How to Add Email Sender's to the CC on ExCM Invitations

Chances are if you are younger than 30 you might not know

Carbon Paper

what the CC or BCC options in your email stand for? We all know that the CC and BCC are used to copy or blind copy additional email recipients, but what does that extra C stand for? The answer is "Carbon" or Carbon Copy. The term is borrowed from the days of the mechanical and later the electronic typewriter (circa 1879-1979). Way back before email or for that matter even copiers, it was an industry standard to make additional copies of important documents using carbon paper to transfer images for multiple copies. Today, the term courtesy copy is sometimes used instead, but boy have we come a long way! Not many of us could even imagine manually writing out a document and then to save time using carbon paper to make additional copies. My hand hurts just typing this out, and can you imagine the security risks if that piece of carbon paper got into the wrong hands?

Because ExCM was created to provide the most security possible to prevent users or organizations from obtaining personal, private and company information about their competitors, there are limits to the information a Site Sponsor or Administrator has access to. While a Site Sponsor can be given many permissions to manage users that they have added or invited to a site, they are not normally given access to certain lists like Invitations. This is designed to prevent them from viewing invitations from other Site Sponsors or Administrators. With all this said, how can a Site Sponsor or Administrator keep track of the invitations they have sent out to new users and prevent sending out multiple invitations to the same user or overlooking a user they needed to invite to their site?

ExCM’s NEW Email Sender CC feature is the answer! With the Email Sender option, an Administrator has the ability to make sure that every invitation email also CC’s the sender so that the sender has the notification they need to better manage who has been invited and who needs to be invited to the site.

Here are the instructions for setting this up for your site collection.

Browse to your site collection and then to Extranet Management/ Registration Settings:

Next click the Invitations registration settings:

Next, you will check the CC Email Sender option and then click Save:

Now when an FBA (Forms Based Account) user or AD (Active Directory) user sends out invitations, they will automatically be added as a CC on the invitation email.

Note: The “From” portion of the email will continue to show the SharePoint system email for the organization.

Warning: If you have FBA or AD users that are not automatically added to the CC on the email, you will need to make sure they are in the SharePoint UIL (User Information List) correctly.

For FBA users you will need to re-invite the user to the site collection. After they resubmit the updated registration form for current users, the registration receiver will update the UIL and they will be added to the invitation CC for any future emails the FBA user will send out.

For AD users you will need to make sure their email address is visible in the Active Directory Users Email option per the screenshot provided. Once the email has been added it might take several minutes for the directory to update. Once it has updated the AD user should also receive the CC email on any future invitations that the AD user sends out.

©2019 PremierPoint Solutions. All Rights Reserved. 

Removing the Intranet-related Share and Follow UI Elements from Extranet Sites

SharePoint is a platform that has been enhanced over the years to support a broad range of use cases. Organizations can use SharePoint to build Intranet type web applications, Public-facing WWW sites, Extranet type web applications, Business Intelligence solutions, and more.

Not all of the out-of-the-box features of SharePoint are intended to be used in every use case. For Extranet use cases, there are several user interface (UI) elements and features that are primarily intended for Intranet use cases and therefore we recommend removing them from your Extranet web applications.

The Intranet-intended features that we recommend that you remove from your extranet web applications are:

·        Links to Newsfeed, OneDrive, and Sites

·        User Profile Service

·        Link for Sharing and Following

Below are instructions for removing the Share and Follow UI elements from your extranet sites. 

Removing the Share Icon from Extranet Sites and Pages

In an extranet scenario, external users are typically "invited" to join a site using ExCM's "Invite Users" feature, rather than using SharePoint's "Share" feature:

The ExCM Invite Users feature is much more robust than SharePoint's Share feature in that it sends out an invitation to an external user that invites them to register for the extranet site using your company's pre-designed registration form.  Also, the invitation is recorded in a SharePoint List in the site as well as the registration, once they register.

So, to keep end users from becoming confused, it is recommended to follow these steps to remove the Share icon from your extranet sites:

Important Note:  The following procedure needs to be done at the site-level.  SharePoint does not provide a way via the GUI to make this change at the Site Collection or Web Application level.

Navigate to Site Settings > Site permissions:

In the Permissions tab click on Access Request Settings:

Uncheck the box next to "Allow access requests" and then click OK:

Now, log in to the site as a non-owner, and you should see that the Share icon has disappeared:

Important Note:  Any user that is in the SharePoint Owner's group for the site will still see the Share icon.  It will only disappear for non-owners, such as your external users.

Removing the Follow Icon from Extranet Sites and Pages

Important Note:  The following procedure needs to be done at the site-level.  SharePoint does not provide a way via the GUI to make this change at the Site Collection or Web Application level.

To remove the Follow Icon:

Navigate to Site Settings > Manage Site Features:

Find the "Following Content" feature and deactivate it:

You will get a warning about deactivating the feature.  Go ahead and click Deactivate this feature:

You should now see that the Follow icon has disappeared from the page:

©2019 PremierPoint Solutions. All Rights Reserved. 

Changing the Forgot Password Option from a Question and Answer to an Email Option

We often hear about high-level security breaches where hundreds of thousands of user and company information has been hacked and stolen. Most of the time, this only leads to finger-pointing and more paperwork than anyone has the time to chase down. We know that Extranet Collaboration Manager (ExCM) is just one part of your companies’ best practices for securing your external collaboration and maintaining a secure company and employee environment. We also know that sometimes the small things a company does can make the biggest difference when it comes to security and manpower.

Case in point, many businesses utilize the well-known question and answer method when a user forgets their password. We have all seen and used this method. The normal scenario is where you have set up two to three security questions when you sign up for your account, and in the event that you forget your password, you have to answer one of these questions to proceed with the password change or the account recovery process.

But how secure are the questions and answers? How easy is it for someone to use the internet and social media to hunt down the answers to any one of the questions? Think about it: would it be that hard to find out your mom’s maiden name, your high school mascot or what city you were born in? While it is true that the questions that are being asked could be much more difficult, remember these businesses are dealing with users who on average have over 100 passwords when you add all their work, financial and personal accounts together. The average company does not have the resources to help customers who have forgotten their passwords much less the security question answers that were initially set up to be easy.

*More information on password and security statistics can be found here.

https://www.varonis.com/blog/cybersecurity-statistics/

So, where does this leave the businesses of today? What other alternatives or tools do they have at their disposal to maintain security and make the retrieval of passwords or the resetting of passwords seamless and still self-service?

What if, instead of the question and answer retrieval process, your company utilized something simpler that most of your customers already use, like their email address? How could this make things easier for the user and your company? We know that most people have at least one email account that is unique. We know that, in most cases, he or she is the only user of that unique email address. Then it would make sense that if we sent the user a link to their email address with options for changing or recovering their password, it should help in that they would not have to remember the questions and answers and the business would not have to store and maintain this information. The user’s security and self-service rest in their ability to remember their email information.

So, your next question might be: “How do I make the password email recovery option possible in ExCM?”

When using ExCM you can disable the extranet user password question and turn on the email option by making the changes below to the web app web.config file:

1.   In the <membership /> section of the web.congif file, the <add /> tag must have the requriesQuestionAndAnswer attribute set from ‘True’ to 'False'.

2.   In the <extranet /> section of the web.config file, the <membershipSettings /> tag must have the passwordResetTemplate attribute set from “SetNewPassword” to "EmailGeneratedPassword".

After making these changes to the web.config file, this should remove the password security question from the registration and add extranet users’ pages. This only needs to be applied to the web.cofig file of your content site.

Below you will find the expected changes that users will experience, once the password reset has been changed from the question and answer to the email setting.

After the user clicks the “Forgot your password?” link the “Reset My Password” page will ask for the user’s email address, then they will need to click Next.

Once the system has confirmed the user’s “Username” they will click Finish.

The next screen will confirm that the “Password Changed Successfully”.

Next, the user will receive an automated email with a temporary password.

Next, the user can return to the “Password Changed Successfully” page and then click “Continue to login”.

At the Sign In page the user will need to use the new temporary password from your email and click Sign In.

NOTE: The temporary password is case and character sensitive and can be copied and pasted.

Once the user is signed in, they will need to select the drop-down button next to the username, and then select “Change My Password”.

Within the “Change My Password” page the user will need to use the temporary password, then create a new password using the green strength bar as a gauge for a secure password. Next, the user will need to confirm the new password, and then click Finish. At this point the user will stay logged in and will use the newly created password the next time they log in.

©2019 PremierPoint Solutions. All Rights Reserved.