Introducing the new module ‘Vault’

• Employee Vaults

  • Employee vault is secure location for current & former employees to get private access to documents via a web browser or mobile app. Employee vault is protected to allow access only to the vault owner and the vault admins. Vault supports setting up 2FA and retention rules for the documents. Vault audit log keeps tracks of all activity – views, downloads and much more. Vault content cannot be edited or shared (like other files). Vault can be integrated with a secure FTP server to automate adding monthly pay slips, yearly tax documents & more directly into your employees and alumni vault.  Talk to your MangoApps customer success manager about your use cases and how you can benefit by setting up employee vaults.
  • Vault admins can lookup an employee vault of any active or suspended user under admin portal > modules > vault > employee vaults
  • A domain admin can’t lookup an employee vault unless they are a vault admin also.
  • For each employee the vault admin can:
    • View the vault
    • Download the vault contents (folders & files)
    • De-activate / Activate the vault to disable/enable access of the user
    • Reset the 2FA (when 2FA setting is ON) to allow the user to re-scan the QR code using google authenticator
    • Get a link of the vault (Link can be used to access the vault by a vault admin or the vault owner only)
  • For each employee the domain admin (who is not a vault admin) can:
    • De-activate / Activate the vault
    • Reset the 2FA (when 2FA setting is ON)
    • Get a link of the vault
  • Inside the vault
    • Vault admins can view any employee or former employee’s vault
    • Vault admins can add files to a user’s vault and send a message to the user that new files have been added to their vault
    • Vault admins can search any employee or former employee’s vault
    • For each file in the vault, the vault admin can
      • View & download it
      • Move it to another folder within the vault
      • View audit history of a file

• Integration

  • Vault support integration with up to 5 secure FTP servers/endpoints.
  • Vault automatically polls the SFTP servers/endpoints once daily (around 4 AM your domain’s time zone) for new zip file containing files for all the users.
  • Vault admins & domain admins can also do a manual/on-demand sync at any time.
  • Vault supports zip files that are password protected. Admin needs to provide the password as part of the integration setup
  • Vault supports uploading files from different SFTP servers to different vault folders  e.g., one SFTP server is for fetching monthly pay slips info and a second FTP server is for fetching yearly tax documents.
  • The files inside the zip file need to follow a naming convention for them to be uploaded into the correct user’s vault.
    • File for each employee to have this naming convention: [EmployeeID]-NNN-[DDMMYYYY]-NNN.pdf”
    • [EmployeeID] will be used to identify the user’s whose vault the file would be uploaded in.
    • [DDMMYYYY] will be used to fetch the month & year and will be appended to the ‘Auto-Prefix Label’ field value to form the full end user filename.
    • For example: If [EmployeeID] is set to ‘10001’, [DDMMYYY] is set to ’01102021’ and Auto-Prefix Label is set to ‘Pay Slip’ then the file name uploaded in the vault of user with employee ID 10001 will be named: “Pay Slip Oct-2021.pdf
  • Vault supports integration with  SFTP servers that required authentication via a login id and password.

• Audit

  • All vault activity and changes are logged in the vault’s audit log
  • The following vault operations are tracked in the audit
    • Folder Created – When a new folder is created
    • Folder Renamed – When a folder is renamed
    • Folder De-activated – When a folder is disabled
    • Folder Deleted – When a folder is deleted
    • Item Added – When a new file is added to anyone vault
    • Item Viewed – When a file is viewed from anyone’s vault
    • Item Downloaded – When a file is downloaded from anyone’s vault
    • Item Moved – When a file is moved from one vault folder to another
    • Item Deleted – When a file is deleted from anyone’s vault
    • User Vault 2FA Reset – When a user’s 2FA for their vault is reset
    • User Vault Activated – When a user’s vault is activated
    • User Vault De-activated – When a user’s vault is de-activated
    • Scheduled Run – When the integration auto schedule is run to add items to everyone’s vault
    • Manual Run – When the integration run now to add items to everyone’s vault
  • Search on vault’s audit log and sorting on columns is supported

• Settings

  • Ability to turn vault module ON or OFF for alumni / former employee
  • Turning the vault OFF for all alumni / former employees does not remove the content present in their vaults. It only stops them from getting access to it. Additionally you can turn OFF vault at a per user level also.
  • Ability to setup the default folder structure for the vault of all users
  • Admins can manage the folders – create, rename, hide or delete
  • At least one folder needs to be active in the vault
  • Deleting the folder will permanently delete the files in that folder from the vault of all users in the domain
  • Vault retention settings can be setup for current & former employees. Options are
    • Keep forever
    • Keep for N days after it was added to the vault
  • 2FA can be setup for current & former employees. Options are
    • 2FA token over Email
    • 2FA token via Google Authenticator
  • For 2FA over email, additionally you can configure the validity of the token. Default validity is 15 mins
  • The 2FA channel selected here will become the default channel on which the user will be sent the 2FA token. User will still have the choice to switch to the other channel for 2FA. For example. If “2FA Token over Email” is selected here, then when the user tries to access the vault module for the first time post a login, they will be sent the 2FA token on email. User can use the 2FA token they received on email to get access to their vault or they can click on the link to “Use Google Authenticator Instead” and enter the 2FA token from the google authenticator app and get access to their vault.

• Custom Admin Role & Vault Permissions

  • Ability to create a new custom admin role that has access to the vault admin capabilities from admin portal > users > admin roles
  • Only vault admins have full access to all employee vaults.
  • A domain admin who isn’t a vault admin also cannot access employee vaults
  • Vault owner (current/former employee) have view & download permission on their own vault
  • Vault owner (current/former employee) can’t add or remove files.

• User List & Vault Activation

  • Ability to activate or deactivate vaults in bulk is supported from admin portal > users > manage users
  • Filter to get a list of all former employees with vault activated has been added

• Vault Module for Employees

  • Employees can access their vault like any other module on web & mobile
  • Vault module will be accessible from the primary navigation like other modules
  • If the admin has configured 2FA then the user has to enter the 2FA received on their primary email / alternative email account.
  • User can request to resend the 2FA code if they have not received the 2FA token.
  • User can also switch to the other channel and use that to get the 2FA token
  • Default validity of the token over email is 15 mins

• Vault Module for Alumni / Former Employees

  • Former employees can access their vault from both web & mobile
  • Vault module will the only module accessible to former employees
  • If the admin has configured 2FA then the former employee has to enter the 2FA received on their primary email / alternative email account.
  • Former employee can request to resend the 2FA code if they have not received the 2FA token.
  • Former employee can also switch to the other channel and use that to get the 2FA token
  • Default validity of the token over email is 15 mins
  • Former employee have the option to reset their password also

Post enhancements

• Send for review workflow

  • Any post in edit mode can be send for review to any user in the network now
  • Reviewers who are sent the post will get a private message with the review link to the post
  • Reviewers do not need to have the same level of privilege as the author to view/review the post
  • Reviewer as part of this workflow has 2 actions they can take
    • Request changes
      • Reviewer can list out the changes they are asking for in the reply box
      • On post response the reply will appear in the original review private message they were sent from the author
    • Review complete
      • Reviewer can say that they don’t have any changes to suggest in the reply box
      • On post response the reply will appear in the review in the original review private message they were sent from the author
  • Reviewers cannot directly edit the post they are sent for review. They can only request changes
  • Reviewers get view (with download) permission on the files that are attached to the post which was send for review
  • Post author can send any number of review requests as they want
  • Post author can publish/schedule the post at any time. No response or changes request from reviewers does not stop publishing the post
  • Review history on the post in drafts or scheduled queue can be used to see which reviewers were sent the review request and the reviewers that have responded back requesting changes / complete the review
  • Domain admins can set a default list of users who should review a post in admin portal > modules > posts > settings. The post author can still change the reviewer list for each post as per their requirement.

• Schedule post enhancements

  • Scheduled posts can now be saved in draft as well
  • Scheduled posts can be send for review as well

• New post settings

  • Who can mark the post as must read?
    • This is a new setting that domain admins can config from admin portal ? modules > posts > settings
    • Options are
      • Post creator & admins
      • Admins only
  • Who can boost the post?
    • This is a new setting that domain admins can config from admin portal ? modules > posts > settings
    • Options are
      • Post creator & admins
      • Admins only
  • Admins include
    • For team posts it will be team & domain admins
    • For company posts it will be intranet & domain admins

• Publish of post 
  • When a company post is saved in draft or scheduled by “intranet admin A” and the publish action is clicked by “intranet admin B” (from the draft post / scheduled post list), the company post will still be published with author as “intranet admin A”

Library & quick link enhancements

• Custom icon support in library

  • Library items now allow custom icons to be uploaded (in addition to picking from 1500+ pre-shipped icons)
  • Min. size of the icon should be 50 x 50 px
  • For larger uploaded icons, ability to crop them is available after you upload it

• User profile based variable data support in quick links

  • Simple & conditional quick links now support user profile based substitution tags
  • Substitution tags supported are custom user fields of single line text and multiple choice (single selection) types
  • Substitution tags also support pre-defined system fields – email id and employee id

DLP policy enhancements

• New widget

  • DLP policy match alerts are generated when users post content that have sensitive information that match the pattern configured in a policy rule
  • These alerts are listed in the ‘DLP Active Alerts’ dashboard widget for domain & compliance admins to act upon
  • Domain & compliance admins can close the alert directly from the widget

• New notifications

  • Domain & compliance admins can now configure to be notified in real time when the content any user shares has sensitive information.
  • Domain & compliance admins can also configure an action to notify the user when the content they share has sensitive information. For example, if a user tries to share a document containing sensitive information, a DLP policy can both send them a notification (over email or mobile) and include the link of the document indicating the sensitive information found.

• Ability to edit existing policies

  • DLP policies can now be edited by domain admins
  • As part of editing a policy domain admins can change
    • Name, description
    • The pattern to match
    • Notification settings
  • The edited policy will become effective immediately

• Ability to create & edit custom policy

  • Ability to create custom policy has been added now
  • Domain admins can now extend the DLP policies framework of identifying, monitoring and alerting of sensitive information for custom patterns
  • Policy alert life cycle management is available for custom policies also

• Policy matching log improvements

  • Ability to filter & sort the matching log has been added
  • You can also download the log data in an excel file for more elaborate analysis

• Full release notes on DLP policies is available here 

LMS enhancements

• Import & export of course list & user history

  • Ability to import courses list & users past history in bulk is now supported
  • Ability to export courses list in bulk is also supported
  • Learn more of import/export of courses here

• Control of hiding fields on course details page

  • Ability to hide specific course fields from end user view has been added
  • These fields will be available for the LMS admin / instructor to enter values but can be configured to be hidden from end user on the course details page

Misc web improvements

• Multi-date format support in active directory & SAML

  • Domain admins now have additional flexibility to configure the ‘date format’ for date of joining and date of birth fields for AD/LDAP & SAML user profile sync
  • This configuration allows admins to choice between the following 3 formats as per their data that is AD/LDAP or SAML based IDP
    • YYYY/MM/DD
    • MM/DD/YYYY
    • DD/MM/YYYY

• Poll feed improvement

  • The poll news feed now directly shows inline the poll choices without the user having to click to view them
  • This has been changed for both default & custom poll choices

• Dashboard image loading performance improvements

  • Media in slider, multimedia, quick links and rich text with media will now be fetched from CDN
  • This change improves the loading time of media heavy dashboards by over 33%

Mobile clients enhancements

• Enhanced UI

  • UI of mobile apps have been refreshed
  • Key changes include
    • Default app theme moved to a light base
    • Big title font sizes for improved readability
    • Quick find inside modules made prominent
    • Improved scrolling experience
    • Font style & size made consistent across menus and modules

• New vault module

  • Vault Module for Employees
    • Employees can access their vault like any other module in their mobile app
    • Vault module will be accessible from the primary navigation like other modules
    • If the admin has configured 2FA then the user has to enter the 2FA received on their primary email / alternative email account.
    • User can request to resend the 2FA code if they have not received the 2FA token.
    • User can also switch to the other channel and use that to get the 2FA token
    • Default validity of the token over email is 15 mins

• • Vault Module for Alumni / Former Employees
    • Former employees can access their vault from the mobile apps
    • Vault module will the only module accessible to former employees
    • If the admin has configured 2FA then the former employee has to enter the 2FA received on their primary email / alternative email account.
    • Former employee can request to resend the 2FA code if they have not received the 2FA token.
    • Former employee can also switch to the other channel and use that to get the 2FA token
    • Default validity of the token over email is 15 mins
    • New settings area available to change password, report a problem and logout

• Post enhancements

  • Ability to set featured image has been added. Feature image can be
    • GIF
    • Image from phone gallery
    • Image clicked via camera
  • Mark a post as must read is now based on domain admin settings

• LMS enhancements

  • Search added in course catalog
  • Deep linking now supported for ‘My Learning’, ‘Course Catalog’, ‘My Certificates’ and ‘My Transcripts’ tabs

• Approval workflow support added

  • Ability to approve or decline a request added in messages
  • Ability to approve or decline a request added in teams

Desktop & Mac client improvements

• Windows & Universal client improvements

  • You can now lock the order of pinned chats using the ‘lock’ icon
  • In lock mode
    • User can drag and drop the pinned chat
    • The order of pinned chats is fixed as per the user set order and it does not change
  • In unlock mode
    • User can’t drag & drop the pinned chat
    • Recently active chats are on top and the order changes based on recently
  • Toggle on the lock / unlock icon to switch modes
  • This feature is available in both windows & universal messenger clients

• TinyTake for mac client improvement

  • Ability to copy text that’s inside the captured image has been added
  • Two sided arrow tool has been added

Bug fixes

• Web Portal

  • Fixed extra space at the end of the 2FA token value in the email
  • Fixed mark as read issue on Firefox & IE 11
  • Fixed the broken link going in the tracker notification email
  • Fixed the PDF printing issue of it printing only 1 page. Additionally the browser header being part of the printed version has been removed
  • Fixed the history list (on the top header) not showing data in Firefox & Safari browser
  • Fixed the file share dialog not display the users & teams list in Firefox & IE 11 browser
  • Fixed assigning of multiple users to an ILT session issue
  • Fixed the issue of finding the user by their last name after it was updated
  • Fixed the list of states in the people directory when country selected is Sri Lanka
  • Fixed the translation issues with german language that were reported by a german customer
  • Fixed the team name display to show more characters
  • Recognition report now includes employee id field in it also

• Mobile Apps

  • Fixed dashboard re-loading on every visit issue
  • Fixed the issue when the user set their date in the profile, it is auto incrementing it by one day
  • Fixed the issue of an item not launching/opening from todo list

• TinyTake for Windows
  • Fixed screen capture reported application crashes
  • Changed the default to be OFF for the default footer that displays the source of the clipped image