Once logged in to the Management Console, you will be taken to the Users tab. Enterprise customers can create what we call "local users" (because their information is stored in the Management Console's local database), as well as import users from Active Directory or LDAP. Local users can be created manually, one-by-one, or created in bulk by importing a .CSV file.
Each user must belong to a group. A default local user group is created automatically with the name of your company. (For example, if your company is named "Burbank", your default user group will also be named "Burbank".) For more information, see our instructions on how to create additional local user and LDAP groups.
ADD LDAP USERS
In addition to local users, Enterprise customers can also add users to their SpiderOak account by syncing groups or organizational units from LDAP or Active Directory. For the purposes of this documentation, we will refer to "LDAP or Active Directory" as LDAP, as we use Active Directory via its LDAP interface.
The Management Console can access your LDAP either via an anonymous user or via an authenticated user on the LDAP. If you are using an authenticated user, please make sure you have the following details before attempting to configure the LDAP connection:
- Username (in LDAP, typically a full DN, for Active Directory the userPrincipalName)
- Account password
All configuration options related to LDAP are located on the Account page of the Management Console and are described below.
Auth method - This should be set to either ldap
or local
. If set to ldap
, both local and ldap users will function.
Dir auth source - This field can either be left blank or set to "dn". If configured, users will be authenticated using their full distinguished name instead of the field configured under Dir username source (see below).
Dir base dn - This is the DN above all possible user accounts and groups in the directory tree that we are syncing. Typically, if your domain is ad.burbank.com
, your base DN will be dc=ad,dc=burbank,dc=com
. In Active Directory, you may find the DN by turning on the “Advanced Features” view in the “Active Directory Users & Computers” MMC. An extra tab for attributes will appear in the object properties window for your group or organizational unit which will include the DN. More information to determine the LDAP DN of an Active Directory object can be found at this Microsoft Knowledgebase Article: http://support.microsoft.com/kb/223399
Dir fname source The field in LDAP containing the first name of a user. This is normally set to givenName
.
Dir guid source - The GUID field in LDAP. This is normally set to uid
for LDAP and objectGUID
for Active Directory.
Dir lname source - The field in LDAP containing the last name of a user. This is normally set to sn
.
Dir member source - The field in LDAP that determines which groups a user is a member of. Depending on your configuration, this is normally set to either memberUid
or member
.
Dir password - The password for the user account dedicated to the Management Console.
Dir type - This is set to either ad
or posix
depending on if you are using Active Directory or LDAP, respectively.
Dir uid source - The field in LDAP containing the user ID. This can normally remain blank when using Active Directory or be set to uid
when using LDAP.
Dir uri - This is the full domain or IP address of the LDAP server. If your LDAP server is located at ad.burbank.com
, the URI should be set to ldap://ad.burbank.com
. If your LDAP server is configured to accept connections over TLS, ldaps://ad.burbank.com
will also work. The standard ports for LDAP are 389 and 636. If your server is configured to use a non-standard port, you may need to include it in the URI. For example, ldap://ad.burbank.com:6380
.
Dir user - This is the DN of the user account dedicated to the Management Console. Depending upon the details of your LDAP or Active Directory configuration, you may need to provide here the email address, the full DN, or the user's Active Directory userPrincipalName
.
Dir username source - The field in LDAP containing the username. The username must be in an email style format: <user>@<domain>.<extension>
. For example, either jdoe@example.com
or jdoe@example.local
are acceptable. This is normally set to mail
when using LDAP or userPrincipalName
when using Active Directory.
Once the LDAP connection has been properly configured, you are ready to create LDAP synced groups.
ADD A LOCAL USER
To add a user manually, select the Add User button. Enter the user’s email address, name, and select a group. The user will be emailed a confirmation message with instructions on how to create a password and set up his or her account. Enterprise customers can elect not to send this email by unchecking Send Activation Email in the Manage tab under Edit Account.
CSV IMPORT
If you need to add a large number of people to your account, see Importing Users With a CSV File.
VIEW USER DETAILS
In the Management Console, every user has a Detail page where the administrator can find information and change settings specific to each account. The admin can locate a user by searching for their name or email address, or simply browse the user list. The user list can be sorted by most of the available columns and columns can be added or removed via the Filter Columns drop-down menu. To view the details of a user, simply select the Detail link next to their information on the Users page.
EDIT USER DETAILS
At some point, you may need to make changes to a user account. To do this, first access the user's Detail page. From there, you can edit the user's name, email, group, password, and disable or delete the user. After making any changes, remember to click the “Save Changes” button. In the case of a user synced from LDAP, the user's name, email, group, and password will be uneditable in the Management Console and must be changed from the LDAP server.
BONUS GBs AND BUMP SPACE
If you choose to limit the storage space available to certain users, some users may eventually need additional space. You can increase a user's space by entering a number into the Bonus GBs text box. Their total storage space will be increased by that number of gigabytes. The user may need to close and reopen their desktop client in order to see the change. In addition, if the user only needs additional space for a short period of time, selecting the Bump Space button will increase their available storage by 5GB for 72 hours.
PURGEHOLD
Enabling Purgehold on a user account will cause all uploaded data, including data the user has deleted from within the SpiderOak desktop application, to be retained for admin access. It will still appear from the user's perspective as if the deleted files have been removed.
ACCESS USER DATA
As an administrator, you can access the data uploaded by a specific user from the User Details page. Select the Access User's Data button. (If the user has not backed up any data, this button will not appear.) You will be transferred to the Dashboard for the user’s account where you can view the web portal exactly as the user sees it. From the tabs at the top of the Dashboard you can navigate through a user's Hive folder, devices (under the Manage tab), ShareRooms, and additional account details. Any file or folder in a user's backup selection can be downloaded directly from this interface.
DISABLE A USER ACCOUNT
Disabling a user account is as simple as unchecking the "Enabled" box on their User Details page and saving. Once a user is disabled they will be unable to connect to SpiderOak via web access or mobile. However, the user does retain access through any currently logged in desktop applications. The user's backed up data will not be removed and their account license will still be considered "in-use".
DELETE A USER ACCOUNT
To delete a user and the data within the user account, select the checkbox in the Delete? column next to the user’s name on the Users page, then select Save Changes at the bottom of the page. Alternatively, when accessing User Details, you can select Delete User at the bottom of the page. You will be prompted with a confirmation pop-up box. Select Yes, Proceed to delete the user and any data that has not been purged. LDAP users cannot be deleted until they have been disabled or deleted from LDAP.
RESET A USER'S PASSWORD
If a local end-user has forgotten their password, there are two options; an admin can manually change the user's password or send a password reset email for the user to change their own password. These options are found on the User Detail page.