The Account page is a central location for managing administrative settings. It can be found by navigating to the Manage tab in the Management Console interface and select Edit Account. The available settings are:
Restrict client installs to domain, when configured, will prevent users from logging in from any client installed on a computer that is not within the domain.
Deleted Items Automatic Purge controls the number of days Deleted Items are retained in the SpiderOak desktop application before automatic removal.
Historical Version Automatic Purge controls the number of days Historical Versions are retained in the desktop application before automatic removal.
Purgehold Duration controls the period of time that items are retained even after they are deleted from the SpiderOak desktop application for all users. This option differs from Purgehold Active in User Detail which is specific to each user and does not have a time limit.
Support email is the email that will be listed in the application for end users to contact for support. You can change this address at any time.
Admin email is the email that SpiderOak will use to contact your organization about this account. You can change this address at any time.
Management VM External URL is the domain or IP address that can be used to reach the Management Console from the SpiderOak backend. This should be formatted as https://<ip-or-domain>
. Note that if you elected to use one of the two alternative ports (1443 or 4443) externally and forward that port to 443 on the Management Console, you will need to include that port in the URL, for example, https://spideroak.your-organization.com:1443
.
Timezone should be used to select the time zone in which the Management Console is running.
Api root sets the location of the API to be used. It should only be changed upon the direction of SpiderOak support personnel.
Auth method should be set to either local
or ldap
. If set to ldap
, both local and LDAP user types will be available.
Dir options are for configuring the connection to your AD or LDAP server. More information on these options can be found under the "Add LDAP Users" section of Users in SpiderOak Enterprise.
Listen addr and Listen port can be used to set a different listen address and port. This is not necessary in most environments.
Send activation email should be unchecked if the administrator does not want local users to receive a welcome email with a link to set their password.
Resolve sync conflicts automatically resolves certain issues that can occur when syncing users. Under normal circumstances, when the Management Console syncs users from LDAP, it matches what is in its database against both the UID and email of each user. In some environments, a previously disabled user may be resynced with a different UID, or the UID may have been removed as part of a database rebuild. In these cases, this setting can be used to re-enable users based only on their email address. WARNING: Only enable this option if user email addresses are a unique identifier in your environment. If they are not, activating this option could give a new user access to a former user’s account.
Test LDAP/AD Authentication allows administrators to test the credentials of a particular end user in your LDAP or AD directory. It is useful for troubleshooting in situations where a user is in LDAP or AD but is not being successfully synced to the management console. For that reason, it is not intended to be used with system or other non-end users. Status messages are:
- If all is well:
Authentication was successful
. - If the LDAP or AD settings are wrong, or they are correct but the user's password is wrong:
Authentication failed. {'desc': 'Invalid credentials'}
. You can differentiate them by putting in a known bad username. If it continues to report invalid credentials for a nonexistent user then it's a failure of the LDAP or AD password. - If the LDAP or AD settings are correct but the user cannot be found:
Authentication failed. No [LDAP|AD] user found for username $USERNAME
.
Change Password allows administrators to change the password for the Management Console.
Reboot Virtual Appliance will perform an operating system level restart.
Restart Directory/Services restarts the SpiderOak software on the Management Console.
Sync Virtual Appliance will perform a manual sync between the Management Console and LDAP or AD. The Management Console syncs automatically once an hour, so this is normally not needed.
Rebuild DB will drop and rebuild the Management Console's local database based on what is currently in LDAP or AD. This is only needed if the local database gets out of sync with the LDAP server. It is safe to do unless (1) someone else has been assigned the same email address in LDAP or AD as an existing SpiderOak user since the last sync, or (2) someone's email has changed in LDAP or AD since the last sync. Recall that automatic syncs are performed once an hour, so the window for problems is limited.