TABLE OF CONTENTS
- Security Considerations
- The Export Tool
- Explanation of Fields
- License Key
- Log Server ID
- Mandatory Secure Folders
- Key Server ID
- Session Options
- Application Blacklist
The enterprise configuration export tool is designed to simplify onboarding for regular non-admin users within an organization. Additionally, it can be used to apply policies and policy changes to other Atakama installations.
The enterprise configuration must be exported and distributed via GPO or similar tools to all non-admin users within an organization. Copying the enterprise configuration to the workstation's "C:\Program Files\Atakama" folder in a file named "enterprise-client.config" is also sufficient. If installing manually, you can have the Atakama MSI installer put the enterprise configuration to the above location by placing the "enterprise-client.config" file in the same folder as the MSI installer prior to manual installation.
Note: This must be done before the user launches the software for the first time, as the software will not trust configurations that are not signed after the software has been run.
Administrators (i.e., full clients) within Atakama have access to all files contained within the locations they setup. The administrator who creates a Secure Folder (the location(s) where files will be encrypted by Atakama) will have access to encrypted files within that location. There may be situations therefore when a centralized administrator may not be appropriate. However, even when the setup involves multiple administrators (or no administrator), Atakama can support centralized auditing, logging, and policy tracking, thereby minimizing the risks associated with centralized administration.
After installing a license key, click on the "New Configuration" menu option in the control panel. This will open the Enterprise Configuration Export screen.
Users can also select open configuration file which will load the selected configuration into the export tool instead of starting with a blank one.
The type of client determines how much control the end user has over their Atakama installation.
This is akin to an admin user. Has the ability to add new share locations, accept new users into a location, remove users from a location, choose backup keys, and access the control panel to configure options and the like. For a full list of features, check the Administrators page.
This is akin to the regular user. Streamlined onboarding, no need for backup keys, no access to the control panel, or any other settings and configurations.
The alphanumeric activation code is given when the product is purchased. The license will be exported and used to activate all lite client users who load the enterprise configuration.
When supplied, all user activity will be logged securely using E2EE to the log server identified. See Adding a Centralized Logging Server.
Allow users to write to the root of the Atakama drive, using storage backed by their local machine to save files locally (e.g., c-drive). This option can only be edited in configurations for full clients.
This is a list of Administrators who will have the ability to create and change enterprise configurations. You can add new Administrators by choosing from the list of full-client users who have been granted access to the local installation's Secure Folders.
To add new Secure Folders, they must be set up by the Administrator in the main Control Center. The list of selected Secure Folders here will override users' personal preferences and will always be available in the users' list of shared Secure Folders.
Key Server ID
When supplied, all users will be configured with the Key Shard Server. The Server-based Approvals option will rely only on the Key Shard Server for cryptographic requests while the Server-managed Sessions will utilize the phone for all cryptographic requests until a session is started, which will then send cryptographic requests to the Key Shard Server until the session ends.
Control whether or not Sessions are allowed.
Adjust the maximum number of files that can be opened in any given Session.
Adjust the maximum duration of time that a single Session can run for.
Enable Automatic Sessions
Automatic Session Duration (minutes)
A list of applications that should be denied access to files in Atakama. Some applications will make background queries to all files for indexing, virus scanning, or other reasons. Other applications will cache open files, which attackers can exploit. Because the user would otherwise receive random Secure Actions, or have unsecured files, these applications are blocked.
For an example of the blacklist file, check:
C:\Program Files\Atakama on Windows
More information regarding Configurable Application Blacklist can be found here.