Enterprise configuration: Overview

TABLE OF CONTENTS

Introduction

The enterprise configuration export tool is designed to simplify onboarding for regular non-admin users within an organization. Additionally, it can be used to apply policies and policy changes to other Atakama installations.

 

The enterprise configuration must be exported and distributed via GPO or similar tools to all non-admin users within an organization. Copying the enterprise configuration to the workstation's "C:\Program Files\Atakama" folder in a file named "enterprise-client.config" is also sufficient. If installing manually, you can have the Atakama MSI installer put the enterprise configuration to the above location by placing the "enterprise-client.config" file  in the same folder as the MSI installer prior to manual installation.

 

Note: This must be done before the user launches the software for the first time, as the software will not trust configurations that are not signed after the software has been run.

 

Security Considerations

Administrators (i.e., full clients) within Atakama have access to all files contained within the locations they setup. The administrator who creates a Secure Folder (the location(s) where files will be encrypted by Atakama) will have access to encrypted files within that location. There may be situations therefore when a centralized administrator may not be appropriate. However, even when the setup involves multiple administrators (or no administrator), Atakama can support centralized auditing, logging, and policy tracking, thereby minimizing the risks associated with centralized administration.

 

The Export Tool

After installing a license key, click on the "New Configuration" menu option in the control panel. This will open the Enterprise Configuration Export screen.

Users can also select open configuration file which will load the selected configuration into the export tool instead of starting with a blank one.

Explanation of Fields

Client

The type of client determines how much control the end user has over their Atakama installation.

Full Client

This is akin to an admin user. Has the ability to add new share locations, accept new users into a location, remove users from a location, choose backup keys, and access the control panel to configure options and the like. For a full list of features, check the Administrators page. 

Lite Client

This is akin to the regular user. Streamlined onboarding, no need for backup keys, no access to the control panel, or any other settings and configurations.

 

License Key

The alphanumeric activation code is given when the product is purchased. The license will be exported and used to activate all lite client users who load the enterprise configuration.

Log Server ID

When supplied, all user activity will be logged securely using E2EE to the log server identified. See Adding a Centralized Logging Server.

Options

Allow Local Storage

Allow users to write to the root of the Atakama drive, using storage backed by their local machine to save files locally (e.g., c-drive). This option can only be edited in configurations for full clients.

 

Allow Custom Storage

Allow users to create new Secure Folders and Security Groups. This option can only be edited in configurations for full clients. 

 

Show Access Requests

Allow users to approve new members to Secure Folders and Security Groups. This option can only be edited in configurations for full clients.

 

Administrators

This is a list of Administrators who will have the ability to create and change enterprise configurations. You can add new Administrators by choosing from the list of full-client users who have been granted access to the local installation's Secure Folders.

Mandatory Secure Folders

To add new Secure Folders, they must be set up by the Administrator in the main Control Center. The list of selected Secure Folders here will override users' personal preferences and will always be available in the users' list of shared Secure Folders.

Key Server ID

When supplied, all users will be configured with the Key Shard Server. The Server-based Approvals option will rely only on the Key Shard Server for cryptographic requests while the Server-managed Sessions will utilize the phone for all cryptographic requests until a session is started, which will then send cryptographic requests to the Key Shard Server until the session ends.

Session Options

Atakama supports Sessions when opening files. Session options can be managed for each enterprise configuration.

 

Disable Sessions

Control whether or not Sessions are allowed. 

 

Maximum Files in a Session

Adjust the maximum number of files that can be opened in any given Session.

 

Maximum Session Duration (minutes)

Adjust the maximum duration of time that a single Session can run for. 

 

Enable Automatic Sessions

 

Automatic Session Duration (minutes)


 

Application Blacklist


A list of applications that should be denied access to files in Atakama. Some applications will make background queries to all files for indexing, virus scanning, or other reasons. Other applications will cache open files, which attackers can exploit. Because the user would otherwise receive random Secure Actions, or have unsecured files, these applications are blocked. 

For an example of the blacklist file, check:

  • C:\Program Files\Atakama on Windows


More information regarding Configurable Application Blacklist can be found here. 









Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.