|
|
|
|
|
|
|
|
|
Learn how the ownCloud features enable your organization to collaborate safely.
Active Directory and LDAP
Speed up ownCloud integration, leverage existing user data through Microsoft Active Directory or LDAP.
Efficient user management is vital for the success of any enterprise, irrespective of its size. The LDAP application was designed to make user management easier and more streamlined and simplify administration, by leveraging existing authentication and user management systems.
ownCloud integrates with existing user directories, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP).
How LDAP/AD integration simplifies user management:
ownCloud is equipped with an LDAP application that makes existing users, including those from Active Directory, appear in your ownCloud user list. This completely eliminates the need to create separate ownCloud accounts for existing users, thus saving valuable time and IT workload.
ownCloud users can authenticate with their existing credentials. The authentication request is handled by the Active Directory or the LDAP server, so ownCloud does not store the passwords. The application also simplifies integration by pulling users’ group memberships, quota settings, email addresses and avatar pictures through appropriate queries and filters.
The LDAP application supports:
Advantages of LDAP/ AD integration for user management at a glance:
Activity Stream
Keep up with your colleagues’ progress. See who did what in which file or folder.
Let users keep up with their colleagues’ progress. The Activity Stream shows who did what with which file or folder to others using those same files and folders.
The ownCloud Activity Application was designed to enable users to access a summarized overview of all file and folder events in their ownCloud, in order to ensure that users never miss an important event related to content in ownCloud and can always stay up-to-date on activities across all of their files and folders.
A transparent overview of all file and folder actions
The ownCloud Activity Application provides a one-stop platform to view all actions performed across files and folders, including creation of new files or folders, changes made to file or folder, updates, restorations from trash bin, sharing activities, comments, tags and downloads from public share links.
Users who participate in a wide range of work activities can choose to limit the Activity stream notifications to ‘Favorites’, so as not to be overwhelmed with notifications.
Activity Application notifications can be sent via email
Furthermore, users can also configure their Activity Stream application to receive activity notifications sent to them via email hourly, daily, monthly or at any other interval of their choice. Users can decide, in detail, which file and folder actions would be listed in the Activity stream, and for which file or folder actions they would prefer to receive email notifications.
Activity notifications can be filtered
The application can be configured to show activities by the users themselves, by others, on files or folders marked as favorite by the user, as well as only comments or just shares.
The Activity Application is customizable as per user needs
The Activity Stream application allows users to configure their individual Activity preferences. It is upto the individual users to decide which file or folder actions should be listed in the Activity stream and also for which file or folder actions they would want to receive email notifications. The bulk email notifications can be configured to be sent out hourly, daily or weekly, to fit the specific needs of the individual user.
Android App
Let users access, share and edit their files and folders on the go.
The Android app enables users to access and share their files and folders safely and comfortably on their mobile devices. The app supports multiple accounts for users of multiple ownClouds, document provider integrations into Android and a number of security features like passcode lock, pattern lock and fingerprint lock.
Users can configure the app to automatically upload pictures and videos taken by the camera app on their device.
With an Enterprise subscription, organizations can opt to have their mobile apps branded.
Antivirus
Avoid threats by inspecting files for infections.
The ownCloud Anti-Virus App makes sure files are scanned on upload to avoid infections with viruses, trojans, and other malicious code.
As a scanning engine, the App defaults to ClamAV, the open-source Antivirus tool that is standard issue in email gateways across the internet.
Use ICAP to leverage enterprise-ready antivirus engines
For corporate settings, the ownCloud Anti-Virus App works with enterprise-grade antivirus scanning engines like Kaspersky Scan Engine or McAfee Web Gateway. Through the open-standard ICAP protocol, ownCloud Enterprise can leverage the enterprise-ready products from all the major antivirus vendors. This means organizations can use the antivirus solutions already deployed to fortify ownCloud, reaping synergies with investments already made and expertise already accumulated.
Apple Shortcuts
Create automations using the ownCloud App on iOS.
The Shortcuts Integration enables users to build automations of workflows based on actions that the ownCloud App provides. These tiny apps speed up repetitive tasks significantly and save a lot of work. And they can be started using Siri, too.
The ownCloud actions available to Shortcuts make it a robust file access backend that can feature in a variety of automations.
Auditing
Log actions of users and admins for compliance and security.
The ownCloud Audit App provides a secure data protection and compliance system by enabling enterprises to enjoy full control and access to actions performed on its platform, its aim being the prevention of loss and abuse of sensitive data.
The ownCloud Audit App records the actions that users and administrators of an enterprise perform on a platform and the ways in which they handle sensitive data. These actions are logged and traceable in the Audit App, and can be accessed and proven for compliance reasons by an enterprise if the circumstances so demand, for example, when data breach or data abuse is suspected.
Features and functions
By using the ownCloud Audit App, enterprises are able to:
Protect, track and report your data with the ownCloud Audit App.
How it works
The ownCloud Audit App logs the actions performed by users and administrators on the platform of an enterprise. These log entries are written in JSON format and are optimized to be consumed by professional log analyzers (like Splunk or ELK stack) to collect statistics, derive visualizations and set alerts for certain events of interest.
The logs are written to the owncloud.log file by default. If you require a separate log file, for example, for legal or compliance reasons, you will find an example of how to split those in config.sample.php.
Splunk Integration
The ownCloud integration for Splunk consists of an app and an add-on, both available in Splunkbase. Splunk is configured to retrieve log, audit and metrics data from the ownCloud Metrics API and the ownCloud Enterprise Audit App.
Splunk uses this data to provide reports, visualizations, filterable views and alerts for specific events.
Compatibility:
The ownCloud Audit App is available as a part of the Enterprise edition.
Comments
Let users weigh in directly on files and folders.
Let users respond directly on files and folders. It makes coordination quicker and more straightforward.
The Comment Feature looks mundane, but actually makes collaboration that much more efficient. Users are notified about a comment on their files in the Activity Stream, and, if they enabled them, in notification emails.
The comment feature also allow teams to retrace past work and can help reduce the number of emails sent back and forth.
Comprehensive Encryption
Safeguard data through state-of-the-art cryptographic measures. With its modular and flexible encryption architecture, ownCloud enables custom setups for every threat level and regulatory requirement.
The ownCloud comprehensive file encryption architecture is designed to offer up to three levels of file encryption to ensure that your sensitive data is protected and secure at all times.
File encryption in transit:
In-transit file encryption is active by default and design with the use of HTTPS connections and the latest TLS protocol. As a user of ownCloud comprehensive file encryption application, you can encrypt your files server-wide and/or end-to-end. In fact, in-transit encryption is mandatory to comply to General Data Protection Regulation (GDPR).
File encryption in rest:
Encryption at rest refers to the process to encrypt files saved from the ownCloud application server prior to saving them on the actual storage. In this setup, ownCloud uses a single master key encryption method, allowing only the administrator holding the key to decrypt the files, ensuring a high level of protection against data breach even in the instance of stolen hard disk.
For added security, the keys can be stored in a hardware security module (HSM).
End-to-End Encryption Plugin:
ownCloud provides an End-to-End (E2EE) file encryption plugin that is strongly recommended for highly valuable and sensitive data. This plugin enables users and authorized guest users to share fully-encrypted files across all modern browsers, as well as via email.
A JavaScript plugin encrypts files on upload with public keys provided by the server. File decryption is enabled with the use of a private key in the web interface.
How comprehensive file encryption works:
As soon as the app is enabled by your ownCloud administrator, all of your ownCloud data files are automatically encrypted.
File Encryption is server-wide. So, once enabled, keeping your files unencrypted is not possible. You can use your ownCloud login credentials as the password for your unique private encryption key.
Certain resources, including but not limited to file names, image thumbnails, existing files in the trash bin, file previews, the search index from the full text search app, third party app data and existing files in Versions, are not encrypted.
Custom Groups
Let users create their own custom groups to quickly and easily share data with multiple people at once. It makes teamwork more efficient and also lightens admin workload..
The ownCloud Custom Groups feature empowers users to define their own sharing groups in ownCloud without admin assistance. With the help of this application, users can create a group of users that they repeatedly share files with, for example, a team, a department or a group of contractors.
How Custom Groups work
The Custom Groups feature allows users to create and manage their own groups within a workplace. Members can be designated group admins to allow them to add or remove users. A group can also be hidden from a specified group of users. Moreover, administration of those groups by admins can even be disabled so that users can safely use the feature without having to trust administrators.
ownCloud users can create and manage Custom Groups with only a few clicks. The groups are visible only to members of the group and ownCloud administrators can see and modify all groups of an ownCloud.
Additionally, this application offers permission management capabilities to enable collaborative management of groups. A member of a group can be classified either as a ‘Member’ or a ‘Group admin’.
Members can share files with the group, view the members list and leave the group. Group admins, in addition to the above, also enjoy the privilege to add and remove members, rename or delete the group and set permissions for other members of the group.
To keep in mind:
Advantages of using Custom Groups
When working in larger organizations, the number of users in a collaboration platform like ownCloud quickly reaches a point where the segmentation of users becomes very relevant.
In a regular workplace, creating groups is usually a job for administrators, but this approach can lead to bottlenecks and delays. By making it easy for users themselves to create groups and share files, organizations gain efficiency, increase productivity, meet organizational goals faster and significantly reduce administrative workload.
Desktop App
Access and sync files and folders, work on remote files right from the desktop.
The Desktop App enables users to access and share files and folders stored in ownCloud as if they were stored on their computer – because they are. Continuous synchronization to and from the server provides ease of use combined with comprehensive access control.
The built-in Virtual File System improves usability and reduces local storage requirements. If enabled, it syncs a virtual file instead of the full file, downloading the real thing only on demand, for example to open a document in an application. Users can share virtual files in their file manager even if they are not stored locally.
The Desktop App integrates nicely into the native file managers in Windows, macOS and Linux. Files can be opened seamlessly in local software and swiftly shared using the ownCloud context menu, whether working in Explorer, Finder, Nautilus or Dolphin. It features copying a public link to the clipboard, copying a private link to the clipboard, opening the share dialog for more specific needs, opening in the browser or showing the version history in the browser.
Document Scanner
Let users scan documents with their iPhone.
The Document Scan Feature enables users to quickly and easily digitize papers into ownCloud using the ownCloud App on the iPhone or iPad.
However paperless we aim to work, we still regularly encounter information stored on dead trees as well as the odd business or administrative process still bound to paper.
With the ownCloud iOS App, it is easy to assimilate those analogue documents into the digital workspace. Change colors and contrast and save as PDF, PNG or JPEG. Scan a single page or continuously, saving all pages scanned in one PDF file.
The Document Scanner is a Premium Features available right out of the box for users of ownCloud.online and ownCloud Enterprise. Users of the Community Edition can unlock it as an In-App-Purchase.
Document Classification
Protect files automatically based on content and tags.
Document Classification and its importance
The ownCloud Document Classification feature was designed to empower organizations to restrict access to files based on their content and/or meta-data, to secure the process of file sharing and prevent unauthorized access to documents and consequent data breach. Data Classification at ownCloud works with the system of tagging.
Human errors, lack of user awareness about data security, negligence and hacking attempts often lead to data loss and data abuse, resulting in disastrous losses for the company in terms of finances and goodwill. Document Classification prevents this by providing a strong layer of security for critical data and also fulfills data compliance requirements (like GDPR).
This feature is particularly useful if your company deals with valuable and/or sensitive data, for example, financial data, contracts, blueprints, and so on.
In summary, Document Classification enables ownCloud providers to:
Document Classification and Risk Management
Data might be exposed to risk and non-compliance from varied sources. Document Classification is designed to enable enterprises to manage data protection requirements unique to their industry type and company structure, including the following:
Document Classification and Tagging
Document Classification in ownCloud is carried out through the tagging system. Tags can be of various types:
– Users
– File type, size etc.
Policy Enforcement
With the help of this feature, enterprises are able to define guidelines for content and security levels:
– Public / Internal / Confidential / Strictly Confidential
– Associate with contents
Furthermore, enterprises can enforce various kinds of policies:
– Classification
– Prevent Upload
– Prevent Link Sharing (for example, restrict external sharing for confidential files)
– Unprotected files expire after a specified period (for example, public files can be exempted from the rules imposed on internal files and made available for a longer period)
eM Client Plugin
Avoid inconvenient file attachments to emails and instead use secure links directly from ownCloud.
The ownCloud integration for eM Client provides a secure and convenient solution for file transfer via email. The cumbersome process of manually attaching files becomes obsolete.
Physical files are replaced by links directly connected to ownCloud. When attaching a file to an email, eM Client offers to insert a link to the file directly.
Besides being easier to use, this method also guarantees higher security for both sender and recipient. If the file is deleted afterwards, the link becomes invalid. Moreover, it is possible to add passwords and expiration dates to the files.
For comfortably sharing files or folders with contacts outside of the company, consider the Public Links Feature.
End-To-End Encryption
Secure all data transfers using the highly efficient end-to-end encryption.
The importance of end-to-end encryption
End-to-end encryption is the highest level of data secrecy combined with the highest level of data protection.
It closes all possible gaps in data secrecy and data protection, setting the groundwork for a zero-trust environment in your organization. In the simplest terms, it ensures that only the sender and the intended, authorized recipient(s) are able to access the data – no one else.
End-to-end encryption is the only viable solution that can truly assure that nobody other than the sender and the recipient(s) in your organization is able to access the encrypted data, not even the system administrators.
Who it is for
End-to-end encryption is strongly recommended for your enterprise if it deals with sensitive and valuable data, for example, personal details, financial data, healthcare records, and the like.
How it works:
A user uploading files can view a list of users who have access to the files. Before uploading to the server, each file is encrypted inside the browser leveraging a JavaScript plugin delivered to the user’s browser securely. The files are encrypted with public keys fetched from the server. The decryption mechanism takes place inside the browser as well with the use of the private key in the browser.
For a further level of data security, ownCloud provides an additional key service. The key service assures that the private key can be kept outside of the browser, even in the form of a smart key.
Advantages of ownCloud end-to-end encryption at a glance:
Limitations:
With end-to-end encryption enabled, it is not possible to leverage collaborative editing or any server-side function including virus scanning.
Also, in this setup, the user needs to consider the secrecy or data protection requirements of files in each folder and the performance overhead on the client side. It is also important to keep in mind that the system administrator can’t recover any data for the user. If the private key is lost, the data cannot be decrypted in any other manner.
External Storage
Create a single point of access by mounting storage like S3, Dropbox, SharePoint and more.
The External Storage Feature enables users to mount storage space at other providers safely and quickly. It is actually a bunch of features supporting different storage providers: Amazon S3, Dropbox, Microsoft SharePoint and Google Drive as well as Windows Network Drives, SMB and FTP.
You can choose to restrict external file storage to administrators or to allow users to mount their own external file storage in their accounts.
The feature helps create a single point of access, allowing for organization-specific security policies to be used across all storage without the need of tedious data migration.
FaceID
Let users unlock their ownCloud App with a smile on iOS and Android.
Users can opt to have their ownCloud app lock when not in use to add another layer of security. For this, the ownCloud Apps for iOS and Android support the FaceID authentication procedures implemented through the biometric unlock mechanisms in the respective operating systems.
Getting by without FaceID
As a fallback, users can unlock their devices with a four digit code they chose when enabling. On older Android and iOS devices, ownCloud supports TouchID instead.
Federated Cloud Sharing
Share files and folders with users of other ownClouds. Fit for multinational deployment.
The Federated Cloud Sharing feature enables ownCloud users to easily and seamlessly share files and folders with users of other ownCloud instances and compatible file collaboration platforms across locations, organizations and jurisdictions.
Through the course of this file sharing process, each organization gets to maintain its individual control and security protocols.
How Federated Cloud Sharing works
Users simply enter a Federated Cloud ID (an address in the format username@owncloudserver.tld instead of a local username) to share files or folders with the other party, who can then edit those.
Federation can also be harnessed to connect branches of an organization that reside in different jursidictions and hence are subject to controls of data exports. In this case, each branch could run an ownCloud and federation share files and folders that are not subject to data export restrictions.
Administrators have the privilege to disable federated fileshare, while the owner of the file continues to retain control over the master file.
Simple, Straightforward Collaboration and Teamwork
If administrators register the ownCloud instances of partner organizations as trusted servers in their ownCloud and thereby exchange address books, users can even search for the people they want to share files with, with a local username, instead of needing to know their Federated Cloud ID.
With ownCloud 10.5, Federated Cloud Sharing has become even more seamless through a new background process that scans federated shares for updates on files and their metadata. It makes teamwork even more straightforward for those collaborating across different ownClouds.
Federated Cloud Sharing scales!
Federation allows your enterprise to scale without limitations across borders. At the same time, your sensitive data stays safe and secure in the datacenter of origin. What’s more – you can easily add more data hubs, distribute the workload across them, implement security models and allow users to collaborate across various data hubs.
File Drop Folders
Collect files in public upload-only folders. It is handy for bids, homework and feedback.
Receive data the safe and easy way with File Drop Folders
The Drop Folders feature enables users to make a folder available for write-only public access, meaning anyone can save into the folder, but without being able to see what’s inside.
The folder can be protected with a password as well as an expiry date, so users can restrict access either to a group of people who know the password or a certain time period or both.
File Drop Folders have no size limits, unlike email. ownCloud makes sure the files are safe to store and kept secure, courtesy of its Antivirus and File Firewall features. With Document Classification, files uploaded into Drop Folders can automatically be tagged and protected based on their content and other factors.
The folder and the files within can be shared with other users, including with Guest Users and as Public Links, just as any other folder in ownCloud.
File Lifecycle
Automatically archive and then delete files that are no longer needed, ensuring data protection compliance.
ownCloud helps to manage File Lifecycle by enabling organizations to automate rules-based archiving and deleting of files as required to meet a number of different policies and regulations.
The File Lifecycle Management App was designed to make it easy to manage the lifecycle of files by using policies to determine which files to archive and when, as well as when to delete the files from archive. In addition, it is also possible to determine whether recovery of deleted files should be made available.
How the File Lifecycle Management App works
It’s efficient and simple to manage files with the File Lifecycle Management App. The app helps to archive and retain files based on their upload date.
With the app, administrators can record the exact time at which each file was first created on the ownCloud server. Moreover, the app records audit events during archiving, recovery or deletion of data.
The File Lifecycle Management extension allows service providers to manage file lifecycle within ownCloud to:
GDPR and other policy compliance
File lifecycle management policies are customizable. Some files may only be kept as long as they are in active use, for example, because they contain personal data. Automated deletion ensures compliance with GDPR and protects enterprises from penalties arising from violations.
Other files might have to be kept longer, because organizations may be legally required to keep them on record for a certain duration of time.
Full user control and transparency
The app ensures that users have full control when they use it to manage the lifecycle of files. At any given time, users have access to a transparent overview of the lifecycle schedule for any file and can also have it emailed to them if needed. They can view the lifecycle set for a file and see when the file is scheduled for archiving. Moreover, the archive can be searched and information on archived files (for example, previous storage location) can be retrieved.
Permission to recover archived files can be granted to specific users or groups of users (for example, administrators), in order to provide a safety net for accidental deletion of files. All actions pertaining to a file are logged and can be audited by integrating it with the Auditing App. If needed, files can be shared in compliance with GDPR or similar legislations.
File Firewall
Avoid threats by inspecting access requests for admissibility.
The Files Firewall feature checks every access request against a list of rules and policies. It enables IT departments to e.g. restrict file access outside of corporate offices to certain user groups. It is also possible to disable access from certain high-risk countries to files with certain tags.
File Locking
Lock files to prevent conflicts while editing.
The File Lock Feature enables users to mark a file or folder as being worked on in the Web App, preventing others from editing them concurrently. The file or folder automatically unlocks after a set period of time that defaults to 30 minutes and a maximum of one day.
Please note that this is something different than Transactional File Locking, i.e, the mechanism that avoids file corruption during normal operation. It prevents simultaneous file saving as well as the renaming of a folder containing a file or folder that is in the process of being saved.
Full Text Search
Let users find their data and files quickly.
The regular ownCloud search in the web interface essentially only finds file names. Thanks to an integration with the powerful, scalable search engine Elasticsearch, admins can now offer a comprehensive full-text search function for ownCloud. Of course, all accruing data remains under full control without having to use external services.
When a user searches using the search bar in ownCloud, Elasticsearch returns results based on indexed files within ownCloud. The results return to the user, sorted by relevance, including shared files. In addition, the content in a text can also be used for the search. It is also possible to search results depending on authorizations of individual users.
Guest Users
Let select external contacts login to access select files and folders, speeding up coordination.
The Guest User feature empowers users to share files and folders with outside users identified by their email address. For repetitive contacts, e.g. with external contractors, this a handy alternative to Public Link sharing. It saves time: Once a Guest User is created, it is easy to share additional files with it.
It is safer, too, because file access can be audited. And for the Guest Users themselves, it is more convenient – they can use the ownCloud Apps and even open documents in the integrated office suite of your ownCloud. In contrast to users, guests do not have own storage space and can only work on files and folders that were shared with them.
Common and suitable applications of the Guest Users feature include graphic designers, outside counsel, consultants and schools, with the teachers as ownCloud users and the students as Guest Users.
iOS App
Let users access, share and edit their files and folders on the go.
The iOS app enables users to access and share their files and folders safely and comfortably on their iPhones and iPads.
The app supports multiple accounts for users of multiple ownClouds. It integrates nicely with Apple’s files app and can download files and folders for off-line use.
By way of optics, users can switch between system design, light mode, dark mode, and classic design.
The app can be configured to instantly upload photos and videos after they are created using the camera app.
Images and PDF files can be annotated and marked up right within the App.
Adapt ownCloud by installing helpful addons and features from the Marketplace.
The Market enables admins to quickly and easily extend the functionality of their ownCloud. The Market App connects an ownCloud instance to the Market.
Apps are published by community developers, partners and ownCloud itself. There are Community Apps and Enterprise Apps, with the latter only available to customers with a Enterprise Subscription.
Metrics App
Get an overview of your key performance indicators on a practical, clear platform.
The Metrics App provides an API for reporting snapshots of quantitative data about users, shares and quota usage in the JSON format. It also provides a dashboard for reviewing real-time data and the option to download real-time data in the CSV format.
As an important fact, only real-time data is retrieved via the secure API, historical or personal data is not collected. This can be done either manually, or automatically in regular intervals to accommodate tools like Splunk, the ELK stack and Prometheus/Grafana that can then aggregate the data over time and make it useful for various statistical analyses and visualization. This way, no third party is involved in analyzing your data, which can be done completely on-premises.
The App provides two kinds of data: System data and per-user data.
System data includes information about the storage available, used and free, and the number of files. It lists the number of users registered, active and logged in. It also includes the number of user shares, group shares, guest shares, link shares and federated shares.
Per-user data lists the last login, the number of active sessions, the quota limit and usage, the number of files and the number of shares the user has created, itemized into user shares, group shares, guest shares, link shares and federated shares.
The report in JSON format can be filtered down to only include data that is needed.
Microsoft 365 Integration
Collaborate in a GDPR-compliant way in a familiar environment.
Key advantages of Microsoft 365 integration:
The US Cloud Act demands that Office documents stored on a server of a US-registered server like Microsoft via Sharepoint or OneDrive need to be made available to the US government agencies as and when needed.
The Microsoft 365 integration was introduced to eliminate compliance issues arising out of the incompatibility between the US law (Cloud Act) and European law (GDPR), and to ensure that users can finally use Microsoft Office 365 while remaining GDPR compliant.
This is possible by storing the files on ownCloud and transfering them to a Microsoft Office 365 Online app only for viewing or editing purposes, at the end of which the files travel back to ownCloud storage.
Microsoft Teams Integration
With the extension for Microsoft Teams, organizations can make their ownCloud accessible as a tab directly in Teams.
By integrating ownCloud with Microsoft Teams, a seamless connection between the two programs is enabled, providing easier handling and better security.
With a simple button in the Microsoft Teams app, data can be quickly accessed in ownCloud. Furthermore, files can be shared more quickly with colleagues from teams and worked on together.
The integration of ownCloud is made possible by the AppConnector, which guides the user through a few simple steps to complete integration in Microsoft Teams.
Mouse and Keyboard on iOS
The ownCloud App gives iPad users extra features to make their tablet of full desktop replacement.
If you use ownCloud on an iPad, you can control it comfortably from an attached keyboard. The app supports a host of shortcut commands. To complete the desktop replacement experience, the app supports pointing devices like Bluetooth mice on iPads.
Multi-Factor Authentication
Ask for two or more factors for login, such as passwords, one-time codes and biometrical data.
Multi-factor Auth, whether it is 2-Factor (2FA) or MFA, increases security by making it significantly harder for attackers to gain access using the identity of one of your legitimate users.
ownCloud supports time-based one-time passwords (TOTP) as well as biometric locks. The Enterprise Edition also integrates with SAML2-compatible identity providers like Shibboleth, Microsoft ADFS and privacyIDEA.
Lets users access, author, share and collaboratively edit office files directly from the ownCloud frontend in real time.
The ONLYOFFICE application is a powerful, user-friendly and reliable tool that empowers users to access, author, share and collaboratively edit Microsoft Office files directly from the ownCloud frontend in real time.
By integrating ownCloud with ONLYOFFICE, users are able to view changes made to files in real time, access the latest versions of files and thus completely eliminate the problem of version conflict that often arises when working independently on documents.
Benefits of the ONLYOFFICE integration at a glance:
OAuth2
Enhancing security through the open standard for access delegation.
Use OAuth2 to safely authorize access to your data
ownCloud uses OAuth, the open industry-standard protocol for secure authorization of clients. It greatly enhances security while facilitating the integration of third-party apps or web services. It connects the ownCloud Clients (Desktop, Android, iOS)
Its standardized and secure authorization flow means that users don’t ever have to enter or store their credentials in the Desktop and Mobile Apps. Rather, there are access tokens specific to the clients used so that user sessions can selectively be revoked. This also provides a user authorization interface for developers to stwiftly integrate ownCloud into their applications.
OpenID Connect
Delegate user authentication and client authorization to an Identity Provider using the open standard.
Digital Identity and Access Management is of utmost importance for any organization’s security. In managing the identities of people, it defines who makes up that organization. By governing who can access what data in which way, and by authenticating them, it both reflects and creates the outline of an organization. It deals with the roles and capabilities people have in regards to an organization.
Delegating Identity and Authentication
Identity and authentication is also a field in which organizations tend to have custom requirements and particular needs. This is why ownCloud does not try to hustle organizations towards a certain solution but rather provides an open standard interface for full flexibility.
Organizations that want to use ownCloud have virtually free choice among the range of Identity Providers that support the OpenID Connect authentication standard.
Whether organizations prefer a conventional LDAP-based Identity Management or Microsoft’s cloud-based Azure AD, Keycloak or Ping Federate, an Identity-as-a-Service like cidaas or an on-premises open source Identity Provider like Kopano Konnect – ownCloud is up for it.
Leveraging OpenID Connect for authentication also brings Single Sign-on capabilities – one set of credentials can be used for all other compatible applications, too.
How it works
To log in with any client like for example the ownCloud App, users authenticate in their browser against the Identity Provider. If successful, the Identity Provider issues the client with a token to allow access. This way, the ownCloud Client or App never even encounters a user’s credentials, reducing attack surface.
What exactly a user needs to present to an Identity Provider to gain access is strictly the Identity Providers’ business. Whether this is just a password, an additional factor like a one-time code or a fingerprint or even a hardware authentication key. This opens up a lot of possibilities for organizations.
Also, those client tokens can be revoked or expired, even programmatically, e.g. on leaving the company network or when encountering suspicious behaviour.
All of this gives organizations plenty of flexibility to define and execute security according to their needs. They can, for instance, restrict access to their ownCloud to office networks, except for management, except when travelling in certain countries. That same Identity Provider may still allow staff to access other services like email from outside the office, but restrict this access to workdays and a certain time window.
Outlook Plugin
Automagically turn Outlook attachments into secure links. Without file size limits.
The Outlook Plugin feature empowers users to send emails just as they are used to while complying to state-of-the-art security protocols that discourage or even outright ban attachments.
With the ownCloud Outlook Plugin, users can attach files of unlimited size because they don’t really send as attachments. Also, it limits the growth of the organization’s email server.
Since malicious email attachments are one of the most common attack vectors, emails are safer and more probable to be delivered if they contain a link to a file instead of an attachment.
The ownCloud plugin for Microsoft Outlook makes this very easy: just attach any file to an email and hit send, the file will be safely stored in your ownCloud, detached from your email and replaced by a link to the same file in your ownCloud.
You can (and are strongly encouraged to) use a password or an expiry date or both for sending a file. This means your files remain safer then when sent attached to an email, because unintended recipients cannot just open the attachment but need to access a file in your organization’s ownCloud where they need to know a password and the link might well be expired by the time unintended recipients get a hold of your email.
Public Link Sharing
Share files and folders with outside contacts, protected by passwords and expiry dates.
Public sharing links enable users to share files or folders with contacts outside their organization quickly and easily.
Protect links with passwords and expiration dates – and even create multiple links to the same file or folder with different passwords or expiry dates or both.
There are no size limits for Public Sharing Links because there are no file or folder size limits in ownCloud.
iOS Markup
Annotate and mark up PDFs and images in the iOS App for colorful productivity on the go.
The Markup Feature in the iOS App enables users to quickly and easily annotate, highlight, skribble, draw on images and PDF files.
While on the go, they can easily add notes to a speech drafts, point out tasks on photos or even sign documents.
Just click on the three-dot menu icon to the right of the relevant file and click “Markup”. Then, you can edit it with strokes and brushes as you see fit and either save it as a copy of the respective file or replace the original scan.
As a premium feature, iOS Markup comes with the Enterprise Edition, the ownCloud.online Subscription and can separately be bough as an In-App-Purchase.
Ransomware Protection
Prevent unrecoverable data loss. Block infected systems from uploading and restore affected data.
The Ransomware Protection App empowers organizations to weather one of the most ugly and consequential types of malware through a two-step approach. It prevents data loss by blocking sync uploads from clients that are recognized as infected. It also retains previous versions of data to roll back to.
The app helps admins detect and prevent attacks and, if push comes to shove, enables them to revert to the status quo ante, reducing the risk from ransomware to a minimum.
True Secure View
Let users safely distribute confidential documents with maximum control.
The Secure View feature lets users share confidential documents while restricting the actions available to recipients to prevent abuse.
It is a made available through the integration of ownCloud with Collabora. If enabled, users can set limitations on files and folders like preventing copying, downloading and editing. The documents shared in this way never leave the server, rather, Collabra streams the view to the browser, so there is no way for the recipients to extract the original document. Files are watermarked for printing and exporting to PDF for deterrence and traceability, if printing and exporting to PDF are allowed.
The feature reduces the pain involved in granting select contacts access to view confidential documents, think virtual data rooms for M&A due diligence.
Single Sign On
Manage user access through OpenID Connect atop OAuth2.
SSO helps organizations to avoid duplicate efforts in user management. In harnessing OpenID Connect, ownCloud enables organizations to authenticate and authorize users with tokens based on existing user management data – without ever entering credentials in clients.
Splunk Integration
The Splunk integration provides detailed analysis for auditing files, logins and actions of users and administrators.
The ownCloud integration for Splunk provides a highly visual audit log dashboard that puts CI(S)Os firmly in control of data flows, so they can quickly and efficiently spot potential compliance issues as they arise.
For detailed audits, there are out-of-the-box dashboards for auditing files, logins and actions of users and admins. With fine-grained and flexible filters to narrow things down, the ownCloud integration for Splunk facilitates the tracing and investigating of actions in a lucid and clear graphical user interface – instead of poring over a long, technical log file.
The integration consists of an app and an add-on, both available in Splunkbase. Between the two, the app and the add-on, Splunk is configured to retrieve log, audit and metrics data from the ownCloud Metrics API, technically and the ownCloud Enterprise Audit App. Splunk uses this data to provide dashboards, reports, visualizations, filterable views and alerts for specific events.
Storage API
Create scalable custom integrations for external storage backends. Even for tape drives.
The ownCloud Custom Storage Backend API allows for integration of virtually any storage. It thereby makes access to borderline ancient storage media practical again. And it allows organizations to choose the most cost-effective means of storing data, depending on retrieval frequency, cost and other requirements.
Theming
Make staff feel at home by theming the Web App, Desktop Clients and Mobile Apps.
The ownBrander feature lets organizations with a Enterprise Subscription theme the Desktop and Mobile Apps as well as the Web App to reflect their corporate identity.
Unlimited File Size
ownCloud can handle any file you throw at it.
Due to its architecture, ownCloud enables users to store and share files of any sizes. Actually, since the Desktop App version 2.7, ownCloud can handle files of up to 8 Exabytes, which is an 8 with 18 Zeros. Local restrictions like user quotas, the server configuration or the maximum file size supported by browsers and other software might still apply.
Depending on the particular needs of an organization, some configuration might be necessary and as explained in the admin manual.
Virtual File System
Let users sync virtual files, saving on storage and bandwidth.
Save on bandwidth and storage by enabling Virtual Files
With the virtual file system enabled, your ownCloud Desktop Client only transfers files to your hard drive if and when they are being used. Until then, they exist locally as placeholders only. They can, however, be shared directly from within the file manager and be opened like regular files – they then just need a moment longer to open since the file is downloaded first.
Users can activate the virtual file system feature in their desktop clients. They can then, in their native file manager, choose which folders and files to sync just virtually or in full, e.g. depending on how often they plan to work on them. On windows, users can run the ‚free up space‘ command to remove files synced through ownCloud and replace them with virtual ones.
On windows, the placeholders also reflect the size and file type of the original file. On macOS and linux, the virtual file system are available as an experimental feature. There, virtual files all have a size of 1 byte and the file extension .owncloud, making size estimation and file association with local software harder. Our team members nevertheless uses this feature merrily and fruitfully on their Macs and a bunch of Linux machines.
Web App
Let users work in any common browser, reducing platform dependency even further.
The Web interface empowers users to use work on their files without having to install any dedicated client software. Whether having just started working, being on the go or preferring to keep it light and simple – there are many reasons to want to work just in the browser.
With ownCloud, your staff does not have to sacrifice much except local file copies. With compatible browsers like Firefox and Chromium available for most devices, the ownCloud Web Interface further boosts platform independence.
WebDAV Integration
Let users integrate ownCloud into their devices mounting them as network folders.
The WebDAV HTTP Extension enables users to integrate their ownCloud into their file manager as a network folder using the WebDAV API.
In our user manual, we provide tangible advice for how to integrate ownCloud using WebDAV on a host of different file managers on Windows, macOS and Linux.
Windows Network Drive Integration
Integrate your file server (WND, SMB or Samba) into ownCloud without a VPN.
Swiftly connect ownCloud and your file server
Let remote workers sync files from your organization’s file server without a VPN. Share files on your file server ad-hoc with external contacts. It is easy when leveraging ownCloud as the file access platform for your existing storage, whether WND, SMB or Samba.
A lot of organizations operate a complex, organically grown IT infrastructure. When modernizing, they all face the same question: What to do with those legacy data silos? With ownCloud Enterprise, organizations can just integrate legacy silos like Windows Network Drives as external storage.
Make WNDs accessible for teamwork with Collaborative SMB
As of version 2.0 of the ownCloud Enterprise WND App, released in late March 2021, we introduce a technique we call collaborative SMB. Through an advanced mounting mechanism, it overcomes some of SMBs conventional limitations. It gives any file and folder a unique file ID that is the same for every user with matching access permissions. This means users can finally work remotely as a team on WND/SMB storage!
It’s just as seamless and easy as in consumer-grade public cloud services. But it all happens within a tight enterprise-grade framework that ensures security, accountability, and compliance. Users can leverage their favorite browser-based office suite – whether that is Collabora, Onlyoffice or Microsoft Office Online.
With collaborative SMB, ownCloud Enterprise now also supports other forms of collaborative work on WND/SMB storage. Comments right on a file or folder foster real collaboration because they can often replace lengthy and time-consuming email threads. Being able to tag files on WND/SMB storage makes file discovery that much easier and lets ownCloud apply existing rules and policies that are triggered by tags.
Users can now also lock files on WND/SMB storage while editing them, reducing the risk for file conflicts. ownCloud’s Activity Stream and optional Activity mails now also reflect changes made to files on WND/SMB storage. The Versions app reflects those changes now also, creating backup copies according to the Version app configuration.
The WND App enables administrators to attach existing network drives to ownCloud and assign specific network drives to groups or users. To determine permissions, ownCloud can either use file attributes (e.g. read-only and hidden) or the Windows Network Drive ACLs in connection with the LDAP user and group permissions.
To check integrated shares for changes, the ownCloud Enterprise WND App includes a listener. It marks changed files, and a background job updates the file metadata. The WND App then actively sends notifications to ownCloud about changes, deletions and new Files in its integrated network shares so synced files are always up-to-date.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved
