Adding Managed Sessions to the Key Shard Server

This article explains how to add Managed Sessions to an existing Key Shard Server. 

Steps:

1. Update the Atakama Mobile app on all mobile devices connected to relevant computers (e.g., Key Shard Server, administrators, and non-administrators). The mobile app is backwards compatible with older versions of the desktop application.
2. Shutdown Atakama on the Key Shard Server and update to the latest version of Atakama. 
3. Add the following request types and rules (and adjust them to your specific use case) to the Key Shard Server policy file (keyserver.yml) in %localappdata%\Atakama.
   

   start_session:
     -  - rule: session-params-rule
          max_request_count: 100
          max_time_seconds: 28800
          end_by_time: 5:00pm
          
   change_profile:
     -  - rule: approve-rule

4. Launch Atakama on the Key Shard Server. The updated policy will load on startup.
5. On the administrator's computer, shutdown Atakama and update Atakama to the latest version. 
6. Create/Open an enterprise configuration file. Note that the Key Shard Server ID will have been moved to its own section underneath "Mandatory Secure Folders". Populate the Key Shard Server ID and select "Server-managed Sessions". Populate the "Files in a Session" and "Session Duration" fields. Both the policy and the enterprise configuration file can specify these values, therefore the lower of the two values will control.
7. All end users will need to quit Atakama and will need to be updated to the latest version. Re-deploy the enterprise configuration file to the end users and have them re-launch Atakama.
8. Open the notification center in Atakama Quicklook and click on the notification "Profile Change Requested". A pop-up with a QR code will appear.
9. Scan the QR code with the Atakama Mobile app and follow the messages to complete the process.
10. Once complete, file open approvals will be sent to the mobile device unless a managed session has been triggered. To trigger a session, open an encrypted file and hold the MofNop approval button on the mobile device. Once the managed session is approved, all file open requests will be directed to the Key Shard Server for approval. To end a managed session, open the notification center in Atakama Quicklook and click on the "X" associated with the "Session Currently Active" notification. 

Note: 

• It is strongly recommended that all relevant computers (e.g., Key Shard Server, administrators, and non-administrators) be updated simultaneously. If they are not, secure folder activation will fail and secure folder cannot be shared between different versions.
• Managed Sessions are active for specific Security Groups. Multiple Managed Sessions can be activated to enable sessions for multiple Security Groups. 
• All Managed Sessions will end when the Atakama desktop application is shutdown. 
• Once Managed Sessions have been activated, the action is permanent for the specific end users. To remove Managed Sessions from those users, simply reinstall Atakama on their machines.