Internal Users

The user list is created by seppmail.cloud automatically. The system is being taught the active users of the SC-F-INBOUND-Service by them being accepted by the recipient domain. In case of SC-MS365, the system is being taught the users by the way the messages for these users are processed by MS365.

Administrators can deactivate users or remove their rights to encryption and/or signing. These are then no longer considered for the Usage Statement. We recommend to deactivate users instead of deleting them, as otherwise they could be recreated automatically.

Administrators can add users also manually.

If one of the services SC-SIGENC or SC-SIGONLY is active, the user is created and the certificate received upon the first delivery of a message that needs to be signed. Since this is always associated with a small delay on the part of the MPKI provider, the very first message is temporarily rejected and only processed in the second delivery attempt.

empty

Note:

Even if the partners themselves do not use seppmail.cloud services, they can still manage the partner administrators here.

Start with the tenant, filter and number settings first.

Field	Description
Tenant	Select the tenant for which users are to be listed. The first appropriate tenant (which has active managed domains) is pre-selected. If necessary, change to another tenant.
Filter	Optional: Enter a free text as filter. You can use the wildcard sign "*" or negate the search with a leading "!".
Number field	The maximum number of users to be listed is pre-set to 500. If necessary, adjust this number.

Field

Description

Tenant

Select the tenant for which users are to be listed.

The first appropriate tenant (which has active managed domains) is pre-selected. If necessary, change to another tenant.

Filter

Optional: Enter a free text as filter. You can use the wildcard sign "*" or negate the search with a leading "!".

Number field

The maximum number of users to be listed is pre-set to 500. If necessary, adjust this number.

Hit ENTER or click Fetch Users to list the users. If the maximum number is exceeded, a warning appears and you either need to adjust the maximum number or enter some filter term.

The following options are available for the user list.

Field

Description

sort by

Sort the display by (single selection only):

Name, E-mail, active (date), Admin, Sign/Encrypt

reversed order

Switch the order (from Z to A, or from old to new).

The following buttons are available:

Download .xlsx - Download the user data in Excel format

Download .csv - Download the user data in CSV format (comma-separated values)

Add user - Add a new user

Fetch Users - if a setting for tenant/filter/number has been changed, create a new user list

User List

Name

Free text entry, for information only.
If a user name is set in the first outgoing message, this user name will be entered automatically.

E-mail (Localpart)

E-mail address.
This is mandatory and uniquely identifies a user.

On the right-hand side, the corresponding managed domain can be selected.

Role(s)

In case of end users, this column is usually empty (see role "User" in chapter Users and Roles).
If a role is entered here, the user will bet set to partner or tenant administrator automatically.

Allow login

Select to allow login at seppmail.cloud (the user then counts as active).

Sign / Encrypt

Select the desired options for the user.
If no such services are active for the customer, this setting is irrelevant. If only signing is active, the encryption status is irrelevant.

Force disable all cryptographic methods

This option disables all cryptographic treatments on emails. It has three possible positions: right is switched on, left is switched off, the middle means that the actual value is inherited from some higher level (typically "default").

Turning this on automatically sets the Sign / Encrypt options to "no singing or encryption" and deactivates the corresponding selection menu.

When the option is turned off again, a hint is displayed that the Sign / Encrypt setting needs to be adjusted accordingly.

Two-Factor Authentication

For improved security, a two-factor authentication can be set up by the administrator for the user. In the case of two-step authentication, the code received on the corresponding path must additionally be entered as a one-time password when logging in.

When logging in for the first time after switching on the two-step authentication, the user must set up the authentication defined by the admin accordingly.

Setup options:

none
SMS - at first login, opens two fields for entering the phone number (pattern: 00XX XXX XXXXX) and the current login password for confirmation. Then click Send One-Time Password. The one-time password is sent by SMS to the telephone number entered and must then be entered again for confirmation.
Email (not recommended) - at first login, opens a field for the current login password. Then click Send One-Time Password. The one-time password is sent by email to the user address and must then be entered again for confirmation.
Authentication App (OPT) - at first login, opens a QR code that can be scanned with an authentication app (for example Google Authenticator) and a field for the current login password. The result in the app must be entered under Validation in the field "Type in one-time password". Then click Confirm One-Time Password.

After a successful change the following message appears "Success - Two-factor-authentication settings have been updated".

S/MIME Certificates

Displays the number of available S/MIME certificates for this user.

Via Show Details, an overlay with detailed information opens in which certificates can be copied by line or downloaded, as well as revoked. Active certificates show a green icon on the top right, revoked ones a grey icon.

[BETA] Only available if Beta Testing is switched on: Via Add, an S/MIME certificate in the formats .pfx or .p12 can be uploaded. Provide a password if the certificate has a password.

PGP Keys

Displays the number of available PGP Keys for this user.

Via Show Details, an overlay with detailed information opens in which the Key ID and Fingerprint can be copied, and keys can be downloaded or deleted. Deleted keys are removed from the list.

[BETA] Only available if Beta Testing is switched on: Via Generate, a key will be generated. Via Add, a key in the formats .pgp or .asc can be uploaded. Provide a password if the key has a password.

Quarantine report E-mail notification

Activates or deactivates the sending of the quarantine report by E-mail.

hint

Note:

Administrators can choose to receive quarantine reports for all or selected domains in their profile.

hint

Note:

All users can subscribe to or unsubscribe from their personal quarantine report in their profile.

Enable One-Click Release

Enables messages to be released directly from the quarantine report, see Quarantine report (one-click release) .

Send mails even if report is empty

This leads to regularly sent mails even in case of empty reports. This way it can be tracked that the quarantine check for E-mails takes places.

Time selection

Select at which time(s) the delivery should take place (in the morning at 6 am, midday at 12 am, in the evening at 6 pm). Only active if the quarantine report is selected.

User Default LFT allowed

Shows the default LFT setting of this managed domain. This can be changed per user by an admin.

User Default LFT Quota

Shows the default LFT quota available per user of this managed domain. This can be changed per user by an admin.