activated this link.
The user that performs this initial registration is the so-called Registration Adminis-
trator.
1.2 Confirmation E-mail & Activation Link
The instant you order the service, i.e. once you have entered the master data, se-
lected a user name and password, and declared your consent, you will receive a
confirmation e-mail with an activation link. If you access the link, the service is in-
stantly cleared for you and automatically routs you to the login form.
Whether you wish to conclude a model Commissioned Data Processing Agree-
ment with Uniscon pursuant to § 11 BDSG (ADV), i.e. the Federal Data Protection
Act on commissioned collection, processing or use of personal data, depends on
whether you advocate the judicial conception of absolute or, rather, relative per-
sonal reference. If you champion the less constrictive interpretation of relative per-
sonal reference law, then you won't need a Commissioned Data Processing
Agreement, to use iDGARD. After all, Sealed Cloud technology technically ex-
cludes that any personal reference data is accessible by Uniscon in the first place.
If you wish to (or must) conclude such a contract in order to use iDGARD, then
kindly note that the Agreement shall be amicably be declared null and void unless
made in writing and become effective only once your organization and Uniscon
have mutually exchanged signed copies of said Agreement.
1.3 Direct Acquisition
Should you wish to skip the trial phase and, instead, prefer to access all iDGARD
features immediately or add further licenses, you may simply switch to the admin-
istrator overview once you have logged in and access the "Order" tab. Here, you
can switch to payment mode directly.
You are, of course, also welcome to authorize our back office to switch the access
to payment mode for you.
For the latter, and for twelvemonth package deals or offers for large-scale organi-
zations or enterprises, please contact our iDGARD Business Support hotline:
(+49-89) 4161598-7.
iDGARD User Manual Section III, Version 1
5
2 Administrator Overview
Users granted administration rights see the icon on their overview.
Clicking this symbol allows them to access the administrator overview.
Here, one can find a list of users, the defined settings, account status information,
a page to modify orders, and a page listing the master data.
2.1 List of Users
The user list reflects all Full and Guest Licenses in use.
The icons in the displayed columns represent the following:
role
status, i.e. „activated“, „deactivated“ or „ready for invitation"
license, i.e. Full License and Guest License
memory volume consumed in own Privacy Boxes
memory volume consumed in third-party Privacy Boxes
name
personnel data, e.g. company name or personnel number
date and time of last login.
Here, you also find:
how many guests have created and invited a user with a Full License, and
how many Data Rooms authorized users have created.
iDGARD User Manual Section III, Version 1
6
One may also define whether a user with a Full License may:
create or modify temporary Privacy Boxes,
create or modify Privacy Boxes, or
create or modify Data Rooms.
The Guest License icon applies to the column in which one may define
whether or not a Full License user is entitled to invite guests.
Last but not least, e-mail notification columns define whether or not notification of
new and unread entries is desired
on the hour or
once a day.
If you wish to modify access rights, simply click the respectively labeled button.
If you wish to disclose the details page to all users, click the Role icon. With Guest
Licenses, the details view reveals who defined them.
To delete a license, simply click the waste bin in the right-hand column.
iDGARD User Manual Section III, Version 1
7
!
2.2 Settings
Under „Settings“, a user can adjust all corporate-wide and/or ac-
count-wide settings.
The first setting allows you to insert your company logo, so can re-
mind the user that, with iDGARD, your organisation or company con-
trols all data and not the service provider of iDGARD. When you select and upload
a logo with the "select file" button, it stands out on the iDGARD bar on the top of
every page.
Apart from this feature, all other settings concern security options and preferences.
To facilitate configuration, you are presented typical setting models for
Protection Class I
Protection Class II or
Protection Class III
security pursuant to the German Government's TCDP (Trusted Cloud Data Protec-
tion) profile. You may define and adjust security to the degree your individual busi-
ness needs, to store and share data with iDGARD. The Federal Ministry of Eco-
nomics' pilot "Data Privacy Certification" has submitted a working paper, whose
essence is illustrated in an online calculator (available at
www.idgard.de/schutzklassen), with which you may assess the processing securi-
ty that is best suited for your business.
Please note that the illustrated models merely represent typical case study set-
tings. Necessary protection class settings may vary on an individual
basis.
Selected setting options are shown when you access the red cloud icon.
One of the first options deals with whether or not the first and last access of a
member should be visible in the Privacy Box created by account users or whether
only the first but not the last access should be displayed.
Note: This feature is often appreciated by works councils, since it ensures a high
level of business data privacy, needless to say, only in the event that said data is
not subject to disclosure obligations.
A further set of options concerns password and codeword criteria. iDGARD has a
mandatory password regulation that demands a minimum of 8 characters. Within
this options block, one can also define whether
iDGARD User Manual Section III, Version 1
8
at least 1 lowercase and 1 capital letter,
at least 1 digit,
at least 1 special character or
periodic password modifications should be mandatory or
existing passwords rejected.
This feature allows regulations to be defined up front, so that passwords are not
easily guessed and, should the case arise, identified ones remain effective only for
limited periods of time.
A third block of options concerns whether or not WebDAV interface usage rights
are to be granted. Using WebDAV customarily requires local memory of user
names and passwords and is thus merely advisable if the device in use is located
in a trustworthy environment.
A fourth block concerns 2-factor authentication. 2-factor authentication ensures
confidentiality in the event of ID theft, e.g. per SMS Passcode. The hazards posed
by ID theft as a result of malware on your device or camera surveillance are not to
be underestimated. User names and passwords are fairly easy to guess, as well.
Hence, it is often advisable to enforce mandatory 2-factor authentication.
A fifth block pertains to surveillance of encrypted connections between terminals
and iDGARD. Encrypted connections from and to devices can be jeopardized by
so-called man-in-the-middle attacks, if certificates are not tested explicitly. In order
to increase data transfer security, it normally makes sense not to leave certificate
testing of device software up to the user.
A sixth block applies to regulations regarding session time-outs. In order to pre-
vent unauthorized parties from taking over user sessions, we recom-
mend session time-outs at short intervals upon inactivity. Long-interval
time-outs are only recommendable for users working in trustworthy en-
vironments.
A seventh block defines the rights new users are granted regarding Privacy Box
types they may create or modify.
In an eighth block, one can set the maximum lifespan of new tempo-
rary boxes.
iDGARD User Manual Section III, Version 1
9
2.3 Account Status
Here,
the account number, the number of booked and used licenses, the booked and consumed memory volume, the number of booked and used Data Rooms, and the number of exhausted text messages
can be checked for the purpose of service inquiries.
2.4 Orders
On the „Orders“ page, you my add or delete licenses to your account.
You may also switch from one standard package deal to another. For
customized packages, please contact our iDGARD Business Support
hotline: (+49-89) 4161598-7.
The rates mentioned herein are monthly usage rates. Rate changes can be seen
here directly. If you modify your order, the adjustment will become effective only
upon further confirmation. You will then be routed to the status page to confirm the
new status.
2.5 Master Data
On the Master Data page, you can check and, if necessary, update
your organization's master data and find out who your respective ad-
ministration and accounting contact is.
iDGARD User Manual Section III, Version 1
10
3 Licenses, Roles, and Rights Overview
See User Manual, Book II, Chapter 2.
4 Account Settings Carried out by Uniscon
4.1 Orders
If you prefer for Uniscon to modify your order status, no problem. Simply send your
request to [email protected] or Uniscon GmbH, Agnes-Pockels-Bogen 1,
80992 Munich, Germany.
4.2 Master Data
If you prefer for Uniscon modify your master data, this is feasible, as well. Simply
send your request to [email protected] or Uniscon GmbH, Agnes-Pockels-
Bogen 1, 80992 Munich, Germany.
4.3 Data Backup (Sealed Backup)
Application
Geo-redundant*, automatic backup on provider-side,
safeguards against data loss in the following cases:
• accidental deletion through the user
• complete destruction of all redundant structures in one of the data centers.
All data and single files can both be restored. The type of backup mentioned here-
in is automatic and causes users no network traffic.
What is Sealed Backup?
Conventional backup systems have the drawback that the service provider has a
reading key with which it can access and reset data, if necessary. This categorical-
ly allows provider staff to access user data even if unauthorized.
In contrast, Sealed Backup creates backup copies, to which service provider staff
have absolutely no access whatsoever, neither when backup copies are created
nor, should the case arise, when data is restored.
iDGARD User Manual Section III, Version 1
11
How can I add Sealed Backup to my order?
iDGARD customers can add Sealed Backup to their account per flat (blanket) or-
der. This covers the entire account and is provided by Uniscon within one work-
day.
How often are backup copies created?
The following backup copy scenarios are available in case of need:
- daily data status of the past 7 days (end of period: 2 AM CET),
- the data status of the past 7 weeks (Sundays) and
- the data status of the past 7 months (the first Sunday of each respective month).
How is backup data read?
If applicable, the iDGARD customer contacts Uniscon for a reading session, men-
tioning his/her customer ID and the date of the desired backup copy.
On the agreed date, all data or mere single files are accessed, buffered locally,
and fed back into iDGARD with the account administrator's access data (to the
respective backup call date and under a separate iDGARD infrastructure URL).
How can iDGARD guarantee deletion with Sealed Backup?
Since a deletion guarantee is normally incompatible with backup, one can explicitly
exclude backup of individual Privacy Boxes and/or Data Rooms. The box adminis-
trators can control this setting themselves. Of course, the statutory right to deletion
upon request of the user remains unaffected.
iDGARD User Manual Section III, Version 1
12
5 Integration of LDAP / Active Directory
Integrating iDGARD in your Intranet domain's identity management carries the fol-
lowing benefits:
The initial obstacle of having to enter a further user name and password is
eliminated. Experience has it that, when confronted with such hurdles, us-
ers tend to sidestep security and give way to less reliable systems. Elimi-
nating such obstacles in secure systems therefore actually benefits security
and data privacy. If you have integrated iDGARD into your system with sin-
gle sign-on, then your staff merely has to click a button in your Intranet or a
bookmark in the respective browser and is then already logged in to iD-
GARD. The security data to your domain automatically applies to iDGARD
login, as well.
What's more, with this type of integration, you no longer have to create sin-
gle users individually in iDGARD. The system creates them automatically
for you with your domain controller's parameters upon first use.
The aforementioned requires an Enterprise Management System (EMS), which is
operated within your domain.
5.1 Installation of EMS
System requirements for EMS operation are:
Linux or Microsoft server (dedicated or virtual, preferably the former)
8GB RAM minimum
network configuration that ensures your organization's iDGARD users
availability of said server
Installation occurs with the aid of a convenient installer program, that our Service
team provides once EMS installation is ordered.
5.2 Configuration of EMS
The next step consists in configuring the EMS. The inquiry format is entered, to
this end, for the domain controller pursuant to your environment. An online demo
of EMS configuration is available at https://www.idgard.de/demo-ems/.
iDGARD User Manual Section III, Version 1
13
5.3 Creation of „Enterprise Secrets“
The core requirement, to be able to authenticate data in iDGARD without being
able to access client user names and passwords, is achieved via Enterprise Se-
cret.
An Enterprise Secret can be created by the Registration Administrator only. When
he/she clicks the "Create Enterprise Secret" button and this is reconfirmed via
password, then iDGARD automatically creates a Privacy Box with a time stamp in
its name, which comprises the 256 byte long Enterprise Secret (within a likewise
automatically created message). From there, the Registration Administrator can
copy it to the respective area in the EMS. This ensures that, even with this applica-
tion, service provider staff can never access any data that is necessary for authen-
tication at any time whatsoever.
5.4 Classification of iDGARD Users in LDAP Groups
Different user groups can be divided into differing LDAP groups,
on the one hand, so user fees may be classified according to groups, and
on the other hand, so varying user groups can be granted varying rights.
For example, it might be wise to grant a user group heading a project the right to
invite guests to a Privacy Box and create Privacy Boxes and Data Rooms yet not
grant these rights to regular employees. This is conveniently configurable via
EMS.
5.5 Cost Minimization with Floating Licenses
Not all employees of all organizations necessarily need iDGARD access at all
times. It might be advisable to hold iDGARD licenses available for all employees
but grant the rights to use them as and when required only.
EMS enables pay-per-use settlement and floating licenses. Feel free to contact us
for more.
iDGARD User Manual Section III, Version 1
14
Guidance for Enterprises
Please don't hesitate to contact us for a tailor-made solution adjusted to your
needs. We can integrate iDGARD into your system, to ideally optimize your busi-
ness' processes. Simply call our iDGARD Business Support hotline (+49-89)
4161598-7 or e-mail us at [email protected].