Introduction to the Settings
Settings menu allows you to configure different parts of the Teramind Dashboard, Agent, Security, Active Directory Integration etc. Note that, most of the settings on the Settings screen are applicable to the On-Premise / Private Cloud (AWS, Azure etc.) deployments. Except for: Agent defaults, Alerts, Security and Localization; these are available on all deployment options.
|Please follow the On-Premise Deployment Guide, AWS Deployment Guide or the Azure Deployment Guide to learn how to deploy and setup Teramind on-premise/private cloud servers.|
Accessing the Settings Menu
- Click the Gear icon near the top-right corner of the Teramind Dashboard.
- Click Settings underneath the pop-up menu.
Finding Information About Your Deployment
- On the Settings screen, click the About tab.
- You will see some details for your Teramind deployment including the hardware key, license key, license entitlements (no of endpoint/terminal servers), solution and license expiration date.
Server Updates and License Key
Updating Your Teramind On-Premise Server
To update your on-premise server, download the latest server image from the Self-Hosted portal at https://www.teramind.co/portal/download. Scroll to Step 2. Download Packages. Download the Teramind Update file (with a TMU extension) by clicking the download button. Then do the following:
- Click the About tab on the Settings screen.
- Click the Update Teramind link to expand it.
- Click the Select update file button and select the TMU file you downloaded from the Self-Hosted portal.
- Click the Update button. Depending on your deployment, Teramind will update the server in few minutes.
Changing the License Key
If for any reasons, you wanted to change the license key (i.e. you upgraded from a trial to a paid account), you can do that from the About tab.
- On the Setting screen’s About tab, enter your license key in the LICENSE KEY field located under the About the deployment section and then click the Change button. Once done, the system will display the updated entitlements for your license key.
- The ability to report based on OU’s
- The ability to apply rules to OU’s and/or groups
- The ability to remote install to computers based on name, or AD group membership
- The ability to use Teramind only on a specific group
- The ability to exclude a group from being monitored
- The ability to log into dashboard via domain authentication
From the Settings screen’s Active Directory tab, you can setup Active Directory synchronization:
- Populate the LDAP server, port, encryption etc.
- Click NEXT: FETCH ATTRIBUTES.
- As soon as fetching is done, choose the attributes, OUs, monitored and non-monitored groups.
- Click the SAVE SETTINGS & IMPORT button to initiate the import process. You might have to wait for a little while (couple of minutes depending on AD object count and hierarchy). Once the import is done, refresh the page to view the changes.
|After you have set up Active Directory, go to the Settings > Security tab to enable domain authentication for the Teramind Dashboard.|
This tab allows you to change the default settings for the Teramind Agent.
- You can change the currency used.
- You can assign a default task for employees when they start their shift (this is applicable if the employee is using the Hidden Agent). Restart the user machine(s) after changing the default task for it to take affect.
- If ENABLE MONITORING FOR NEW AGENT… is turned on and your license allows it, new agent installations will have monitoring enabled by default. If disabled, new agent installations will not be monitored until you activate them from the dashboard.
- Enable WEB LOGIN… if you want your users to be able to log into the dashboard to see their own work stats, enable this option.
Alerts tab allows you to define how rule violation messages will be displayed to the users. It’s a good idea to customize your alert messages so that they are visually distinctive and match with you company’s branding.
- You can use the HTML template by default for all rules.
- You can customize the look and feel of your message box by editing the HTML in the CUSTOM USER ALERT HTML field. There are a few dynamic variables such as ALERT, DETAILS you can use in your message. In addition, the alert can have buttons like: OK, CANCEL. You can also include base64-encoded images in your HTML. This is great for displaying icons or logos.
- You can preview how the alert will look by clicking the PREVIEW button.
- SCREEN LOCATION defines where the alert will be displayed (i.e. Center, Top-Left etc.).
- WIDTH changes the width of the alert box.
- HEIGHT changes the height of the alert box.
- ALERT EMAIL LIMIT defines the threshold where the system will group the alerts into a single email. The system will send this many identical alert emails, and then it will group them together into an email digest. If set to 0, it will send each alert individually.
- USER ALERT THRESHOLD applies to rules with a Warn or Block action. The threshold sets the minimum time, in seconds, to wait between alerts that the user sees. If set to 0, users will see all alerts they violate, regardless of the frequency.
- LOG ALERT THRESHOLD sets the minimum time, in seconds, to wait between logging alerts to the Teramind system. If set to 0, it will not limit the number of alerts that are logged.
- MAXIMUM DAILY ALERTS COUNT limits the total number of alerts which get logged by Teramind on a daily basis per alert type.
- You can build rules in Teramind to set a user’s task based on their activity. RULE TASK SELECTION ACTION TIMEOUT (SECONDS) defines the time out when switching tasks. If the user switches activity and remains in the new activity for the defined seconds, the rule will be re-evaluated.
You can customize the appearance of the dashboard login screen to match with your company’s branding or user preference.
- Use a LOGO IMAGE for uploading a logo image. Suggested resolution is 190×54 pixels.
- Use a BACKGROUND IMAGE for uploading background image. Suggested resolution is 1400×933 pixels.
- You can also change the LOGIN BUTTON COLOR by specifying a color in HTML/Hex format.
It’s best practice to give your Teramind server a DNS entry. This way you can click on links in the email alerts, use your own SSL certificates, and enjoy other benefits as well.
- Enter a hostname such as dashboard.teramind.co.
Teramind strongly recommends proper configuration of SSL in order to avoid browser warnings and restrictions. Some browsers will not allow websockets communications if the certificates are invalid. This may prevent you from watching live screens or record them.
For convenience, Teramind comes pre-shipped with an SSL certificate that’s valid for the hostname onsite.teramind.io.
|To learn how to generate your own self-signed certificates, check out this article.|
If you wish to proceed without implementing your own certificates, you should add a line to your local hosts file and then access Teramind by browsing to https://onsite.teramind.io. You can do this by editing
C:\Windows\System32\Drivers\Etc\hosts as Administrator and appending the following line to the file:
xxx.xxx.xxx.xxx is the IP you assigned to your Teramind Virtual Machine.
In the long run, you should deploy your organization’s SSL certificates within Teramind, and add a DNS entry in your corporate name server for your Teramind implementation.
|Note that all certificates should be in the PEM format.|
Here’s how you should setup the SSL:
- Upload your server’s Private Key (usually a .key file), Public Key (usually a .crt file), Intermedia Key (a concatenated list of CA certificates that validates your server certificate) and the Root CA Key.
- Click the VALIDATE KEYS button. After you’re done, please access Teramind via the new hostname. You’ll be asked to log-in again.
Teramind processes large volumes of confidential and private data, so it’s a best practice to lock down access to the dashboard as much as possible.
- If you enable the FORCE USERS TO LOG IN USING 2-FACTOR AUTHENTICATION option, next time administrators log in they will be forced to enable 2FA before being given access to their dashboard. Teramind supports 2FA apps like Google Authenticator or Authy. Check out this article to learn how to set up 2FA for a user.
- Enabling the BASIC USER/PASSWORD AUTHENTICATION option will allow you to authenticate to the dashboard using the user-password credentials you created in Teramind. Check out this article to learn how to create/change password for a user.
- If you have successfully set up Active Directory integration, you may want to use your domain credentials to login. In such a case, you can turn on the LDAP AUTHENTICATION option. Check out the Active Directory section to learn more about AD setup.
- SINGLE-SIGN-ON AUTHENTICATION option allows you to authenticate to the dashboard using a Single Sign On (SSO) service such as Okta, One Login etc. via SAML2 protocol. Newly generated users will still need to set password in order to make further changes to account or login using Teramind revealed agent. Enabling the SSO option will reveal several options which you can use to configure the SSO integration. You will also see an AUTO REGISTER NEW AGENT option. If enabled, this will let you specify default options for newly registered users/agents on SSO. Check out this Knowledge Base article for details on these settings and step by step instructions on setting up a SSO integration.
- The ALLOWED IP TO LOGIN option lets you specify which IP addresses are allowed to login to the dashboard. If you use this option, only the users with allowed IPs will be given access to the dashboard.
Agent Removal Protection
You can optionally install the Teramind Hidden Agent in protected mode to make it more difficult for unauthorized users and administrators to remove it. If you do this, you should set the uninstall password so that you can remove the agent when you wish.
- Enter a password to protect the Agent uninstallation.
Outgoing Exported Data
By default, Teramind allows you to export reports, video recordings and other data to any email address. But you can change the settings to restrict export to certain domain only.
- Enter a domain address to restrict export emails to that domain only.
Teramind can be deployed as a cluster of servers to handle a large number of users. If you can see this setting on your dashboard, then it means you are on a Master node. Additional nodes (such as the OCR database and screen mining nodes) may connect and want to join this cluster. Here you can configure which nodes you want to accept into the cluster, and what their function should be.
- You can enable/disable multi-node deployments with the ENABLE MULTI-NODE DEPLOYMENT toggle button. It’s necessary to keep it turned on if you have more than one Teramind servers.
- Turn SSH access on or off with the ENABLE SSH ACCESS toggle button. SSH is needed for remote login and configuration of Teramind servers, especially, during the deployment phase.
- Managers and administrators will be able to access the Teramind dashboard on the MANAGEMENT INTERFACE PORT. Make sure the port is available before using it.
- Teramind Agent will query this LOAD BALANCER PORT instead of the default 443 when looking for a Teramind server to connect to. If you change it something other than 443, you will need to use the TMROUTER parameter when installing the Teramind Agent. For example:
c:\msiexec /i teramind_agent_x64_s.msi TMROUTER=220.127.116.11:xxx /qn
xxxis the load balancer port.
Approving / Removing OCR Nodes
If you have setup an OCR database node or an OCR mining node, you will see the nodes displayed under the Nodes section on the Server Management tab. Please consult the relevant deployment guide to learn how to setup the OCR nodes. You can find the deployment guides on the Knowledge Base’s home screen.
- Click the REMOVE button to cancel approval (un-approve) for a previously approved node.
- Click the FORGET button to completely delete a node. For example, if you deleted a Virtual Machine used by an OCR node, you can delete the node from here.
- Click the APPROVE button to approve any pending node connection requests.
Teramind uses the SMTP email standard to send notifications, deliver scheduled reports and other communications purposes. You can specify your SMTP server configuration here so that Teramind can access it properly.
- Provide details for the server, encryption, port, username, email and password. Consult your email server’s settings for the SMTP configuration or contact your email provider.
- Click the SAVE button.
- Test your settings by having Teramind attempt to send you an email using the configuration you specified.
System Health tab gives you a quick snapshot of the current status of the server load, storage condition and session mining (OCR process) status.
- The System load section shows the TOTAL NUMBER OF CORES the CPU has, 5-MINUTE LOAD AVERAGE (%) and MEMORY USAGE status.
- The Storage section shows the PRIMARY VOLUME USAGE and the RECORDING VOLUME USAGE information. Primary volume typically contains the Teramind database and the recording volume contains the screen recordings. You can always adjust your usage by tweaking your screen recording settings and retention policies. Check out the Editing Screen Settings section to learn more. You can also use MINIMUM SPACE THRESHOLD setting to tell Teramind to stop recording when reaching this minimum space threshold (in MB).
- The Session mining stats shows the OCR processing status. ISM DELTA = number of records not processed yet, ISM DAY DELTA = number of days not processed yet; and the ISM SCORE = overall performance of the session mining process.
Localization tab allows you to change the time and language settings.
- You can change the TIMEZONE you want to use.
- Use the NTP SERVER to specify a time server. Teramind will automatically sync the clock with the server. You can select a generic server like clock.isc.org if your deployment has internet connectivity. Note that, for the best result make sure all your monitored endpoints and the Teramind server are on the same NTP. Otherwise, you may see discrepancy between the time an activity happened vs. the time it’s recorded in Teramind. Note that, this option is not available on Cloud deployments.
- You can change the DEFAULT LANGUAGE used by the system. Teramind supports English, Spanish, Japanese, Portuguese, Russian and Turkish. Note that, you can change the language for an employee/user from their Profile page.