Content Access Portal

Appendix

Appendix A: Video Support Center

We have a robust video support center with tutorial videos on a range of topics:

 

  • Basic Tutorial

  • Sync Tool Installation

  • Chrome Plugin

  • Quark Content Management (Docurated)  for Box

  • Best Practices for Search

  • Visual Content Surfacing

  • Content Aggregation

  • Storyboarding

  • Web-Clipper  

Appendix B: Admin Settings

Admin controls can be found at https://<<SERVER-URL>>/admin or by navigating to:

  1. <User Name> in the top right.

  2. “Admin Tools” (also known as “/admin”).

  3. You can also access Admin Tools via “Manage Users & Teams” from “Profile” page.

     

     

Organization Policies – security protocols that apply to everyone in the organization.

1. “External Sharing” -- Users of this organization can share items with people outside of this organization.

  • a. Default: Off – users cannot share outside of organization

    • i. Users will be unable to share documents with email addresses that have different domains as your organization.

      Example: john@example.org can share with shirley@example.org, but will be unable to share a document with billy@outsider.org

    • ii. Topics are unaffected by this policy.

       

       

2. “Strong Passwords” -- Users of this organization are required to have a strong password. Strong passwords have a minimum of 8 characters and contain one number, one uppercase letter, one lowercase letter and one symbol.

  • a. Default: On – users are required to create strong passwords

  • b. Example: strong password: “Abcd1234!”

  • c. Non-strong passwords simply have to be 8 characters.

3. “Password Resets” -- Users are required to re-set their password at the interval you set.

  • a. Default: Off – Users are not required to re-set their password

4. “Password Re-Use” -- Users may not re-use previous passwords

  • a. Default: Off – Users can re-use old passwords

5. “Admin Sharing” – Only Admin users can share content

  • a. Default: Off – Any user can share content.

Admins can Add, Edit, or Remove users and teams, as well as De-activate/Re-active users, update user Admin flags and re-set a given user Password.

To add a user:

1. Click “Add User”

2. Enter the user’s first name, last name, and email address.

  • a. You can set a user to be an Admin.

  • b. You can add new users to teams on creation, or at any point afterwards.

  • c. User can update their name during account confirmation and at any future point.

  • d. User will have a secret temporary password generated and will be sent an email with an activation link for their account. When clicked, they will be taken to a confirmation page where they must update their password.

  • e. When an existing user shares a file with a new user, that new user will show up in the list of all users (though without a name or team affiliations), until that account is confirmed.

3. Editing a user enables an Admin to update a user’s team affiliation (and thus their permissions to certain groups of files), as well as his or her name, including Admin flag.

4. De-activating a user will disable the user’s access to Quark Content Management (Docurated)  – If you would like to delete a user from the system completely, please contact Quark Content Management (Docurated) .

  • a. Re-activating a user is possible from the same Admin panel.

     

Adding, Editing, or Removing Teams is very similar to Users

  • Click “Add Team,” enter the name and members.

  • Team name and membership can be edited at any time.

    • Please allow time for the updates to propagate (after the dialog disappears). The time will be dependent on the number of documents and users that need to be updated.

  • If files are shared with a team and then team is removed, permissions that users have through that team will be removed (and thus users may lose access to that file).

    • Note: currently if a file is shared with a user, and then shared with a team containing that user, the user-permission is subsumed into the team permission. If the team permission is removed, this will remove all permissions for that user.

User Activity and Analytics

  • The “User Activity” tab will show Top Action and Top Users activity

  • The “File Processing” tab will show statistic related to different sources and file types processed by Quark Content Management (Docurated) 

  • The “Content & Trends” tab will show Search Trends, Top Pages and Top Files with the most actions.

  • The “Topics Analytics” tab will display topics analytics for the last 30 days.

  • If Salesforce integration is enabled at your organization, the “Salesforce” tab will show analytics related to your Salesforce data.

 

Appendix C: Client App Integration

Overview

The processing and indexing of content stored on local hard drives and file servers require the installation of a lightweight client application. The main purpose of the client application is to monitor file systems for file additions, deletions, and modifications and then send that data back to Quark Content Management (Docurated) ’s servers for processing and indexing. It is also advisable to install the client application on end user computers where no files are to be indexed because the secondary job of the application is to provide the conduit to enable the use of the “open button.”

The application was built to be lightweight and unobtrusive, without any noticeable impact on the performance of the computer or server. It runs on a minimal number of threads as a background process. A separate, nearly identical version is available that runs as a service for installation on servers.

Scanning – The client application can only scan folders that the installing user has access to, and only scans folders that the user selects in the user interface. Additionally, the user may select file-types and a time period from which files should be scanned (e.g. files modified since January 1, 1970).

Administration – All end users are able to scan any local folders on their computers. Only users that have granted the ability to do so can scan shared drive folders. Due to the generally large size of shared drives, it is advisable to scan them from client applications installed to run as a service on a server.

Bandwidth – Currently there is no native bandwidth throttling built into the client application. However, after the initial indexing of drives/folders, the client transmitting data relevant to files that have been modified in a given moment (which is relatively little), so bandwidth consumption on ongoing basis is generally not a concern. The initial indexing bandwidth consumption is relative to the size of the drives/folders being indexed, and while it has not caused an issue for clients, there is nothing wrong with starting the process during a period of lighter use.

Communication Protocol – The client application communicates with the Quark Content Management (Docurated)  servers over HTTPS. As such, it requires the standard Port 443 to be open (which it should be in most networks). All data and important communications are securely encrypted in transmission.

API-Keys – A user’s API keys that allow the client application to communicate securely with the server are stored in the Quark Content Management (Docurated)  database and securely on the user’s local machine. Locally the keys are stored in Mac OS X’s “Keychain” and Windows’s “Registry.” For security purposes, a user’s keys can be disabled on the server-side in the event that they are compromised or a user should no longer have API access to Quark Content Management (Docurated) .

Installation Requirements — When installing the client application the following system rights are necessary:

  • Mac – Users do not have to be admins to install. If the user is not an admin, it will install the application to the user’s application folder instead of the system application folder.

Windows – Users must have the ability to install applications (often set as a policy by IT for Windows machines), though they do not need to be an admin. If users cannot install applications, an admin will need to install it and may make use of batch installation (see below).

Server – When the application runs as a service, the installing user must be an admin. The user need only have read access to the shared drive that the application is pointed at.

It is advisable, though not required, that the application be installed on a server running a physically mounted shared drive. The client application is fully capable of accessing files stored a shared drive connected to another server, but doing so has speed and network implications. All processing and communication done by the client application would be done over the internal network, consuming internal bandwidth, and often greatly slowing down the time it takes to index a drive.

Windows

System Requirements

Operating System

Windows XP

Windows Vista

Windows 7

Windows 8

CPU

1 CPU, 1.0 GHz (recommended)

Memory

2 GB (recommended)

Disk Storage

100 MB

 

Mac

System Requirements

Operating System

 

 

 

 

 

 

 

OS X 10.6

OS X 10.7

OS X 10.8

OS X 10.9

OS X 10.10

CPU

1 CPU, 1.0 GHz (recommended)

Memory

2 GB (recommended)

Disk Storage

100 MB

 

Server

System Requirements

Operating System

Windows Server 2003,

Windows Server 2008,

Windows Server 2008 R2,

Windows Server 2012

CPU

2 CPUs, 2.0 GHz (recommended)

Memory

2 GB (recommended)

Disk Storage

100 MB

If client server is not listed above, it is possible for the client application to access the content from a separate computer that is able to mount the drives. In such cases, it is advisable to set up a dedicated machine that can always be on, awake, and dedicated to monitoring the drive’s file system.

Proxy Connection Setup

Please use the option supplied by your IT department to configure Proxy setting.

 

  • Proxy configuration (optional)

    • No Proxy/Automatic.

    • Manual – Specify PAC

      • Enter URL to your PAC file (proxy auto-config) Check with your network administrator if you need more information.

    • Manual

      • Enter Server URL and port for a given proxy.

      • If log in required enter Username and Password.

Appendix D: Box Integration

Technical Integration

Quark Content Management (Docurated)  integrates with your Box accounts by using the Box API to talk to the Box servers. There is no connection to your corporate network needed, nothing to install, and no access beyond the Box API required. The connection is established using the OAuth 2.0 protocol. This integration can be permitted or denied to any user in Quark Content Management (Docurated) , enabling a single user to run the integration or allowing all end users to set up their own.

Setup – Setting up the connection is simple and quick. In Quark Content Management (Docurated) , a user goes to the “Configure Box” page and select configure button. This redirects the user to Box.com where after they log in (using username and password or single sign-on), they will be prompted to grant Quark Content Management (Docurated)  access to their Box account. This completes the OAuth connection.

OAuth – With OAuth, the user never has to enter their Box password in Quark Content Management (Docurated) . Instead, Box will send Quark Content Management (Docurated)  a unique token that grants access to the specific Box account. Further, this access can be revoked at any time within the Box settings panel.

API Granularity – Note: The Box API does not provide for any level of granularity in requesting access to a user’s account. It is a binary option between allowing and denying access to the Quark Content Management (Docurated)  application to the full Box account.

Configuration – After authorizing Quark Content Management (Docurated) , the user will be redirected back to the Quark Content Management (Docurated)  application where they will see a simple Box configuration page that lets them choose specific Box folders and file-types they would like to sync with Quark Content Management (Docurated) . The user can only see and select from folders they have access to in Box (in fact, the Box API access will not allow Quark Content Management (Docurated)  to see anything that the specific user cannot see). Only files that are in the selected folders and match the selected file-types will be scanned and indexed in Quark Content Management (Docurated) .

Encryption – All data transmitted from the Box servers to the Quark Content Management (Docurated)  servers is sent via secure SSL connection.

Box Logs (“Download”) – In order for Quark Content Management (Docurated)  to process, scan, and index files in Box, the Box API provides only one method to Quark Content Management (Docurated)  (“Download”). This will show up in logs and reports that a customer may have set up as a “Download” of the file being processed (usually with reference to the Quark Content Management (Docurated)  application and the user who connected their account). Particularly when doing the initial processing, this often results in a lot of notifications and emails that a given user is downloading many files. It is the best practice to preempt this flurry of activity by modifying the alert settings or notifying the Box administrator/IT of the incipient actions.

Read-Only – To ensure that a customer’s Box environment remains unaffected by the Quark Content Management (Docurated)  integration, the Quark Content Management (Docurated)  application is set up to interact with Box in a read-only capacity. Quark Content Management (Docurated)  does not add, remove, or modify any files, settings, or the like in Box.

Permissions – For all files Quark Content Management (Docurated)  indexes from Box, Quark Content Management (Docurated)  will mirror the user access settings in Box into the Quark Content Management (Docurated)  permissions model. Upon indexing a folder, in Quark Content Management (Docurated)  users will only have access to the files they have access to in Box. (See Permissions Model section for more details).

Note: It possible that a user will see files from a folder that they didn’t specifically select (but have access to in Box), because another user opted to index those files and Quark Content Management (Docurated)  mirrors the permissions/view ability from Box to Quark Content Management (Docurated) .

Important: Admin – Part of the Box permissions structure involves Groups (called “Teams” in Quark Content Management (Docurated) ), which are often used in lieu of direct user permissions to grant users access to folders and files. When Quark Content Management (Docurated)  encounters a file where access is granted to a Group, a new team of the same name will be created in Quark Content Management (Docurated)  with all of the constituent users and the team will be permissioned to the file. However, the Box API only allows Admin users to list the users in a Group. As such, Quark Content Management (Docurated)  can only do a true, full permissioning job, that creates and properly permissions Groups, if an Admin in Box has granted Quark Content Management (Docurated)  access via OAuth (as described above).

One of the benefits of using an Admin is that you can use that single connection to power the integration, maintaining more control over what is indexed. The admin would grant Quark Content Management (Docurated)  access and choose which folders to index. All other end users would simply log in to Quark Content Management (Docurated)  (never syncing Box) and see the files, which the Admin chose to index, that they have permission to access.

Alternative Setup – While it is strongly advisable and simpler to have an admin authorize Quark Content Management (Docurated) , one alternative is to set up a Service Account. In Box, create a new box user (e.g. “Quark Content Management (Docurated) -Service”), make them a collaborator on all folders that you want indexed, and make sure all users who will be using Quark Content Management (Docurated)  are also collaborators on the appropriate folders (and not via Groups). Make the connection to Quark Content Management (Docurated)  with the service account, and all users who are direct collaborators will have access in Quark Content Management (Docurated) .

Versions – The Box API alerts Quark Content Management (Docurated)  when files are modified and thus new “versions” are created. Quark Content Management (Docurated)  updates the index accordingly with the new versions of these documents and removes the old ones, but lists those pervious versions in a version history for each space. The versioning in Quark Content Management (Docurated)  is entirely based on when Box identifies a new version.

File Cleanup – Only files that currently appear in Box can appear in Quark Content Management (Docurated) . If a file is removed from a Box folder or deleted, Quark Content Management (Docurated)  receives an API message that the file is deleted and removes it from the index. Additionally, if a user who was previously indexing a folder decides to unselect it, it will not longer be indexed going forward and all files that were in that folder will be deleted from the Quark Content Management (Docurated)  index. 

Appendix E: Google Drive Integration

Technical Integration

Quark Content Management (Docurated)  integrates with your Google Drive account by using the Google Drive API to talk to the Google Drive servers. There is no connection to your corporate network needed, nothing to install, and no access beyond the Google Drive API required. The connection is established using the OAuth 2.0 protocol. This integration can be permitted or denied to any user in Quark Content Management (Docurated) , enabling a single user to run the integration or allowing all end users to set up their own.

Admin Setup – In enterprise applications you may want to programmatically access users’ data without any manual authorization on their part. In Google Apps domains, the domain administrator can grant to third party applications domain-wide access to its users' data — this is referred as domain-wide delegation of authority. To delegate authority this way, domain administrators can use service accounts with OAuth 2.0.

 

The following steps are required:

1. Go to your Google Apps domain’s Admin console.

2. Select Security from the list of controls.

a. If you don't see Security listed, select More controls from the gray bar at the bottom of the page.

b. Then select Security from the list of controls.

3. Select Advanced settings from the list of options.

4. Select Manage third party OAuth Client access in the Authentication section.

5. In the Client name field enter the service account's Client ID: “863207326743-pum0q4s31gll5p2rkncfgu5nsf0hfnrs.apps.googleusercontent.com”.

6. In the One or More API Scopes field enter https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/admin.directory.group.readonly

7. Click Authorize button.

8. Make sure Google Drive admin is part of Quark Content Management (Docurated)  and also has permissions to directory.groups.list

9. Make sure “Allow users to install Google Drive apps” is enabled under Apps > Google Apps > Drive > Settings for Drive

This sets the groundwork necessary for users to activate the Quark Content Management (Docurated) -Google Drive connection. In essence, it is a pre-authorization for each user that makes the connection seamless.

In addition, this will allow the administrator to activate the Quark Content Management (Docurated) -Google Drive connection for any or all users without those users needing to perform any steps if desired. It is a powerful way to set up the Quark Content Management (Docurated)  environment so that it’s ready the moment users first log in.

User Setup – Setting up the connection is simple and quick. In Quark Content Management (Docurated) , a user goes to the “Configure Google Drive” page and selects the “Enable” button. The application matches the email address of the user in Quark Content Management (Docurated)  to the user in the Google domain as authorized by the admin above. When a match is found, the OAuth connection is completed. It is necessary that the user in Quark Content Management (Docurated)  is using the email address that is associated with their Google domain.

OAuth – With OAuth, the user never has to enter their Google password in Quark Content Management (Docurated) . Instead, Google Drive will send Quark Content Management (Docurated)  a unique token that grants it access to the specific Google Drive account. This access can be revoked at any time within the Google Drive settings panel.

API Granularity – Google provides many API scope choices that allow applications to request access grants with more granularity. Quark Content Management (Docurated)  requests access with the following scopes: “https://www.googleapis.com/auth/drive,” “https://www.googleapis.com/auth/admin.directory.group.readonly.” These scopes allow Quark Content Management (Docurated)  to access Drive files and to get a list of users so as to properly permission the files in Quark Content Management (Docurated) . Quark Content Management (Docurated)  will not have access to any other Google enterprise products such as Gmail or calendars.

Configuration – After authorizing Quark Content Management (Docurated)  to connect with Google Drive, Quark Content Management (Docurated)  will show a configuration page that lets the user choose specific Google Drive folders and file-types they would like to sync with Quark Content Management (Docurated) . The user can only see and select from folders they have access to in Google Drive (in fact, the Google Drive API access will not allow Quark Content Management (Docurated)  to see anything that the specific user cannot see) – this includes sections for both “My Drive” and “Shared With Me” files. Only files that are in the selected folders and match the selected file-types will be scanned and indexed in Quark Content Management (Docurated) .

Encryption – All data transmitted from the Google Drive servers to the Quark Content Management (Docurated)  servers is sent via secure SSL connection.

“Download” – In order for Quark Content Management (Docurated)  to process, scan, and index files in Google Drive, the Google Drive API provides only one method to Quark Content Management (Docurated)  (“Download”). This will show up in logs and reports that a customer may have set up as a “Download” of the file being processed (often with reference to the Quark Content Management (Docurated)  application and the user who connected their account).

Read-Only – To ensure that a customer’s Google Drive environment remains unaffected by the Quark Content Management (Docurated)  integration, the Quark Content Management (Docurated)  application is set up to interact with Google Drive in a read-only capacity. Quark Content Management (Docurated)  does not add, remove, or modify any files, settings, or the like in Google Drive.

Permissions – For all files Quark Content Management (Docurated)  indexes from Google Drive, Quark Content Management (Docurated)  will mirror the user access settings in Google Drive into the Quark Content Management (Docurated)  permissions model (See Permissions Model section for more details). Upon indexing a folder, users will only have access in Quark Content Management (Docurated)  to the files they have access to in Google Drive.

Note: It possible that a user will see files from a folder that they didn’t specifically select (but have access to in Google Drive), because another user opted to index those files and Quark Content Management (Docurated)  mirrors Google Drive permissions.

Note: In Google, it is possible to have subgroups as well as circular groups. The Quark Content Management (Docurated)  model does not allow subgroups, so subgroups are treated and created as standard groups in Quark Content Management (Docurated) . “Circular groups” – groups that have a subgroup that is also the parent group – are ignored in Quark Content Management (Docurated) .

Versions – The Google API alerts Quark Content Management (Docurated)  when files are modified and thus new “versions” are created. This occurs for ordinary docs stored in Google Drive as well as GoogleDocs. Quark Content Management (Docurated)  updates the index accordingly with the new versions of these documents and removes the old ones, but lists those previous versions in a version history of each space. Due to the nature of GoogleDocs with constant updating, Quark Content Management (Docurated)  captures versions for every five minutes.

File Cleanup – Only files that currently appear in Google Drive can appear in Quark Content Management (Docurated) . If a file is removed from a Google Drive folder or deleted, Quark Content Management (Docurated)  receives an API message that the file is deleted and removes it from the index. Additionally, if a user who was previously indexing a folder decides to unselect it, it will not longer be indexed going forward and all files that were in that folder will be deleted from the Quark Content Management (Docurated)  index. 

Appendix F: Dropbox Integration

Technical Integration

Quark Content Management (Docurated)  integrates with your Dropbox account by using the Dropbox API to talk to the Dropbox servers. There is no connection to your corporate network needed, nothing to install, and no access beyond the Drop API required. The connection is established using the OAuth 2.0 protocol. This integration can be permitted or denied to any user in Quark Content Management (Docurated) .

Setup – Setting up the connection is simple and quick. In Quark Content Management (Docurated) , a user goes to the “Configure Dropbox” page and selects configure button. This redirects the user to Box.com where after they log in (using username and password or single sign-on), they will be prompted to grant Quark Content Management (Docurated)  access to their Dropbox account. This completes the OAuth connection.

OAuth – With OAuth, the user never has to enter their Dropbox password in Quark Content Management (Docurated) . Instead, Dropbox will send Quark Content Management (Docurated)  a unique token that grants it access to the specific Box account. This access can be revoked at any time from the Dropbox settings panel.

API Granularity – While the Dropbox API has various levels of granularity with lesser access scopes, only the more complete access scope that Quark Content Management (Docurated)  requests enables the API calls and access grants needed to perform indexing of the files in Dropbox.

Configuration – After authorizing Quark Content Management (Docurated) , the user will be redirected back to the Quark Content Management (Docurated)  application where they will see a Dropbox configuration page that lets them choose specific Dropbox folders and file-types they would like to sync with Quark Content Management (Docurated) . The user can only see and select from folders they have access to in Dropbox (in fact, the Dropbox API access will not allow Quark Content Management (Docurated)  to see anything that the specific user cannot see). Only files that are in the selected folders and match the selected file-types will be scanned and indexed in Quark Content Management (Docurated) .

Encryption – All data transmitted from the Dropbox servers to the Quark Content Management (Docurated)  servers is sent via a secure SSL connection.

“Download” – In order for Quark Content Management (Docurated)  to process, scan, and index files in Dropbox, the Dropbox API provides only one method (“Download”) to Quark Content Management (Docurated) . This may show up in audit logs and reports that a customer has set up as a “Download” of the file being processed (usually with reference to the Quark Content Management (Docurated)  application and the user who connected their account).

Read-Only – To ensure that a customer’s Dropbox environment remains unaffected by the Quark Content Management (Docurated)  integration, the Quark Content Management (Docurated)  application is set up to interact with Dropbox in a read-only capacity. Quark Content Management (Docurated)  does not add, remove, or modify any files, settings, or the like in Dropbox.

Permissions – For all files Quark Content Management (Docurated)  indexes from Dropbox, Quark Content Management (Docurated)  will mirror the user access settings in Dropbox into the Quark Content Management (Docurated)  permissions model (See Permissions Model section for more details). Users will only have access in Quark Content Management (Docurated)  to the files they have access to in Dropbox.

Unlike our other integrations, the Dropbox API limits the ability of connecting applications to list all users who have permission to a file. When a user in Quark Content Management (Docurated)  connects Dropbox and begins indexing files, Quark Content Management (Docurated)  will index the appropriate files and grant that user permission, but is unable to permission the file to other users that are granted permission in Dropbox. In order for other users to gain permissions in Quark Content Management (Docurated) , each must connect Dropbox to Quark Content Management (Docurated) .

Note: Dropbox has recently issued updates to its business offering that adds the “teams” feature. Similarly, the API has been updated with calls that allow listing of teams and team members. As this feature is adopted, it is possible the limitations of the Dropbox API that prevent full permissioning of files may be alleviated.

The Dropbox API call that allows applications to detect and process “shared folders” in Dropbox is listed as “in beta.” As such, the availability, performance, and result of this call are subject to change as Dropbox continues to build out its API.

Versions – The Dropbox API alerts Quark Content Management (Docurated)  when files are modified and thus new “versions” are created. Quark Content Management (Docurated)  updates the index accordingly with the new versions of these documents and removes the old ones, but lists those previous versions in a version history for each space. The versioning in Quark Content Management (Docurated)  is entirely based on when Dropbox identifies a new version.

File Cleanup – Only files that currently appear in Dropbox can appear in Quark Content Management (Docurated) . If a file is removed from a Dropbox folder or deleted, Quark Content Management (Docurated)  receives an API message that the file is deleted and removes it from the index. Additionally, if a user who was previously indexing a folder decides to un-select it, it will not longer be indexed going forward and all files that were in that folder will be deleted from the Quark Content Management (Docurated)  index. 

Appendix G: Active Directory and Single-Sign On

Activating SSO Integration

Single Sign-on is an access control system that enables the use of a single portal and set of credentials to sign-in to multiple independent applications (e.g. email, Salesforce, Quark Content Management (Docurated) , etc.)

1. Client to provide the following information prior to providing metadata URL configuration:

  • a. SAML Issuer URL

  • b. SAML Endpoint URL

  • c. x509 Certificate Fingerprint

  • d. Passive Requests Allowed: True/False2

 

2. After confirming information in Step 1, provide users the following information:

  • Configure ORGNAME.<<SERVER-URL>SSO URL. This will be the log in URL end-users will access to get into Quark Content Management (Docurated) .

    •  If PassiveRequestsAllowed=True, then end-users will not need to enter their un/pw to    log in, but will be directed to the application automatically after accessing the SSO URL.

 

  • Provide xml containing client URL and assertion attributes

    • emailaddress, givenname, and surname.

3. Confirm that ORGNAME.//<<SERVER-URL>> page is up and running.

  • Use SSO credentials to log in.

4. Once completed, users will be redirected back to Quark Content Management (Docurated)  upon logging in via SSO.

5. Installing the Quark Content Management (Docurated)  Client App (outlined in section below) in an SSO configuration is a slightly different process, we offer 2 options to activate the Client App Sync tool:

  • Option 1: Log in to Quark Content Management (Docurated)  (via SSO), download Sync tool, run Installer and then click “Activate”.

  • Option 2: Download Sync tool, run Installer.

  • If you are not logged into to Quark Content Management (Docurated) , use the following link for activation: https://<<SERVER-URL>>/activate_sync (<domain> is usually “secure”, but could be different based on your installation).

Quark Content Management (Docurated)  and AD Integration

Active Directory (AD) is a Microsoft service for Windows networks that acts as a domain control system, authenticating and authorizing all users and computers in the network.

Note:

We recommend setting PassiveRequetsAllowed=True, but this might not always work if a given client SSO setup is not activating SSO service upon log in into the machine. If that is the case PassiveRequestsAllowed=False should be used to enable display of the SSO log in page.

Note: Users activated via SSO will not be able to log in to Quark Content Management (Docurated)  using regular Quark Content Management (Docurated)  log in screen (https://<<SERVER-URL>>/login).

Quark Content Management (Docurated)  and AD integration involves setting up Sync tool to run as a Service, configuring shared drive(s) to be crawled and then confirming permissions of folders to be reflected in Quark Content Management (Docurated) .

1. Install Sync tool as Service: (link to the latest Sync tool will be provided by Quark Content Management (Docurated) )

Follow Installer instructions:

  • a. Enter your Quark Content Management (Docurated)  credentials or click “Activate” button (this will also require your credentials if you are not currently logged into Quark Content Management (Docurated) )

  • b. On the settings screen, please select the following settings:

    • i. File types to sync

    • ii. Date range of files to sync

    • iii. Folders to sync (specific folders or top-level directory from your shared drive)

      • 1. If it is a local path for a shared drive, you will be given an option to map it to UNC path. Please make sure to set UNC mapping for your selected shared drives.

  • c. Click “Finish” to complete the installation.

  • d. Quark Content Management (Docurated)  Service will appear under Services Manager.

    • i. In some setups a different user needs to be running this service -- please update Log On option accordingly under Quark Content Management (Docurated)  Service -> Properties -> Log On.

2. After the Client App is installed, it will start crawling available folders and files immediately using our File Scan process.

  • a. The sync tool scans shared drives that have been identified in preferences and creates a list of files and relevant domain information and sends that metadata to the server.

  • b. List consists of: (1) name of file and other metadata, and (2) security information.

  • i. Security information is: Allow/Deny MASK (type of permission, e.g. read/modify) for each SID (user/group) associated with it.

  • c. File Scan will run at 3 hour intervals. Contact Quark Content Management (Docurated)  to configure this interval to a different time period. Any new folder added to be crawled will trigger new File Scan immediately after Quark Content Management (Docurated)  Sync tool Preferences screen is submitted.

  • d. As listed in the Quark Content Management (Docurated)  Sync Tool Installation steps, when configuring shared drives to be synced, make sure to use UNC mapping after selecting local shared drive. The option to set UNC mapping will be presented for shared drives that are available locally.

    • i. This scan of files can occur for shared drives that are remote (as opposed to the local drive for the server where the sync tool is installed), but this will likely cause it to take a lot longer to perform the scan doing it via network.

    • ii. It’s better to install the sync tool on the server that hosts the files.

3. AD Scan consists of all the domain information previously mentioned (users’ emails, groups, domain name). The process is as following:

  • a. Same as with File Scan, AD scan runs at 3 hours intervals. This can also be separately configured.

  • b. Our current AD scan reads the following information:

    • i. CN – Common Names

    • ii. OU – Organizational Unit

    • iii. DC – Domain Component

    • iv. Email address of the user

    • v. SID – Security Identifier

  • c. Users we scan via AD are created automatically in Quark Content Management (Docurated) .

    • i. Each user detected in the AD scan is assigned an activation flag that allows access to Quark Content Management (Docurated)  when enabled. Currently, the activation process for a given user is handled by Quark Content Management (Docurated) .

    • ii. When integrating together with SSO and AD, you will have complete control of which users have access to Quark Content Management (Docurated) .

  • d. The sync tool passes the AD Scan and File Scan to the Quark Content Management (Docurated)  server, which parses them and sets correct permissions for users and groups.

4. This was built as a distributed service, so that many sync tools are installed on different servers all perform these scans and send them to Quark Content Management (Docurated) .

5. The system has been built to that guarantee permissions are accurate:

  • a. Scans are run continuously to detect changes in file lists (new, modified files) and AD (new, modified permissions). The client app uploads complete scans each time and check for differences against previous scans.

  • b. Scans are currently run every 3 hours, so there can be a delay between when permissions are changed locally and when they are reflected into Quark Content Management (Docurated) . 

Appendix H: File Permissions

Files may be uploaded through a variety of methods:

1. Client App

  • a. Local Sync

  • b. Shared Drive Sync

  • c. Sync as a Service

  • d. Active Directory Sync

2. Box Integration

3. Google Drive Integration

4. Salesforce Integration

5. Dropbox Integration

6. Manual Upload

7. Email into Quark Content Management (Docurated) 

8. Web Clipper

 

Client App

All files uploaded through the client app are private by default. In order to automatically share files with a user or group that did not upload the files, two options are available:

  • Active Directory permissions structure can be mirrored automatically by client app. All files will be permissioned strictly according to client’s existing AD system. Users – see the “Active Directory” section for details.

  • Ad hoc permissions can be created on a folder to team-user basis. The indicated file-path(s) will be shared with (typically) a team in Quark Content Management (Docurated) , such that any new folders or files added within that file-path will be automatically shared – contact Quark Content Management (Docurated)  for this option.

Install Options

  • Local Drives: A user who installs the client app on their local machine can add any local drive or folder to be synced. These files will remain private to the user unless a sharing option is chosen. A user may choose to share out any or all of these files once in Quark Content Management (Docurated)  – only the user who owns the files has the ability to share them (even once shared with another user).

  • Shared Drives: A user who installs the client app on their local machine can add a shared drive to be synced. Multiple users can point the client app at the same shared drive and the applications will communicate to properly upload all the selected contents.

    • Note: whenever shared drive syncing is performed, it is best practice to either utilize AD-integration or contact Quark Content Management (Docurated)  to set-up ad hoc folder-team automatic sharing.

    • Users may sync different directories from the same shared drive and keep them private or choose a sharing method.

    • Server Sync: See “Sync as a Service” section

Box Integration – see the user guide section on Box for more details.

  • Quark Content Management (Docurated)  mirrors the Box permissions structure into Quark Content Management (Docurated) 

    • Owners of files in Box remain owners in Quark Content Management (Docurated) 

    • All other users with view rights maintain those rights in Quark Content Management (Docurated) 

    • Teams and users that don’t already exist in Quark Content Management (Docurated)  when a file is synced are automatically provisioned in Quark Content Management (Docurated) .

    • Updates to file permissions in Box are detected by the integration and updated every ten to twenty minutes.

  • Permissions to Box files can only be altered in Box.

Manual Upload – a user can click on “Add Content” at the top right of the page (or go to https://<<SERVER-URL>>/upload). Then either drag file(s) to the indicated area or click “..or browse & select files..” and select file(s) from appropriate folder.

  • Files uploaded in this manner are shared with a user’s teams by default.

  • To keep files private, check “Keep the uploads private” just below the indicated upload area BEFORE you select/drag the files.

    • This option must be selected EACH time you upload files – it is not a saved setting.

Email into Quark Content Management (Docurated)  – users can send emails with attachments to their Quark Content Management (Docurated)  inbox (e.g. user.company@drop.Quark Content Management (Docurated) .com).

  • Emails and files that are uploaded in this manner are private by default.

  • To share emails with a user’s teams by default, update the preference under “Your Quark Content Management (Docurated)  Inbox” in Accounting Settings (https://<<SERVER-URL>>/profile)

Web Clipper – webpages are added as private by default.

 

Appendix I: Updating User Profile

User Profile controls can be found at https://<<SERVER-URL>>/login"/profile or by navigating to:

1. <User Name> in the top right

2. “Profile” (also known as “/profile”)

3. “Update Your Information”

  • You will have an option to change your First and Last name

  • Change your password

  • Enable TFA (Two-Factor Authentication)

Appendix J: SharePoint Integration

Choose an existing account or create a new one to crawl SharePoint content. The best practice is to create a dedicated account for the exclusive use of the Sync service.

Provide proper rights to crawling account. For SP O365, the minimum requirements for the crawling account are as follows:

Site-Collection Admin - We prefer having site-collection admin privileges for any SharePoint site collection we’re syncing. If we don’t have site collection admin privileges, we won’t be able to sync documents or groups that the crawling account doesn’t have access to.

Non-Site-Collection Admin - If we can’t get site-collection admin privilege, we need the user to have “Full Control “over any site collection that needs to be synced. This can usually be accomplished by adding the crawling account to “Site Owners“ group. 

Appendix K: Team Drive

Login to https://admin.google.com/ 

  • Go to Security folder.  

  • Go to advanced settings.

  • Select the “Manage domain wise delegation” 

  • Register the API client as mentioned below. 

  • Client ID: 116318474855872138004 

Scopes:  

https://www.googleapis.com/auth/drive.readonly 

https://www.googleapis.com/auth/admin.directory.group.readonly 

  • Create service account for Sync e.g. Quark Content Management (Docurated) .sync@org.com. This is optional as existing account in the organization can also be used to Sync content.

  • Set preferred role for Sync account. It should be “Contributor” for specific Team Drive. 

    If the role is Viewer/Commenter then we will not be able to fetch “Creator” information for the documents. To fetch “Creator” information we have to iterate document versions. In absence of this we set Sync Account as creator while syncing content.

  • Share root folder and sub folder ids. To get the folder ids

  • Go to https://drive.google.com

  • Select folder under “Shared Drives”

  • Copy folder id from address bar

     

     

     

 

 

 

© 2021 Quark Software Inc. All rights reserved.