Manage business units

Use the Business Units page to display a list of business units, search the list, delete business units, and invoke the editing process.

Use the Business Units Settings page to edit settings for a business unit.

Note Only master administrators and delegated administrators with permissions for managing business units can create and delete business units and modify business a business unit's properties.

The following topics provide how-to instructions for managing business units:

Display a list of business units

Use the following procedure to display a list of business units.

  1. Select Accounts > Business Units.
  2. The Business Units page is displayed. Business units that have child business units associated with them are called parent business units and are displayed with a plus sign (+).
  3. (Optional) To display child business units, click the plus sign next to a parent business unit.
  4. The child business units are displayed under their respective parent units.
Note Delegated administrators do not see business units as parents and children. All business units associated with a delegated administrator are displayed at the same level on the page.

Create or edit a business unit

Use the following procedure to create or edit a business unit.

  1. Select Accounts > Business Units.
  2. The Business Units page is displayed.
  3. Click New Business Unit or click the name of the business unit you want to edit.
  4. The Business Units Settings page is displayed.
  5. Note The Address Book Settings pane is only displayed if the Address Book feature is enabled (the value of the AddressBook.Enabled configuration option is set to true).
  6. If you are creating a business unit, enter a value in the Name field.
  7. Note Business unit names are not case sensitive.
  8. In the Base Folder field, specify a folder that is to contain the home directories of new accounts belonging to this business unit.
  9. Select the Allow Base Folder modifying check box to allow administrators to change the base folder when creating an account.
  10. Select the Allow Home Folder modifying check box to allow administrators to change the account name suffix when creating an account.
  11. In the Parent Business Unit drop-down list, select the name of the parent business unit. If you do not want this business unit to be a child, select None, the default.
  12. Note If the Business unit assigned to Delegated Administrator has child Business unit, the child Business Unit will be also assigned to this Delegated Administrator. If Business unit does not have child, but another Delegated Administrator adds child, the newly added child will be automatically assigned to the first Delegated Administrator. If the child Business Unit is removed from the parent Business Unit but continues to exist, the Delegated Administrator will not be linked anymore.
  13. In the Network Zone field, select the network zone that defines the public URL prefix for users in this business unit.
    • Select Default to use the setting in the default network zone.
    • Select a specific network zone to use the setting defined for that zone.
  14. For more information, see Manage Transaction Manager protocol and proxy server communication.
  15. From the HTML Template drop-down, select the HTML template you want to use for accounts and account templates that belong to this business unit.
  16. Select the Allow HTML Template modifying check box to allow administrators to change the HTML template when editing or creating an account for this business unit.
  17. Select Allow this account to submit transfers using the Transfers RESTful API to enable calls from the SecureTransport REST file transfer API authenticated with the credentials from accounts in the business unit. When this option is selected, the account will be allowed to trigger server initiated transfers using the Transfers RESTful API resource and retrieve the tracking information for these transfers.
  18. Select Allow end user to modify Transfers RESTful API settings to allow a delegated administrator to modify this fields for users in the business unit.
  19. Select Login by email to allow users in the business unit to log in using the value of the Email Contact field as well as the Login Name. A user of one of the Axway Email Plug-ins must be able to login by email.
  20. Select the Allow Login by Email modifying check box to allow administrators to change the Allow this account to login by email field when editing or creating an account for this business unit.
  21. Select the Allow Delivery Method modifying check box to allow administrators to change the delivery method values when editing or creating an account for this business unit.
  22. The Delivery Method value controls the options that ST Web Client displays in the User Access window.
    • Disabled – The user cannot send files using ad hoc file transfers.
    • Default – Use the delivery method specified in the account template, if any, or in the Default Package Delivery Method field of the AdHoc Setting page.
    • Anonymous – The sender can choose Anonymous or Challenge.
    • Account Without Enrollment – The sender can choose Anonymous, Challenge, or Existing Account.
    • Account With Enrollment – The sender can choose Anonymous, Challenge, Existing Account, Enroll Unlicensed, or Enroll Licensed.
    • Custom – Select the allowed enrollment types in the Enrollment Types field. The sender can chose any of the selected enrollment types.
  23. For a custom delivery method, select one or more allowed enrollment types in the Enrollment Types field:
    • Anonymous – The ad hoc file recipient receives a link to retrieve the files and is not enrolled as a user. The ST Web Client option is Send attachment link only.
    • Challenge – The ad hoc file recipient receives a link and must answer correctly a challenge question specified by the sender to retrieve the files. The recipient is not enrolled as a user. The ST Web Client option is Protect attachment link with security question.
    • Existing Account – Do not enroll ad hoc file recipients. Only existing users can receive files. The ST Web Client option is Send to existing users only.
    • Enroll Unlicensed – If the ad hoc file recipient does not have a user account, the recipient must enroll and create an account before retrieving the files. The ad hoc file recipient becomes an unlicensed user who can only reply once to the email and retrieve the files. Other user attributes are defined by the enrollment template. The ST Web Client option is Allow recipients to enroll as new Unlicensed Users.
    • Enroll Licensed – If the ad hoc file recipient does not have a user account, the recipient must enroll and create an account before retrieving the files. The ad hoc file recipient becomes a SecureTransport user with all the attributes specified in the default enrollment template. The ST Web Client option is Allow recipients to enroll as new Full Licensed Users.
  24. The Implicit Enrollment Type value controls which option ST Web Client selects initially in the User Access window and which enrollment type is used by the Axway Email Plug-ins. The choices depend on the enrollment types enabled by the Delivery Methods and Enrollment Types fields.
  25. Select the Enrollment Template for this business unit. When a user is enrolled based on an ad hoc file transfer from a user in this business unit, the selected account template is used. You specify the default enrollment template on the AdHoc Settings page.
  26. Select the Email Notification Template for this business unit. When a user is enrolled based on an ad hoc file transfer from a user in this business unit, the selected email notification template is used. You specify the default enrollment template on the AdHoc Settings page.
  27. Select the Allow Shared Folders collaboration check box to allow shared folders collaboration. This option is inherited from the business unit by the children of the business unit. When checked user accounts may collaborate using, creating, and sharing folders based on the following criteria:
    • If the user accounts are not in the same BU but they have common ancestor then the business unit setting of the lowest common ancestor is used for deciding if sharing is allowed or not.
    • If the user accounts are in one and the same business unit then the shared folder setting of the business unit is used for deciding if sharing is allowed or not.
    • If the user accounts have business units assigned but there is no common ancestor then the global setting is used for deciding if sharing is allowed or not. Refer to View and change server configuration parameters for information on setting global parameters.
    • If the owner account or the collaborator account (or both of them) has no assigned business unit then the global server setting is used for deciding if sharing is allowed or not. Refer to View and change server configuration parameters for information on setting global parameters.
  28. Select the Enable ICAP scan with First Server check box to enable ICAP scanning with the first ICAP server. Select the Enable ICAP scan with Second Server check box to enable ICAP scanning with the second ICAP server. The Internet Content Adaptation Protocol (ICAP) settings allow the administrator to configure ICAP engines to be used as part of the SecureTransport file transfer processes so that data loss prevention (DLP) is achieved and anti-virus (AV) scans are completed. For ICAP server configuration information, refer to ICAP settings.
  29. In the File Archiving Settings pane:
    1. Select the File archiving policy from the menu.
      • When Default is selected, business unit inherits either its parent’s policy or the global archiving policy if it is a top level business unit.
      • When Enabled is selected, file archiving will be enabled for all accounts from this business unit.
      • When Disabled is selected, file archiving will be disabled for all accounts from this business unit.
    2. NoteThis option will be disabled if the Enable File Archiving option from the global File Archiving page is turned off.
    3. Select Allow File archiving policy modifying to enable modification of file archiving policy at the account level.
      • When checked, all the accounts that are assigned to this business unit can have their own file archiving policy.
      • When unchecked, the corresponding option in account settings page will be disabled and accounts will inherit business unit policy.
    4. NoteThis option will be disabled if the Enable File Archiving option from the global File Archiving page is turned off.
    5. Select the Archive Folder from the menu.
      • When Default is selected, the business unit inherits either its parent’s folder or the global archiving folder if it is a top level business unit.
      • When Custom is selected, the business unit defines its archive folder.
      • NoteWhen you select this option, you must also provide archive folder absolute path.
    6. NoteThis option will be disabled if the Enable File Archiving option from the global File Archiving page is turned off.
    7. Select the Encryption certificate from the menu. The encryption certificate must be a local x.509 certificate. For information on adding local certificates, refer to Manage local certificates and certificate signing requests.
      • When Default is selected, the business unit inherits either its parent’s encryption certificate or the global encryption certificate if it is a top level business unit.
      • When Disabled is selected, archived files for accounts in this business unit won’t be encrypted.
      • When Custom is selected, a dedicated encryption certificate can be selected for this business unit.
    8. NoteThis option will be disabled if the Enable File Archiving option from the global File Archiving page is turned off.
      NoteThe certificate cannot be deleted or overwritten when it is in use.
      NoteWhen you delete or overwrite a certificate which previously was used for encryption, all files encrypted with this certificate will be useless and cannot be restored.
  30. (Optional) When the Address Book feature is enabled, the Address Book Settings pane is displayed. To configure the business unit Address Book settings:
    1. Select the Address Book source.
      • Default - The business unit inherits either its parent's Address Book policy or the global Address Book policy if it is a top level business unit.
      • Custom - A custom Address Book policy configuration will be set for this business unit only and the following will be configurable:
        1. Enable or disable Address Book sources for the business unit.
        2. Specify the parent groups for Address Book sources.
        3. Specify the domain for LDAP Address Book sources.
        4. Specify All Business Units or User's own business unit for local and custom Address Book sources.
      • Disabled - The Address Book policy is set to disabled for this business unit.
    2. Specify whether or not to Allow collaboration with non-Address Book recipients. If Address Book functionality is disabled, this setting does not affect user collaboration.
      • When checked, accounts that use the Address Book policy defined on the business unit level will be allowed to send email packages and share folders with users that do not exist the defined Address Book.
      • When unchecked, accounts that use the Address Book policy defined on the business unit level will be allowed to send email packages and share folders only with users that exist in the defined Address Book.
    3. This business unit setting overrides the global Address Book policy setting for collaboration. This setting can be overridden on the account level if Allow modifying of the 'Allow Address Book Collaboration' setting is checked.
    4. Specify whether or not to allow modification of the Allow modifying of the Collaboration setting setting.
      • When checked accounts that use the Address Book policy defined in this business unit will be allowed to override the Allow Address Book collaboration setting specified here.
      • When unchecked accounts that use the Address Book policy defined in this business unit will be not allowed to override the Allow Address Book collaboration setting specified here.
    5. Specify whether or not to allow Address Book source settings modifying.
      • When checked accounts that use the Address Book policy defined in this business unit will be allowed to override the Address Book Sources specified here.
      • When unchecked accounts that use the Address Book policy defined on business unit will be not allowed to override the Address Book Sources specified here.
  31. For additional Address Book business unit level configuration information, refer to refer to Address Book business unit level configuration.
  32. In the Login Restriction Policy pane:
    1. Select the Business Unit Login Restriction Policy from menu.
    2. If None (No Restriction) is selected, the Global Login Restriction Policy (if configured) is the default Business Unit Login Restriction Policy.
    3. If one of the configured Login Restriction Policies is selected, it becomes the default Business Unit Login Restriction Policy.
    4. Select Allow Login Restriction Policy modifying to enable modifying of the Login Restriction Policy at the account level.
  33. Click Save.

Delete a business unit

Use the following procedure to delete a business unit.

  1. Before you delete a business unit, make sure that it is not associated with any account, administrator, application, or route and that it does not have any child business units.
  2. Select Accounts > Business Units. The Business Units page is displayed.
  3. Using the check boxes, select the business units to delete. To select or clear all the check boxes, select or clear the check box in the table header.
  4. Click Delete. A confirmation window is displayed.
  5. Click OK to delete the selected business units.

Related Links