Micro Focus Retain 4.8 is now released!

qmangus

We’re pleased to announce that Retain 4.8 is now available! Our latest release features these enhancements: Additional Android file types can now be viewed If a sender/recipient is not recognized as an internal user for both PIN & SMS messages, a mock email address is used when forwarding (e.g. Phone_numberRetain@test.com) MySQL 8.0 is now supported …

+read more

The post Micro Focus Retain 4.8 is now released! appeared first on Cool Solutions. qmangus

Related:

  • No Related Posts

Retain 4.8 is now released!

qmangus

We’re pleased to announce that Retain 4.8 is now available! Our latest release features these enhancements: Additional Android file types can now be viewed If a sender/recipient is not recognized as an internal user for both PIN & SMS messages, a mock email address is used when forwarding (e.g. Phone_numberRetain@test.com) MySQL 8.0 is now supported …

+read more

The post Retain 4.8 is now released! appeared first on Cool Solutions. qmangus

Related:

  • No Related Posts

Citrix Workspace app for Mac and Windows OS fails with “cannot connect to the server” from the internet when connected externally

We observed that removing the response-rewrite policies made it possible to login with LDAP-only in Receiver.

However, we needed two-factor auth and thus had to bind the policies.

With response-rewrite policy bound (the one setting header “X-Citrix-AM-GatewayAuthType” = SMS).

Binding the policy setting “PWDCount=0”, made the Receiver fail.

Entrust – SMS Passcode reported back that if Netscaler version is 12.x, the policy must be replaced with this:

add rewrite policy RWP-RES-REMOVE_2ND_PASSWORD “HTTP.REQ.URL.PATH_AND_QUERY.SET_TEXT_MODE(IGNORECASE).EQ(“/logon/LogonPoint/index.html”)” RWA-RES- REMOVE_2ND_PASSWORD

and a corresponding action:

add rewrite action RWA-RES-REMOVE_2ND_PASSWORD replace_all “HTTP.RES.BODY(99999)” “”\r\n”+n”<style type=\”text/css\”>\r\n”+n”[for=\”passwd1\”] { display: none;}\r\n”+n”#passwd1 { display: none; }\r\n”+n”</style>\r\n”+n”\r\n”+n”</body>\r\n”+n”</html>\r\n”” -search “text(“</body>n</html>”)”

Related:

  • No Related Posts

ShareFile Two-Step Verification

Article Contents (click a link to skip to that section)

Enabling Two-Step Verification

Two-Step Verification settings are managed at Personal Settings > Personal Security > Two Step Verification.

User-added image


You are prompted to enter your country as well as the phone number you would like ShareFile to send an SMS or voice message to. You do not need to enter your country code,. You can choose to receive either a text (SMS) message or a voice call to your provided phone number.

Pressing Send will send a code via the selected method to the provided number. Enter the code on the next screen in order to complete the setup of two-step verification. You are given the option to trust the computer you are currently using. Use this if you do not want to be prompted for another verification code when using this computer and browser in the future. The option to trust the computer can be disabled by the ShareFile Administrator for Client Users.

User-added image
User-added image



Can I force my users to use Two-Step Verification?

ShareFile Administrators can set policies as follows to require user enrollment for Two-Step Verification:

User-added image

Require Two-Step Verification will require that the user group (Client Users as shown in the example above) enroll and opt in for Two-Step Verification. When enabled, the setting will be enabled for all Employee Users or Client Users or both. For new users, the activation process will require that the user enter a phone number that is enabled for text message (SMS) or voice. For example:

User-added image

For existing users, the user is prompted to enter the phone number that is enabled for text message (SMS) or voice on the next login from the Web App, client tools like Citrix Files for Windows, or mobile app like Citrix Files for iOS. See the Web App example:

User-added image



Two-Step Verification for ShareFile apps

Once enabled, the most popular ShareFile apps follow the same two-step verification process as the ShareFile website. These apps include:

  • ShareFile Sync for Windows
  • ShareFile Sync for Mac
  • Citrix Files for Windows
  • Citrix Files for Mac
  • Citrix Files for Outlook (formerly ShareFile Outlook Plugin)
  • Citrix Files for iOS
  • Citrix Files for Android

Citrix Files for Outlook users may need to re-link their plugin after enabling Two-Step Verification.

Set application-specific password for other apps

Some other applications that run outside a browser are not compatible with Two-Step Verification, and you will need to create a separate password. When logging in, please enter this password instead of your regular password. After enabling Two-Step Verification, your typical ShareFile password will no longer be accepted by these apps. These apps include:

  • FTP
  • User Management Tool – the app specific password is only supported when using the UMT UI and is not supported when using scheduled tasks.

You can access creation of application passwords under Application Specific Passwords, using the Create a Password button. On the new screen, you will be prompted to enter a label. This label will help you identify the app if you ever desire to revoke access to it. After clicking Generate, click the Copy button to copy the app-specific password to your clipboard. Next, Paste the new password into the password field of your app.

User-added image
User-added image


Revoking an application specific password

To view or revoke application specific passwords you have previously created, click the Manage Apps link in the Application Specific Passwords section.. On the My Connections page under Connected Apps you will see a list of labels you created for these application specific passwords, as well as when the password was last used. On this page, you can choose to revoke any previously created application specific password by clicking the Revoke link on the line with that password’s label. Any device using that password will have to be reauthenticated with a new password, and the password will no longer show up on this list.



ShareFile Apps that do not support Two-Step Verification

Please note that the following apps do not support the Two-Step Verification feature. If Two-Step Verification is enabled for your user, you will not able to use these apps.

  • ShareFile Desktop Sync for Windows (Adobe AIR)
  • ShareFile Desktop Sync for Mac (Adobe AIR)
  • Enterprise Sync Manager (Adobe AIR)



Backup codes

ShareFile allows you to generate a set of backup codes that can be used in the event that you will be unable to access your phone. Generate these codes using the Generate Backup Codes button. These codes may each be used only once. They will become invalid when a new set of codes is generated using this button.

User-added image



Disabling Two-Step Verification

If Two-Step Verification policies are not set for the user group you belong to, you can disable the feature using the Disable button at the bottom of the page. You will need to reenter your password to verify.

You can disable this feature for all users on your ShareFile account at Admin Settings > Security > Login & Security Policy > Two Step.

If the Two-Step Verification policy for the user group was set, the Disable button will not be shown to the user group.

Login with Two-Step Verification

After you have set up your Two-Step Verification, you will be prompted for your verification code after logging in to ShareFile on a computer you have not opted to trust. You must enter the code you have received most recently in order to proceed to your ShareFile account. If you do not receive the code, you can select I didn’t receive a code for more options. If you are still unable to get in to your ShareFile account, please contact your ShareFile administrator.

User-added image
NOTE: When Enable “trust this device” for Clients Users is set to no, the trust option checkbox is not visible for Client Users as shown here.
If you have generated backup codes prior from the following:

User-added image

You will see an additional option for the verification code:

User-added image

FAQ

  1. What backup capabilities are available for users in case they don’t have the phone registered for Two-Step Verification?

Users have the following choices for backup:

  • Using Authenticator App – users can configure supported Authenticator app like Microsoft or Google by following the instructions under Personal Settings-> Personal Security -> Two Step Verification.
User-added image
  • Using Backup Codes as shown prior
  • Enter a Backup Phone (Voice for example if you use SMS / Text previously)
User-added image
  1. What is the expiration time frame for the text / SMS or voice based passcode?
The text / SMS or voice based passcode will expire in 2 minutes
  1. Can I disable Text / SMS / Voice option for Two-Step Verification if I have setup an Authenticator app?
At this time, the authenticator app support serves as a backup where the phone is the primary option. We are validating the right set of capabilities to enable authenticator app as the primary option with phone as a backup.

Related:

  • No Related Posts

Features Request: System admin alert when communcation to customer mail server is disrupted

I need a solution

Last week, we signed on with Symantec Email Security.cloud and I’m looking for a feature wherein, when communication between Symantec Email Security.cloud system and the customer’s on-premise mail server is disrupted or broken (which would occur, for example, if customer’s Internet connection goes down, or if customer’s mail server is down), and thereafter, incoming emails start queuing up at Symantec Email Security.cloud system, it does the following:

– after a pre-configured/specified time lapse (say 30 minutes), Symantec Email Security.cloud system sends out alert via SMS and email (can be personal email), both of which can be specified via a config page on Symantec Email Security.cloud system portal page.

Right now, Symantec Email Security.cloud system appears to wait ’til incoming emails piling up in a customer’s queue reaches certain threshold limit (which can be pre-configured, and I’m told that it should be around 10 to 15% of daily email volume), and when someone at Symantec Email Security.cloud notices the threshold limit being reached or exceeding, that person picks up the phone and calls the customer admin.  So, it’s a queue volume-based system, and it’s clearly a manual system.  A problem I see with this system is, this type of breakage in communications between a email security cloud system and customer’s network or server typically occurs at late night hours (ask me how I know).  And during those off-peak hours, the volume of emails is substantially lower than during peak/business hours.  So, 10 to 15% is going to be reached after probably (throwing out a random number here) like 8 hours.  In such case, well, that’s next business day morning, and users are already at the office.  So, for faster reaction, I suppose this threshold limit can be lowered to like 1 to 5%, but that probably rquires several adjustments to reach an optimum figure.  So, instead of threshold limit-based trigger, if it can be setup for time-based (again, let’s say 30 minutes after the customer can’t be reached), it’ll be a far better and more responsive alerting mechanism.  We’ve had this with MX Logic and Proofpoint, two competitors of Symantec Email Security.cloud, and we found it tremendously useful.

Also, if and when said trigger condition occurs, instead of some live person picking up the phone to call the admin, wouldn’t be easier for everyone involved if the cloud system just SMS texts the admin’s mobile number? (and, perhaps double that effort by emailing said admin also, to his or her personal/secondary email address).  And, only call the admin if there’s no resolution even after 4 or 8 hours.  Right now, I get SMS texts every evening from Symantec Email Security.cloud announcing that Email Encryption Maintenance is in progress and, later, that said maintenance has finished.  I personally don’t find this particular notification useful, but the point is, Symantec Email Security.cloud system already, on some levels, utilize SMS texting to notifiy/alert customer admins.  So, would it be too difficult to apply this SMS alerting mechanism to the above-described connection-to-customer-system-broken type of situation??

Implementing this type of feature is obviously a matter of deploying some developers and cranking out some codes.  Please get this done.  Symantec Email Security.cloud is behind on its competitors on a number of features as it is.

Regards,
Randall Yoo

0

Related:

  • No Related Posts

Dual Password Field wrongly shows in First Authentication Prompt when connecting to NetScaler Gateway using Receiver

Consider the following scenario, you are using LDAP + SMS passcode RADIUS authentication.

The behavior is that user will first authenticate to LDAP, and then an SMS passcode is sent to their mobile device, which is used for authentication. Unless the user is authenticated to LDAP first, they will not receive the SMS. This is a 2-step authentication.

User-added image

On the NetScaler Gateway, if you enable primary authentication as LDAP and secondary authentication as RADIUS then the user is prompted for two passwords. This leads to a tricky situation since the user cannot obtain the SMS password until they authenticate once with LDAP.

Related:

7022489: Users are able to see mobile phone numbers on contact details despite this setting being enabled

Steps to duplicate:

1. Have a user with eDir user object association, for instance.

2. In iManager add the “mobile” user object attribute to one of theusers and define his new mobile phone number.

3. Let the MTA sync with the eDir.

4. Although “Mobile Number” field is not enabled in the “AddressBook” tab of a domain, users can see still his mobile numberat:

a) Summary as SMS field

b) Advanced in Mobile Phone field

This has been tested the same with GW18 backend and:

1. The gw18 client does not show mobile phone field in any place,i.e. what customer wants.

2. Using 2014 R2 client build 129300 against the GW18 backend, theclient still shows a mobile number of a contact.

Related:

  • No Related Posts