Documentation Attribute Policies

back_TrainingHome

Working with Attribute Policies

divider

█ Overview Attribute Policies

Cayosoft Administrator  has granular control over how  attribute data is presented or modified through the use of Attribute Policies. Attribute Policies can be set globally for all or a specific set of users over the desired scope (Administrative Units). These policies make attribute data visibility and enforcement easy to configure.

What can Attribute Policies do?

  • Make a value required
  • Make a value or control read-only
  • Hide a value or control
  • Set Minimum and maximum length for data entry
  • Adds a Mask to control the format in which the data must be entered
  • Adds a generation rule for how attributes values can be constructed
  • Sets Default values
  • Sets lists of Possible values and converts entry fields into drop-down menus
  • Label used on dialog boxes

Attribute Policies vs. attribute security

Attribute Policies include security that controls how users access controls or fields in the web interface as well as how data may be modified. For example, setting a default fixed password when users are created is accomplished with an Attribute Policy, making that password read-only so it cannot be changed is accomplished with security settings at the top of the Attribute Policy.

NEW for 4.3.x – Attribute Security options were moved from Role Delegations to Attribute Policies to add flexibility to Cayosoft Administrator as well to simplify configuration. Attribute Security options previously added to a Role Delegation are automatically moved to an Attribute Policy during the upgrade to 4.3.x.

 

█ Example Attribute Policies

You will need to repeat the above steps for all roles where you want to limit the Mailbox Dialog box in this way.

Force User must change password True by default

  1. Open Cayosoft Administrator console.
  2. Navigate to Configuration > Web Interface > Attribute Policies
  3. Click Add Attribute Policy at the top right
  4. Enter a name for the New policy, for example Password Reset Policy.
  5. Expand the Policy Details of the new policy
  6. Click Add scope at the bottom right of the Policy Scope sectionChangePasswordNextLogon-Scope1
  7. In Specify Policy Scope dialog do the following:
  8. Select the Active Directory Admin Unit in the first column
  9. Select the AD Users Web Query in the second column
    NOTE: You can select additional web queries if needed like, AD User Templates, AD Users (Inactive), or AD Users (Locked out)
  10. Select Clone User, New User and Reset Password in the third column
  11. Click OK
  12. Click the newly created scope to select it
  13. In the Attribute policy settings section, select the User must change password at next logon attribute
  14. Click Edit Policy
  15. Click Default Value then enter TRUE in the field next to the checkboxDefault value equal True1
  16. Click OK
  17. Click Save Changes to save the policy

NOTE: The policy will become active in the web UI the next time the page is refreshed or when the user signs-on again.

Disable Auto Replies controls on the Mailbox Action

  1. Open Cayosoft Administrator console
  2. Navigate to Configuration > Web Interface > Attribute Policies
  3. Click the button Add Attribute Policy in the upper right corner
  4. Enter the name of the new policy then expand the Policy Details
  5. Click Add in the Policy Scope section
  6. In the Specify Policy Scope dialog, select the Active Directory in the first column titled Admin Units
  7. Select AD Users in the second column titled Web Queries
  8. Click OK
  9. Click the newly created scope to select it
  10. In the Attribute policy setting section locate and then double click on the Duration(Days) attribute
  11. Check the Is ReadOnly option at the top, then click OK
  12. Using the same procedure performed in steps 10 and 11, check Is ReadOnly for the following attributes:
    • End Time
    • OOFEndTime
    • OOFMode
    • OOFOutsideMode
    • OOFStartTime
    • Send a reply once to each sender inside my organization
    • Send a reply once to each sender outside my organization
    • Start Time:
  13. Click Save Changes to save the Policy

Note: To test this policy, sign-on to the web portal, select a user with a mailbox and then click Mailbox > Auto Replies

Set a default Password during user creation

  1. Open Cayosoft Administrator console
  2. Navigate to Configuration > Web Interface > Attribute Policies
  3. Click the button Add Attribute Policy in the upper right corner
  4. Enter the name of the new policy then expand the Policy Details
  5. Click Add in the Policy Scope section
  6. In the Specify Policy Scope dialog, select the Active Directory in the first column titled Admin Units
  7. Select AD Users in the second column titled Web Queries
    NOTE: You can select additional web queries if needed like, AD User Templates, AD Users (Inactive), or AD Users (Locked out)
  8. Select New User and Clone User in the third column titled Web Actions
  9. Click OK
  10. Click the newly created scope to select it
  11. In the Attribute policy settings section, select Auto-generated password Attribute
  12. Click Edit Policy
  13. Click Default Value then enter FALSE in the field next to the checkbox
    Default value equal False1
  14. Click OK
  15. In the Attribute policy settings section, select Password
  16. Click Edit policy
  17. Check Default Value then enter P@ssword123 in the field next to the checkbo
    P@ssword123 is used here only for example purposes, any value entered must meet the Active Director password complexity rules
  18. Click OK
  19. Click Save Changes

Set visibility of Mailbox buttons for New User, Clone User and Enable Mailbox Actions

  1. Open Cayosoft Administrator console
  2. Navigate to Configuration > Web Interface > Attribute Policies
  3. Click the button Add Attribute Policy in the upper right corner
  4. Enter the name of the new policy then expand the Policy Details
  5. Click Add in the Policy Scope section
  6. In the Specify Policy Scope dialog, select the Active Directory in the first column titled Admin Units
  7. Select AD Users in the second column titled Web Queries
    NOTE: You can select additional web queries if needed like, AD User Templates, AD Users (Inactive), or AD Users (Locked out)
  8. Select New User, Clone User and Enable Mailbox in the third column titled Web Actions
  9. Click OK
  10. Click the newly created scope to select it
  11. In the Attribute policy settings section, select MailboxType Attribute
  12. Click Edit Policy
  13. Click Default Value then enter the number in the field next to the checkbox that corresponds to the default button you wish to be selected.
    For AD, On-premises Exchange and Office 365 Hybrid Mode the options are:
    0 for No mailbox
    1 for Exchange On-Premises
    2 for Exchange Remote
    3 for Office 365
    For AD & Office 365 Only Hybrid Mode the options are:
    0~No mailbox
    3~Office 365
  14. Click the Possible Values check box then enter the following values in the field to the right
    (Note: you can specify the text on the button by entering it to the right of the numeric value after a ~)
    controllmailboxbuttondisplay
    For AD, On-premises Exchange and Office 365 Hybrid Mode the options are:
    0~No mailbox
    1~Exchange On-Premises
    2~Exchange Remote
    3~Office 365
    For AD & Office 365 Only Hybird Mode the options are:
    0~No mailbox
    3~Office 365
  15. Click OK
  16. Save the policy

Set Default UPN suffix for New Shared, Room  and Equipment Mailboxes

Add the ability to have the Default UPN suffix set to “Use Web Query Default Domain” for New Shared mailbox, New Room Mailbox and New Equipment Mailbox

  1. Select property UserPrincipalNameSuffix and click Edit Policy
  2. Select checkbox Default value and enter the value you want to be initial on the page
    (value should begin with @ and look something like @domain.com)
  3. Select Possible values checkbox and add here other values, separated by new line or comma, values also should begin with @
  4. Click OK to close the dialog
  5. Click Save Changes

Set the default Mailbox type button for New Shared, Room and Equipment Mailboxes

Add the ability to set the default mailbox type to “Office 365 Exchange Remote” for New Shared mailbox, New Room Mailbox and New Equipment Mailbox:

  1. Select property Mailbox Type and click Edit Policy
  2. Select Default Value checkbox and type here 2
    (0 means no mailbox, 1 means on-premises, 2 means remote mailbox, 3 means Office 365 only. Available options are dependent upon configuration. 0,1,2 are available when AD, Exchange and Office extensions are enabled where 0,3 are available when only AD and Office 365 extensions are enabled)
  3. Click OK to close the dialog
  4. Click Save Changes.

Control Phone Number Format using a MASK

The entry format of any phone number attribute can be controlled by adding a Attribute Policy that contains a formatting Mask.  Masks are regular expressions that determines how the number must be entered by the user.

Note: if you already have an attribute policy with required Scope, you can skip steps 1-9 and use existing policy instead of creating the new one.

Creating an Attribute Policy with proper scope

  1. Open Cayosoft Administrator console.
  2. Navigate to Configuration > Web Interface > Attribute Policies
  3. Click Add Attribute Policy at the top right
  4. Enter a name for the New policy, for example Office Phone Mask
  5. Expand the Policy Details of the new policy
  6. If you need the policy to be applied to everyone who is using Cayosoft Web Interface leave radio button ‘Policies Applied to everyone’ selected. Overwise, select ‘Policies applied only to specific Trustees’, then click Add button and select required users or groups
  7. Click Add scope at the bottom right of the Policy Scope section
  8. In Specify Policy Scope dialog do the following:
    1. Select the Active Directory admin unit in the first column
      (you can select any others AD units if needed)
    2. Select the AD Users Web Query in the second column
      NOTE: You can select additional web queries if needed like, AD User Templates, AD Users (Inactive), or AD Users (Locked out)
    3. Select Properties in the third column
  9. Click OK

Add Mask on the Office Phone Attribute

  1. Click the scope in the policy to select it
  2. In the Attribute policy settings section, select the Office Phone attribute (you can use search to find it)
  3. Click Edit Policy
  4. Select checkbox near Mask field and set it to \+1\s[0-9]{10}\b
  5. Specify Error text (it will appear if user entered incorrect value): Office phone should be in format +1 2223334444
  6. Click OK
  7. Click Save Changes to save the policy

NOTE: The policy will become active in the Web Portal the next time the page is refreshed or when the user signs-on again.