Ytria signEZ is typically used by organizations as a solution for signing ID delegation (although some individuals use it just for its switch ID capabilities).
Listed below are some things for an administrator to keep in mind when setting up signEZ for use with multiple users:
1) We recommend that you store the signEZ database on a server.
The signEZ database, which is an integral part of signEZ, is a Lotus Notes database. This means that when it is stored on a server an administrator has a great deal of control over the use of signEZ through the signEZ database's ACL settings.
2) You can use as many signEZ databases as you want.
Just go to www.ytria.com/download and download the signEZ database template. And as mentioned above, the signEZ database is a Notes database, so you can create replicas as you see fit. signEZ main screen offers a Open Current signEZ database option to quickly access the active database. There is also a Link to another signEZ database option for switching databases.
3) You can use a signEZ database or any other Notes database for keeping logs on signEZ usage.
You can enable logging and choose where to write the logs in the signEZ Settings tab. Logs can track both auditing and signing operations. Please note that any Notes database may be used for writing logs (we recommend using a signEZ database template because it already contains a view for logs) and it is possible to use more than one log database (perhaps with different ACL settings).
4) There are certain instances where cross-certification may be needed for an end-user to properly complete signing with a Stored ID.
Please refer to this page for information on cross-certification in signEZ.
5) Storing signing IDs and delegating limited access to them is a straightforward process, but there are a few things to bear in mind:
- An administrator must have access to the ID file and password for any signing ID they wish to store. When you store a new ID you'll be prompted to enter both the Stored ID's and your own password.
- When an administrator creates a new Stored ID, he-or-she is by default the only person who can delete it or edit its settings. Once you create a Stored ID, you can add other administrators' names in the User Info tab of the Stored ID Information dialog.
- When delegating access to a Stored ID, remember that the User Authorized tab is a Lotus Notes Readers field. This means that, aside from individual names, an administrator has the leeway to add groups or roles where he-or-she sees fit.
- An administrator can specify where a Stored ID may be used with the Databases tab. Both ? and * wildcards can be used here.
- You can choose to Force a Log on Stored ID usage. These logs may be written to any Notes database (though we recommend you download and use a signEZ database template because it already contains a log view).
6) The signEZ database's ACL should be set with care.
The table below shows the minimum ACL settings necessary to fulfill various tasks with signEZ involving: the signEZ database; the Log database; and the target database (ie the database being signed).
Minimum ACL settings in signEZ
|Database||Administrator minimum access||End-user (the person using a Stored/Other ID) minimum access||Stored/Other ID minimum access|
(a container for saved settings and Stored IDs)
(Author access needed for creating or editing saved settings documents)
(you can use your signEZ database as your Log database or use a separate database)
|None necessary||None necessary||Author|
(ie the database being signed)
|None necessary||Reader if launched from Ytria toolbar,|
None if launched from the signEZ database
Manager if you need to sign the ACL note. See 'Note 2' below.
The access settings above are minimums. You can always use more relaxed ACL settings where appropriate.
The ACL Note is not listed in the signEZ Design Elements tab unless you choose to display it via the Options menu. If an end-user has less than Manager access, the Include ACL Note option will be grayed-out. Visit the link below for more on the Design Elements tab:
7) You can customize signEZ to fit your needs by making use of its extensive command line features. Please refer to this page for detailed command line information.
8) Administrators can 'force' a particular database to be a users' default signEZ database through the Special Installation Settings found in the database's Actions menu (Actions>Ytria Support>Special Installation Settings). The Special Installation Instructions dialog has a checkbox for the Force this current database to be set as the current signEZ database option. When an end-user installs or re-installs from a database with this option enabled, the current database will be written to the "YtriaSignEZDatabasePath" notes.ini entry. If the user had already had another database set as the current signEZ database, this option will overwrite it.