Administering IBM SmartCloud for Social Business

First Edition

Published November 2012

About this edition

In keeping with IBM's commitment to accessibility, this edition of the product documentation is accessible.

Updates to this document

This HTML file contains the latest draft of the official product documentation for this release. This draft is refreshed on a quarterly basis, as necessary. For the latest product documentation updates, refer to the release-specific articles available in the Product Documentation section of the wiki.

Printing

When you print this document some of the style elements are removed to create a better print output. Here are a few tips about printing:

The document length might exceed the browser's print capability. Microsoft Internet Explorer has demonstrated the ability to print large files successfully.
This document is long. Use print preview to determine the printed page length.
You can highlight section of the document and then choose to only print the selected content

Working offline

You can save a local copy of this document from your browser. Each browser has different menus and menu options. Consult the browser help if you need assistance saving the document locally.

Submitting feedback

If you would like to provide feedback about this document, see the IBM Documentation Feedback (opens new window) Web site.

Administering

Integrate social networking and online collaboration in a suite of tools available on the web. IBM® Customer Service Representatives can assist you in selecting the mail and collaboration services best suited to your business.

For more information about the different services offered go to IBM SmartCloud™ for Social Business (opens new window) and click Services.

What's new?

Find out what features have been added (opens new window) since the last update.

Select your service type

SmartCloud Engage or SmartCloud Connections: Customize the look of your organization so your users associate it with your company. Set up user accounts and manage users and subscriptions. Configure your organization account, including specifying security settings for passwords and setting IP address ranges.
SmartCloud Notes® Hybrid environment (opens new window): Plan, configure, and administer SmartCloud Notes in a hybrid environment by using the on-premises tools with which you are familiar.
SmartCloud Notes Service-only environment (opens new window): Though IBM is responsible for the administration and maintenance of the SmartCloud Notes servers, there are user administration tasks that a customer administrator performs. These tasks include managing accounts, users, and groups. To perform these tasks you must be assigned the Administrator role. Plan, configure, and manage SmartCloud Notes as a service only means that all of the Domino® servers are in the cloud.
IBM SmartCloud iNotes®: First, enter and verify the domain name for your organization. Then you can configure organization settings, manage email and contacts, and send email announcements to your users.

Administering SmartCloud Engage or SmartCloud Connections

Set up the organization account. Get to know the site by clicking Administration > Administrative Site Map in the navigation bar and reviewing the site map.

Change the look of your organization. Pick from available color schemes or create a custom color scheme. Change the logo in the navigation bar.
Configure organization account settings. Update security settings including password expiration for your users and IP address range restrictions. Specify who is listed in the public directory and manage subscriptions.
Add users. Before a user can access the organization, an account must be created for them.
Create a welcome announcement. Give new users information they need. For example, list organization best practices for using apps or file sharing guidelines. You can also include who a user contacts for support.

System requirements

Review the system requirements for using IBM SmartCloud for Social Business.

Customizing your organization

Administrators can change the look and feel of their organization. Design an organization page, set a default color scheme, add fields to user profiles, and update your personal settings.

Designing your organization's page

Create a public page that represents your organization. Include contact information, files, and a short description.

This function is available for collaboration subscriptions. You must be logged in with an administrator account to change these settings.

Click the name of your organization in the navigation bar get to the organization page.
Click Edit Information.
1. Add or modify general information about your organization. For example, write a headline that is displayed with the name of your organization, a brief description about your organization, contact information, and the organization website.
2. Click Change to replace the default graphic with an uploaded custom graphic.
Click Customize Organization Theme to change the look and feel of your organization. Select Change for what you want to modify. Change the color scheme by choosing from a default theme. You can also select the rainbow option specify colors for individual elements. Additionally, add a logo for the navigation bar or select to hide an image. These changes affect the look and feel for all of your users.

Adding your logo to the navigation bar

Customize the site by adding your organization's logo to the navigation bar. Customizing the navigation bar logo does not affect the image that displays on the login page.

Adding a custom logo to the navigation bar associates the organization with your brand identity. Customizing the logo is done by updating the organization theme. You can change the logo either through Organization Settings or by editing the page for your organization.

Click Administration > Manage Organization.
Click Theme.
Click Change in the Logo section and upload your new logo.
Ensure that the logo is not hidden by setting Display Logo to Show.

Updating user profiles

Add custom fields to the user profile to capture information relevant for your organization. By default, a user profile includes fields for name and other contact information.

Click Administration > Manage Organization.
Click Profile Customization.
Click Add. Enter a field name and select the privacy setting.
The privacy setting determines who can see that field on the user profiles.
- Public Visible: Anyone who can see the user's profile can see this custom field.
- Users: Only users that have an IBM SmartCloud for Social Business account can see this custom field.
- Same Org users: Only other members of the user's organization can see this custom field.
- Network Contacts: Only members of the user's organization and the user's network contacts can see this custom field.

The custom fields are added to your users profiles as optional fields.

Setting personal information

View and update your personal settings, including name, access level, password, and locale.

Only those options where you see Change can be modified.

Click your name in the navigation bar.
Click My Account Settings.
Click Change to update your name, password, language preference, or time zone.

Creating organization announcements

Broadcast messages to your users containing information you want to make them aware of. Announcements are displayed on My Dashboard for all the users in your organization. These are different from system announcements, which are sent by Support to broadcast messages to all users about the site. For example, Support uses system announcements as notifications of upcoming maintenance.

You can display up to three announcements to users at any time. You can create and save up to eight announcements.

Click Administration > Manage Organization.
Expand the section with your organization name and click Announcements.
Click Add Announcement and fill in the details of your announcement.
- Title: Enter the title of your announcement. You can use up to 128 single-byte characters.
- Message Text: Enter the content of your announcement. You can use up to 1000 single-byte characters.
- URL Address: This is optional. Enter a web address to display on your announcement.
- URL Description: This is optional. Enter a description of the web address in your announcement.
- Expiration: This is optional. By default, announcements do not expire. To set an expiration date, select This will expire on a selected date and enter a date and time. The time and date are set using your local time zone.
To save an announcement without broadcasting it, click Save. To save an announcement and broadcast it to all users, click Save and enable.

To enable an announcement after it is saved, click the down arrow for the appropriate announcement and select Enable. An announcement can also be edited, disabled, or deleted from this menu.

Subscribing users to system announcements

System announcements are created by Support to broadcast messages about the server. For example notifications of upcoming maintenance. These are different from the announcements administrators can create and broadcast to users. By default, system announcements are displayed after a user logs in. In addition, administrators can select to have system announcements forwarded to email accounts for individual users.

By subscribing users to receive system announcements as email messages, administrators can ensure that system announcements are seen without relying on a user to log in.

Click Administration > Manage Organization.
Click User Accounts.
Click the arrow next to the user that you want to subscribe to system announcements.
Select Subscribe to Announcements.

To stop emails from being sent to a user that is subscribed to system announcements, click Administration > Manage Organization > User Accounts, click the arrow next to the appropriate user, and select Unsubscribe from Announcements.

Working with internal applications

Grant your internal applications access to IBM SmartCloud for Social Business. An internal application is any application used by your organization that is not available by default. By registering these applications with the server, you make them available to your organization's users.

To work with an internal application, that application must first be registered with the server. Users access the registered application as normal, but the application can now interact with the server. For example, a user could post a file on the application which can then be made available from your organization.

Application registration is implemented using the OAuth protocol with key and secret pairs. Both OAuth 1.0 and OAuth 2.0 are supported. OAuth 2.0 introduces new features, like the ability to customize how long an application has access to the server. When the application's access expires, users are prompted to grant the application access to their account. With OAuth 1.0, an application's access lasts a few hours. With OAuth 2.0, you can select to grant permission to your internal application for up to 90 days. You can choose to enable OAuth 2.0 support for your internal application when you register it.

Click Administration > Manage Organization.
Click Internal Apps.
Click Register App. OAuth 1.0a is enabled by default.
- Enter a name and description for the application when prompted. The name and description of your application can be changed at any time by clicking the menu next to the application and selecting Edit properties. The application name cannot exceed 50 characters, and the application description cannot exceed 1000 characters.
- Select OAuth Type to enable OAuth 2.0. Enabling OAuth 2.0 gives you the option to select the access duration and specify a callback URL. Access Grant Duration defines how long it takes for the internal application's access to the server to expire. The Callback URL is used to send sensitive information to your server. Sending this information over HTTPS is required to avoid possibility of it being intercepted. The user will return to this URL after they approve or deny access for the application.
During registration, your application is assigned a key and secret. Registered applications are displayed in Internal Apps.

After registering your application, it might become necessary to reset the key and secret pair. For example, reset the values if you suspect they were compromised. To reset the key and secret, click the menu for the appropriate application and select Reset Credentials. Make sure to update your application with the new credentials.

To view the OAuth key and secret pair assigned to an application, click the menu for the appropriate application and select Show Credentials.

To revoke your applications access to the server, click the menu for the appropriate application and select Delete.

Customizing your brand identity

As a vendor, you can customize the information that displays when your customers log in to their organization. Rebranding the screens your customers see identifies the site with your organization.

You can customize the information that customers see while they are logging in to their organization, resetting their password, or are viewing their My Dashboard page. These changes make your brand visible to your customers and also affect your own organization.

You can customize the following brand identity information:

Login logo

Upload an image to use as the logo that appears on the login and reset password pages. The login logo is the image a user sees when they log in to an organization that belongs to your customer. Users logging in to your organization may also see this image. This logo is not displayed in the navigation bar. Uploading a new image overwrites the current image. If you need to keep a copy of the current image, download it before you upload a new one.

Go to Administration > Manage Organization > System Settings > Theme to update the login logo.

Organization information

Customize the information that customers see about your organization. The organization name specified here displays on the page your customers use to log in to their organization. The organization details specified here also display when emails are sent to your customers. For example, the email that is sent when a user is added to your organization contains your organization information.

Go to Administration > Manage Organization and click Brand Identity under your organization name to update your organization information.

The information specified in Brand Identity > Change the Organization Information does not affect the organization name that appears in the navigation bar. To edit the organization name that appears in the navigation bar and throughout the organization, click Administration > Manage Organization > Organization Account Settings.

Links

Edit the links that display in an organization that belongs to your customer. Use these links to direct users logged in to an organization that belongs to your customer to your proprietary information. These links display on the footer of My Dashboard.

Go to Administration > Manage Organization and click Brand Identity under your organization name to update your organization links.

Support information

Edit the links that display in your organization and in an organization belonging to your customer. Use these links to direct users logged in to an organization that belongs to your customer to your support information. The Support URL displays on the Help menu. The Support email URL displays in the footer of My Dashboard.

Go to Administration > Manage Organization and click Brand Identity under your organization name to update your support information.

If a customer specifies a support email for their organization in their Administration > Manage Organization > System Settings > Security, that URL overrides the URL you provide here.

Setting up user accounts

Before a user can access the organization, an account must be created for them. Only administrators can add user accounts. Each user account has one or more roles assigned to it that determine what a user can see and do.

There are several roles that can be assigned to a user account.

A User can view an organization's page, add files, and access to their personal settings. They cannot access organization settings, modify any system settings like security options, profile options, or modify organization themes or logos. Only users can have subscriptions and access content.
An App Developer has sufficient access to integrate their organization's internal applications, but does not have access to other Administrator areas. They cannot access organization settings, modify any system settings like security options, profile options, or modify organization themes or logos. Give a user this role when you want them to access Internal Apps to register custom applications using OAuth. An application developer cannot subscribe to a service unless they are also assigned the user role.
An Administrator Assistant has sufficient permissions to reset login passwords for all users. However, they cannot reset IBM Lotus Notes® passwords. They can also resend invitations to pending users. An administrator assistant cannot subscribe to a service unless they are also assigned the user role.
An Administrator has access to modify all organization settings like contact information and description, system settings like security options, file sharing rules, and organization theme. They can also add or remove users, manage roles, assign administrator privileges or administrator assistant privileges to users, enable integrated applications, and manage subscriptions. Administrators can also reset login passwords for all users and Lotus Notes passwords. Administrators cannot subscribe to a service unless they are also assigned the user role.

Adding users

To add users, you must have administrator privileges. If you want to add many users at one time, contact your Customer Service Representative.

Before adding a user, know what roles you want to assign to them, which subscriptions you want to give them access to, and their email address. Subscriptions are categorized either as Collaboration or Mail services. Collaboration services include components for social networking like Activities, Communities, Files, Events, and Meetings. The components available to your organization depend on the offerings purchased. Mail services include IBM SmartCloud Notes and IBM SmartCloud iNotes.

Depending on the services selected during initial account creation, there might be more than one way to notify the user of their new account. For users that have a collaboration service, administrators provide an email address that becomes the user's Account Identity. Those users receive an invitation email at that address. When setting up an account for a SmartCloud Notes user, administrators must provide a temporary password that the new user will log in with. Administrators must notify new users of this temporary password. When setting up an account for SmartCloud iNotes users, administrators have the option of either creating a temporary login password or associating that user account with an alternate email address that is external to the organization. An invitation email can be sent to the external email address.

To add a user, click Administration > Manage Organization > User Accounts > Add User Account and provide the necessary information for each step.

Specify basic user settings and assign roles in User Information The User role must be selected before this user can be subscribed to a service. Select Administrator Assistant to give a user ability to reset passwords for others or resend pending or expired invitations. Select Administrator to grant this user administrative privileges. Select App Developer for users who must register internal applications.
Use Subscriptions to select what services a user has access to, add mobile access to email, and allocate any additional storage to use for files or email.
Select the appropriate subscription to assign to the user. You can also enable mobile mail by selecting the appropriate option from Add-ons.

If your organization purchased extra storage, you can allocate the amount of storage for the user you are adding. Files quota allows you to specify the total amount of disk space a user has available for uploading files. Mail quota allows you to specify the total amount of disk space a user has available for email storage. Extra storage must be specified in whole numbers, like 1 or 2. Do not use fractions or decimals.
Use Add-ons to enable email archiving or mobile devices.
Use Account Login to specify the user's account identity. The email specified here becomes the ID that the user logs in with. This email is known as the account identity. When creating a user account for mail subscriptions, there are additional options administrators can specify.
- Initial login preference: For SmartCloud Notes users, administrators must create a temporary password that is used on the initial login. For SmartCloud iNotes users, administrators can select to create an initial login password or provide an alternate email address to send the invitation to.
- SmartCloud Notes only: Administrators can specify the distinguished name to use. These fields are optional and if they are blank, SmartCloud Notes tries to define them.

After a user is created, the account status is pending until that user logs in or completes registration.

Unless an account was created with a temporary password, the user receives an email containing a link to a registration page after account creation. The user must then click that link and complete the registration process by entering information about their country, time zone, and notification options. They might also be asked to create a password. After this registration is submitted, the new user can log in to their organization. If your organization has disabled customer email verification, new users do not receive invitation emails.

Administrators can resend invitations for pending accounts by clicking the arrow next to a users name and selecting Resend Invitation. Click Resend All Expired Invitations to resend all expired invitations.

If your organization includes SmartCloud Notes, review the SmartCloud Notes administration documentation about adding and provisioning users.

After a user has been added, their invitation has pending status. Pending invitations are invitations that have not been used to complete registration and have not expired. A pending invitation will expire after approximately 28 days. After a pending invitation expires, it cannot be used to register and gain access to the organization. An administrator or administrator assistant must resend the expired invitation before a user can complete registration and log in.

You can check on the status of an invitation at any time by going to User Accounts.

Enabling integrated third-party applications

Add integrated solutions from our business partners to enhance user productivity. These cloud-based offerings help your team operate more efficiently.

Click Administration > Manage Organization.
Click Integrated Third-Party Apps to view the third-party applications supported.
Click Enable on the appropriate application to make it available to your users.
Integrated applications are disabled by default. By selecting Enable, administrators can enable an integrated application for an individual user account or for all user accounts. By selecting Enable for all current users from the application description, the application is enabled for the organization and all current users.

To customize how long an application has access to IBM SmartCloud for Social Business, set the Access Grant Duration. Access Grant Duration defines how long it takes for the integrated application's access to IBM SmartCloud for Social Business to expire. When the application's access expires, users are prompted to grant the application access to their account.
Make the application available to a user.
Before a user can access an integrated application, an administrator must enable that application on the appropriate user account.
1. Click Administration > Manage Organization > User Accounts.
2. Click the arrow next to the user that needs access to the integrated application and select Add Third-Party Apps.
3. Select the integrated applications you want to make available to the user.

Each time an integrated application is enabled for a user account, that user receives a notification email. Additional configuration might be required for each application before it becomes available. For details, refer to the documentation for the integrated third-party application.

You can reset the access that integrated applications have to IBM SmartCloud for Social Business. If you use an application after the permissions are reset, you are prompted to authorize that application's access to your content.

Password requirements

New users whose accounts are created with a temporary password are prompted to create a password on initial login. Users whose passwords are reset must also create new passwords on the next login. Passwords must conform to specific length and character requirements.

All site passwords must conform to these rules:

The minimum password length is eight characters.
They must contain at least one non-alphabetic character and at least four alphabetic characters.
They cannot contain three or more repeated characters or the space character.
They cannot match any of the last eight passwords.
They cannot contain your name or email address.

Users can click Forgot password? to have their password reset. This link resets the organization password, but does not necessarily reset the mail password. Administrators and Administrator assistants can reset passwords by clicking the arrow next to a user listed in User Accounts and selecting Reset Password. Administrator assistants can reset the login password for a user but cannot reset IBM Lotus Notes passwords. Administrators can reset both the login passwords and the IBM Lotus Notes passwords. Users that log in by clicking Use My Organization's Login are using a federated identity and can reset their passwords only by following their company's process.

Administrators can enable security settings to enforce password expirations through System Settings > Security. When a user logs in with an expired password, they are prompted to reset that password.

To prevent password recycling, a user can only reset their password once within a 24 hour period. However, administrator assistants and administrators can reset a user's password at any time.

Resetting passwords and Resending invitations

A user with the Administrator Assistant role can reset user passwords for the site or resend expired or pending invitations. Administrator Assistants cannot reset IBM Lotus Notes passwords.

An administrator assistant can help manage the users in an organization by resending invitations so the administrator does not have to. The invitation email that is resent contains a link that a user must follow to complete their registration. After registration is complete, a user can log on. Administrator assistants can also reset passwords for users who cannot reset their own passwords because the minimum password age of 24 hours has not expired.

Resending invitations is not supported for users created only with the password option. For example, SmartCloud Notes users with pending accounts cannot get an invitation email because those accounts are created with a password. However, SmartCloud iNotes users created with an alternate email address can have invitations resent because the invitation is sent to the addressed specified as the alternate email.

Reset user passwords.
1. Click Administration.
2. Select the arrow next to the user that needs the password changed. You can also click the user name.
3. Select Reset password. Fill in the prompts to reset the password.
4. Notify the user of the password change. The user is not automatically notified that the password was reset. Make sure to communicate this change to the user, along with the new password if needed.
Resend pending or expired invitations.
1. Click Administration to access User Accounts.
2. To resend all expired invitations, click Resend All Expired Invitations. You can also resend an expired or pending invitation to an individual user by clicking their name or by clicking the arrow next to their name.

Managing users

Administrators can delete, suspend, or edit a user account by clicking on the arrow next to the appropriate user. Administrators can also manage user accounts by resending pending invitations, or viewing user reports.

Resending invitations

An administrator or administrator assistant can resend expired or pending invitation emails to all pending user accounts or to individual accounts. The invitation email contains a link that a user must follow to complete registration. After registration is complete, a user can log on.

Pending invitations are invitations that were not used to register and are not expired. A pending invitation will expire after approximately 28 days. After a pending invitation expires, it cannot be used to register with the organization until the administrator or administrator assistant resends the expired invitation.

Only administrators have access to Administration > Manage Organization.

Administrators click Administration > Manage Organization. If you are an administrator assistant, click Administration.
Click User Accounts.
Resend the invitation email. You can add custom content to the invitation email.
- Click Resend All Expired Invitations to resend the invitation email to all expired accounts.
- Click the arrow next to the appropriate pending user account and select Resend Invitation to resend the pending invitation email to an individual user account.

Editing, suspending, and deleting user accounts

Administrators can delete, suspend, or edit a user account by clicking on the arrow next to the appropriate user.

If your organization includes SmartCloud Notes user accounts, review the SmartCloud Notes administration documentation about deleting, suspending, or editing a user before making changes to an account.

Click Administration > Manage Organization.
Click User Accounts.
Click the arrow next to the user account you want to edit. From here you can delete, suspend, or edit a user account. When deleting a user account, you can select to transfer that user's files to another account by entering the email address of the user who should receive the files in the Assign To field.

These changes do not take effect until the deleted user logs out.

Resetting login passwords

A user can reset their own password once within a 24 hour period by clicking Forgot password?. An administrator or administrator assistant can reset passwords for any user at any time. Administrators can reset passwords for any user at any time. Administrator Assistants can reset login passwords at any time, but they cannot reset IBM Lotus Notes passwords.

Reset passwords when a user forgets their password, or when the password might be compromised. Users that log in by clicking Use My Organization's Login are using a federated identity and can reset their passwords only by following their company's process.

Follow these steps to reset any user's password:

Click Administration > Manage Organization.
Click User Accounts.
Select the arrow next to the user that needs the password changed.
Select Reset password and enter the new password. This password is a temporary password that the user enters the next time that they log in. At that time, the user is asked to create a password.
If you are resetting a password for a user with a mail subscription, you can also reset their password by editing their user account. Click the appropriate user name in User Accounts and enter a new password in the Subscriptions > Mail section.
Notify the user of the password change. The user is not automatically notified that the password was reset. Make sure to communicate this change to the user, along with the new password if needed.

Administrators can enable security settings to enforce password expirations through System Settings > Security. When a user logs in with an expired password, they are prompted to reset that password.

Hiding people from the Organization Directory

By default, users are added to the organization directory when their account becomes active. Administrators can select to prevent a user from being displayed in the People section of the page for the organization.

Click People and select your organization from the list. This page can also be accessed by clicking Manage Directory from the page for your organization.
Select the names of the users to hide.
Click Hide on Organization Page.

To display a hidden user on the organization directory, select that user and click Show on Organization Page.

Troubleshooting log in

Solutions for common problems encountered during the initial log in or when resetting a password.

Table 1. Troubleshooting the log in
Problem	Possible Solutions
The user does not receive the registration confirmation email after new account creation on a service.	Verify that the email address entered in User Accounts > Account Identity is correct. Verify that the confirmation email is not in the SPAM filter of your email client. In most cases adding signup@lotuslive.com to your contacts list prevents erroneous SPAM filtering. Contact Customer Service at support@lotuslive.com.
User receives an "Invalid Token" error when attempting to confirm registration using the link in the confirmation email.	Try to copy and paste the entire URL from the confirmation email into a new web browser. The token is valid for 28 days, so if the user does not accept the invitation within that time you must contact Customer Service at support@lotuslive.com.
The user attempts to reset his password from the login screen but never receives an email containing additional details to reset the password.	Verify the reset password is not in the SPAM filter of the user's email client. If the email is still not delivered, please contact Customer Service at support@lotuslive.com.

Configuring the organization account

Set up your organization account, including specifying security settings for passwords, setting IP address ranges, and managing subscriptions.

A session is valid for up to 18 hours. After 18 hours, users must log in again before accessing the organization. To prevent data loss due to an expired session, save your work before stepping away.

Understanding roles

Learn about the roles available for user accounts. Understanding the different roles helps you select the correct roles for your users.

A User can view an organization's page, add files, and access to their personal settings. They cannot access organization settings, modify any system settings like security options, profile options, or modify organization themes or logos. Only users can have subscriptions and access content.
An Administrator Assistant has sufficient permissions to reset login passwords for all users. However, they cannot reset IBM Lotus Notes passwords. They can also resend invitations to pending users. An administrator assistant cannot subscribe to a service unless they are also assigned the user role.
An App Developer has sufficient access to integrate their organization's internal applications, but does not have access to other Administrator areas. They cannot access organization settings, modify any system settings like security options, profile options, or modify organization themes or logos. Give a user this role when you want them to access Internal Apps to register custom applications using OAuth. An application developer cannot subscribe to a service unless they are also assigned the user role.
An Administrator has access to modify all organization settings like contact information and description, system settings like security options, file sharing rules, and organization theme. They can also add or remove users, manage roles, assign administrator privileges or administrator assistant privileges to users, enable integrated applications, and manage subscriptions. Administrators can also reset login passwords for all users and Lotus Notes passwords. Administrators cannot subscribe to a service unless they are also assigned the user role.

Edit a user's account to reassign a role. Click Administration > Manage Organization > User Accounts and then click the appropriate user name. In RoleUser information, you can select additional roles for the user. You can also remove a role from a user by clearing it. If you clear the User role, you are prompted to transfer that user's data to a new user. This transfer prevents the loss of content associated with this user.

Restricting the IP address range

To ensure that users log in from an approved network connection, administrators can define an approved range of IP addresses.

By restricting the IP addresses that have access to your organization, you provide a level of protection against user's credentials being stolen or phished. If IP ranges are restricted to your network, an attacker would need to authenticate to the server from within your network to access any stolen credentials.

If your company uses SMTP, POP or iMAP protocols, restrictions are not applied.

Click Administration > Manage Organization
Click Security.
Click Add Range in the IP Address Ranges section to enter the beginning and ending IP addresses. You must specify the IP address at which you are currently logged in.

Enabling IP address restrictions might block mobile user access to your organization. For example, Blackberry users must authenticate through a Blackberry Enterprise Server (BES) which authenticates both the mobile device and the user. Because the IP address for the authenticated user is that of the BES server, IP address restrictions can block access, depending on the range specified. Use VPN tools on the mobile device to route traffic to your organization using your network

You can use IP address restrictions as a secondary authentication mechanism in combination with SAML single sign-on authentication.

Setting password expiration

By default, passwords do not expire. Enforcing a password expiration period helps ensure that passwords are changed frequently. Administrators can set a password expiration interval for all users.

Click Administration > Manage Organization
Click Security.
Click Edit Settings in the Password Settings section. Select the number of days before a password expires, how the password can be reset, and add password reset support for your users.

Viewing available user accounts

For each subscriptions, administrators can see how many user accounts are available to be assigned.

Click Administration > Manage Organization > Subscriptions. Each subscription lists the number of available and total user accounts. You can expand each subscription row for more information about that subscription.

You can also view available user accounts by going to Administration > Manage Organization > User Accounts. Available subscriptions are listed on this page. To see order history for your organization's account, including a list of subscriptions purchased, click Administration > Manage Organization > Order History.

Managing subscriptions

An administrator can start free subscription trials, buy new subscriptions, view subscription history, or choose to upgrade existing trial subscriptions to full subscriptions by purchasing them. Trial subscriptions might not be available for your organization.

Adding a trial subscription is a good way to evaluate if a subscription fits your needs before purchasing it. You can upgrade a trial subscription to a paid subscription without losing any data associated with your account. Before a user can access a trial subscription, an administrator must make it available to the user by enabling it on the appropriate User Account.

Follow these steps to manage your subscriptions.

Click Administration > Manage Organization > Subscriptions.
To view subscription details, expand the appropriate row. Click Upgrade Subscription to go from an existing trial subscription to a paid subscription. Upgrading a subscription takes you through the process to purchase it. Only trial accounts can be upgraded.
To buy a subscription that you do not currently have a trial for, click the link at the end of the Subscriptions section. To buy a subscription offering at any time, click Administration > Buy IBM SmartCloud.

After adding a subscription to your account, you must enable the subscription for each user to make it available to that user. To enable subscriptions for a user, go to Administration > Manage Organization > User Accounts and select the user to edit. Then go to the Subscriptions screen and select the appropriate subscription.

Use the Subscriptions page to manage your trial and paid subscriptions. The Subscriptions page contains information about any existing trial subscriptions and paid subscriptions your organization owns. You can review the subscription purchase date, expiration date, and find out how many user accounts are still available. By clicking History for a subscription, you can see a history of events and their dates for each subscription. For example, you can see the date that subscription was renewed and details about the renewal, or if a subscription has any add-ons.

To see order history for your organization's account, including a list of subscriptions purchased, click Administration > Manage Organization > Order History.

Allowing users to be listed in the Organization Directory

By default, members in your organization are not listed in the Organization Directory. This means that those users are not visible to members of other organizations. Administrators can have all users publicly listed in the directory, have only specific users listed publicly, or allow each user to decide whether they want to be publicly listed.

If you are not visible to the directory, then you are not listed when searched for by users outside of your organization. If you are listed in the directory then other users external to your organization can find you and add you to their network.

Click Administration > Manage Organization.
Click System Settings > Organization Directory
Click Change in the Organization policy for Directory Search section.
Select the appropriate privacy setting.
- User Choice: This allows your users to decide whether they are listed in the directory. Listing them makes them searchable to users outside of your organization.
- All Private: This is selected by default. All Private prevents your users from being found by users external to your organization.
- All Private with Exceptions: Control which users are listed in the directory.
  Only those users you list in Exceptions are visible to users external to your organization. Any user not listed in Exceptions is considered a private user and is not listed in the directory.
  
  When you select this option, a list of exceptions is created. This list contains the names of the users you select to make public when you add their name in Exceptions. This field does not represent the current list of exceptions. It represents only the users you are adding to the already existing list of exceptions. To see the list of users who are already an exception, click View all exceptions.
  
  To overwrite the existing users who are already listed as an exception, select Only allow the users currently listed in Exceptions to be displayed in the directory. Any users previously selected as exceptions are removed from the directory.. Then add any user you intend to be a public user in Exceptions. This list replaces any current list of exceptions.

Administering IBM SmartCloud iNotes

After the Customer Service Representative has created your account or you start a free trial, enter and verify the domain name for your organization and start configuring settings, managing email, and managing contacts.

Supported protocols

IBM SmartCloud iNotes supports the most prevalent Internet standard protocols for email retrieval.

Protocols

The following list identifies the supported protocols:

POP3
IMAP
Authenticated SMTP
IMAP IDLE

Once the domain is registered, the domain name server of the IMAP, POP, and SMTP service interface cannot be changed.

Ports

Depending on the environment, you might need to open the following network ports on the firewall. For example, if you use only Web mail you need the HTTP port open, but the other ports do not have to be open. The s indicates the port for the secure (SSL) traffic.

HTTP: 80
HTTPs: 443
POP3: 110
POP3s: 995 (-pop.mail.lotuslive.com)
IMAP4: 143
IMAPs: 993 (-imap.mail.lotuslive.com)
SMTP: 587
SMTPs: 465 (-smtp.mail.lotuslive.com)

For IMAP, POP, and SMTP connections, open the following IP address on the firewall: 8.12.152.0/24

When setting up, the customer needs to own and set the MX record. The MX record is one of many DNS entries that an organization might set. To set the MX record, the customer must have technical control of the DNS settings for the domain.

Account security

IBM SmartCloud iNotes accounts are authenticated with an email address and password. All users have the same standard email privileges. Accounts can only be created by an administrator.

If you have an account that is enabled with multiple subscriptions and you want to access your email messages before viewing other components, log in at mail.lotuslive.com (opens new window). After logging in, you can access your mail and other components assigned to your account.

SmartCloud iNotes complies with the following security certifications:

ITCS104 IT Security for IBM managed systems
ITCS329 Security for outsourced business services
FIN151 Application Systems Controls and Auditability
CIO122 IBM Worldwide records management
CP130 IBM Data privacy policy with documented privacy plan
LEG116 Classification and control of IBM information
LEG117 Handling of personal information collected online
USRP US Export Regulation Procedures

IBM infrastructure and server systems use internal IBM security policies, standards, and processes to ensure the systems are configured and managed in a secure and compliant manner. Security standards are consistent with security best practices and align with ISO 27000 series.

Services are hosted in IBM-owned data centers with a physical infrastructure designed to protect your systems and data. All client connections are encrypted using SSL. Security is provided to meet all international, federal, state, and local statutory and regulatory requirements.

Routing outbound email

Administrators can route outbound email through an external SMTP server.

The following are some reasons to relay outbound mail via an external SMTP server:

Integration with compliance archiving solutions
Screening messages through a data loss protection system
Complex enterprise mail routing requirements

Use the SMTP routing to control outbound traffic by defining a server name for IBM SmartCloud iNotes. This server name enables SmartCloud iNotes to route outbound email that originates with users from the organization. Routing can be done at the domain or user level. To implement this option, you must provide the following information:

The hostname or IP address of the outbound SMTP server
Verification that the server is properly configured. For example, make sure that email messages sent from the SmartCloud iNotes outbound mail transfer agent (MTA) are accepted by this host for mail relay.

After you have this information, you can configure the outbound mail gateway for all users or for individual users:

Click Administration > Manage Organization .
Click iNotes.
Click Outbound Mail Gateway to configure or modify a gateway for all users. Enter the address of the mail gateway in Outbound Gateway. To delete the gateway for all users, delete the address from Outbound Gateway.
To configure a gateway or update the address of the existing gateway for individual users, use the following procedure:
1. Click Mail Account Manager.
2. Select a User ID from the list.
3. Click the Outbound Gateway icon in the Action column.
4. Enter the address of the outbound gateway server.
5. Click Save.
To delete the gateway for an individual user, use the following procedure:
1. Click Mail Account Manager.
2. Select a User ID from the list.
3. Click the Outbound Gateway icon in the Action column.
4. Delete the address of the outbound gateway server.
5. Click Save.

Adding domains to a whitelist

Users can block specific email addresses or domains. Using a whitelist, administrators can designate organization-wide hosts from which messages are always accepted by the server.

Click Administration > Manage Organization .
Click iNotes
Click Whitelist.
Enter the domain name or IP address for the whitelisted host.
Note: To ensure IP addresses are recognized by the server, refer to the following list of parameters.
- Ensure that the IP address is publicly routeable. Reserved and private network IP addresses are not recognized by the server.
- Enter an IP address in the following format: x.x.x.x where x is a value between 0 and 255.

Adding an email signature

Administrators can add a standard signature or tagline to outgoing email from all users within your organization. Users cannot prevent the tagline from being included in the emails they send.

One way to promote your corporate identity is with email signatures. Email signatures provide your organization with the opportunity to standardize the look of all outgoing email.

You must have both an HTML version and a plain text version of your tagline ready to upload. Graphic support is limited to including an external link in your HTML tagline.

To add your corporate signature:

Click Administration > Manage Organization.
Click iNotes > Tagline Manager.
Upload the tagline message, select the appropriate language, and click Publish.
Both plain text and HTML versions of the tagline must be provided, and the files must be encoded as UTF-8. The tagline will be displayed at the end of each message and cannot be modified or deleted by users.

For each language, you can only provide one tagline file. If you provide multiple languages, the language that corresponds to a user's locale is included in that user's email. If there are no taglines that match a user's language, then English will be included by default. If there are no taglines that match a user's language and there is no English tagline availabe, then no tagline is added to emails from that user.

Sending announcement emails

Broadcast messages to your users. Announcements are emails sent by administrators to all of the users in their organization.

Use announcements to notify your users of important information for your organization.

Click Administration > Manage Organization.
Click iNotes.
Click Announcements in the Mail section.
Click New Announcement to create an email announcement.
The required fields are From, Subject, Message, and Delivery. The Subject cannot exceed 100 characters and the Message cannot exceed 8000 characters. If you want users to be able to reply to your announcement, enter a valid email address in Reply-to. To send a preview of your announcement to a specific user, select Delivery > Send a preview Announcement to and enter in the appropriate email address. Make sure Delivery > Send to all users in the company is selected to send the announcement to all users.

Announcements are not sent to any alternate email addresses specified in user accounts. In addition, users that are external to your organization cannot receive announcement emails.

New announcements take a few minutes to process before being sent out. You can check on the status of the announcement by clicking on the announcement itself and viewing the announcement State. After the announcements are sent out, they are listed as Completed in the iNotes > Announcements panel.

Managing organization domains

Add or remove domains registered to your organization. Add a domain when your organization needs to support a new domain. Remove a domain if it was entered incorrectly or if you no longer need it registered to your organization.

To add a domain click Administration > Manage Organization > iNotes > Domain Manager and click Add domain.
To remove a domain:
1. Remove all users from the domain you want to delete. To remove users, go to Administration > Manage Organization > User Accounts and edit the appropriate users.
2. Click Administration > Manage Organization > iNotes > Domain Manager and click Delete domain.
Before deleting this domain, you must remove all users from the domain.

Managing IBM SmartCloud iNotes user accounts

Administrators can change email addresses, create aliases for accounts, set up forwarding email addresses, permanently destroy deleted mail, and enable users to access the corporate calendar.

Changing user email addresses

Although administrators cannot change email addresses associated with IBM SmartCloud iNotes, alias accounts can be created. If an email must be changed, open a request with Support.

There is a distinction between the email address used to identify an administrator-only account and an account that includes a user role and a SmartCloud iNotes subscription. Any accounts with only the administrator role selected cannot be created with a SmartCloud iNotes email address. If an administrator-only account is later edited to include the user role and add an SmartCloud iNotes subscription, the user must continue to log in using the original email address unless the email address associated with the account is changed.

If a user has a collaboration subscription first and is later provisioned with a SmartCloud iNotes subscription, the user's login ID will still be the original email address with which the account was created. To update the email address with the SmartCloud iNotes address for users provisioned with the SmartCloud iNotes subscription, edit the settings in the User Account for that user.

An organization administrator cannot change an existing SmartCloud iNotes email address. Should it become necessary to modify this address, choose one of the following:

Create an alias account for the user. This allows the user to send and receive email using the alias address exactly as they did with the original address.
Open a request with Support. This level of authorization is required because so many services are linked to an email address and, without a coordinated migration of these services, interruption of service could result.

Finding users

Find an iNotes user and modify their account settings.

Click Administration > Manage Organization.
Click iNotes > Mail Account Manager.
Enter the user's iNotes email address and click Search.
After the search completes, the users matching your criteria are listed. For each user you can select to configure the outbound gateway, empty the user's trash, forward their email to a different account, create an alias for the user account, and give that user the ability to create, edit, or delete calendar events by enabling the corporate calendar.

Emptying a user's trash

When users delete mail, it is moved to a trash folder and can still be recovered. Administrators can permanently remove these messages and recover disk quota space for users.

To empty the user's trash:

Click Administration > Manage Organization.
Click iNotes > Mail Account Manager.
Find the user in the list. You can also enter the user's iNotes email address and click Search. Once you find the user, you can select to destroy their deleted mail by clicking the trash icon.

Creating an alias for an account

Administrators can create aliases for user accounts to help users manage the email they receive.

Email aliases are useful for several purposes. Users can employ aliases to receive email anonymously, manage email for different projects, or virtually change their addresses.

To create an email alias for a user:

Click Administration > Manage Organization.
Click iNotes > Mail Account Manager.
Find the user in the list. You can also enter the user's iNotes email address and click Search.
Click Add alias account for the selected user name. Any existing aliases are listed here.
Enter the name for the alias account and click Add to include in the list of aliases for the user.

You can delete an alias by clicking the Action icon for the appropriate alias.

Forwarding email from an account

Administrators can forward user email automatically to alternate email accounts. However, you cannot forward email sent to an alias email account.

Forwarding addresses help users manage their email. For example, users can forward mail to another address when working remotely.

To set up a forwarding address for a user:

Click Administration > Manage Organization.
Click iNotes > Mail Account Manager.
Find the user in the list. You can also enter the user's iNotes email address and click Search.
Click Forward mail for the selected user.
Enter the email address where you want the mail forwarded. To send email to both the forwarding address and the login address, select the checkbox after the forwarding address field. To send mail only to the forwarding address, this checkbox should be unselected.

Enabling users to manage the corporate calendar

There are three different types of calendars: personal, secondary, and corporate. Administrators can enable corporate calendars to give users the ability to create events on that calendar. Until a corporate calendar is enabled for a user, that user cannot create, edit, or delete events on the corporate calendar. The corporate calendar is used to share organization events with all users in your organization.

Using the corporate calendar keeps users up to date on organization events and meetings. Each user must be given access to the corporate calendar by an administrator before they can access the calendar.

Click Administration > Manage Organization.
Click iNotes > Mail Account Manager.
You can enable or disable sharing of the corporate calendar for each user listed by clicking the Corporate Calendar icon. You can toggle the calendar setting back to disabled by clicking the icon again.
Note: After you enable the corporate calendar for an account, it will be displayed upon the user's next login.

Managing IBM SmartCloud iNotes contacts

Add contacts to the Corporate Directory Manager address book, export your address book, and create distribution lists.

Adding address book contacts

Populate the Corporate Directory Manager address book by importing contact information from a file or by having contact information automatically added when creating a user account. Users can then access the address book to find other users.

The maximum number of contacts that can be imported into the directory depends on the type of account you have. A paid service account can have up to 500,000 contacts. A trial account can have up to 100,000 contacts if it is using your own domain. A trial account using the default trial domain can have up to 500 contacts in the address book.

You can have only one address book.

To automatically add contact information when creating a user account:
1. Click Administration > Manage Organization.
2. Click iNotes > Corporate Directory Manager.
3. Click Automatically populate the Corporate Directory (recommended).
  When you add an IBM SmartCloud iNotes account, it automatically generates a Corporate Directory entry. If the user exists in the Corporate Directory, a duplicate entry is created. For example, if you create an account for a user from a Microsoft Exchange account that is already in the organization, then a duplicate entry is created. Duplicate entries result from adding users that contain an existing account at the time you add their external information. Edit the updated Corporate Directory to remove duplicate entries.
  
  If your organization owns multiple domains, you can specify whether users can view contact information in other domains by selecting the appropriate option in Multiple Domains.
To import the contacts file:
1. Click Administration > Manage Organization.
2. Click iNotes > Corporate Directory Manager.
3. Click Manually manage the Corporate Directory.
4. Click Browse and select the file to import. Currently csv, ldif, txt, vcf, and tab files are supported. The imported file must be encoded as UTF-8. This imported file replaces the current address book. To add additional entries, first export the address book and then add any new entries.

To delete duplicate entries in the updated Corporate Directory, you can use either of the following methods:

If you are using a spreadsheet, you must export the Corporate Directory to a spreadsheet, edit it to remove duplicate entries, and then reload it.
If you are using the integration server, you can delete individual duplicate entries.

Exporting the IBM SmartCloud iNotes address book

Administrators can edit or back up the list of organization contacts by exporting the Corporate Directory Manager address book.

To export the contacts file:

Click Administration > Manage Organization.
Click iNotes > Corporate Directory Manager.
Select the file format from the drop-down in the Export section.

When editing this file, make sure that it is opened with UTF-8 encoding. By default, the name of the exported file is addressbook and the extension is either .csv,ldif or .txt depending on the format selected. The exported file can be opened for editing or saved as a backup contact list.

Creating distribution lists for groups

Administrators can create distribution lists for email to various groups.

Use distribution lists to define groups for different projects, different departments, or different interests. Both users that belong to your organization and external users can be added if they have a valid email address. You can create the list by entering contact addresses separated by commas or by importing a comma-separated file of addresses.

To create a distribution list:

Click Administration > Manage Organization.
Click iNotes > Distribution List.
Click Add Distribution List and enter a name in the List name: field. Format distribution names similar to email addresses. For example, list_name@your_domain. All ASCII characters are supported. The list_name cannot exceed 64 characters. The domain cannot exceed 128 characters.
Click Create New List. Your distribution list is shown, along with the number of members it contains.
Add the addresses to be included in the distribution list. To add contacts to the distribution list, enter email addresses separated by commas or import a contact list (.csv). There is no limit to the number of users that can be added to the distribution list. However, there is a maximum number of ASCII characters that can be included in the list. The distribution list cannot exceed 200 entries. When determining the number of characters in each user's address, include the user name, the @, and the domain name. For example, the address list_name@your_domain.com has 25 characters.

The distribution displays in the organization directory and can be used by all IBM SmartCloud iNotes subscribers in the organization.

By default, a distribution list is enabled for all users in the organization. Distribution lists can be disabled by clearing the appropriate Enable list. Disabling distribution lists minimizes the risk of users sending spam emails.

Users are not notified when a distribution list is enabled or disabled. If a distribution list is disabled, it is not automatically completed as a user types it in. If a user sends email to a disabled distribution list, the email is bounced back to the inbox of the sender.

Restricting domain visibility

In a IBM SmartCloud iNotes organization that contains multiple domains, you can prevent users of different domains from seeing each other.

If your organization has multiple domains, you can prevent users from seeing the contact information for someone in a domain that is different from theirs. This might be useful if your organization owns multiple domains and each domain has a different set of users. By default, users in one domain can see contact information of users of other domains.

Click Administration > Manage Organization.
Click iNotes > Corporate Directory Manager.
Select the appropriate option in the Multiple Domains section.

Federated identity management

Federated identity allows users who are logged on to your company’s system to use the cloud-based services without having to log on again.

Federated identity management

Federated identity management is handled by a single sign-on (SSO) service that is available for all cloud-based services in SmartCloud for Social Business. If you enable federated identity management, users who are logged on to your system can use the cloud-based services without having to log on again.

The SmartCloud for Social Business products rely on SAML to provide the SSO services. In this implementation, your organization is the identity provider, and SmartCloud for Social Business is the service provider. You can use either SAML 1.1 or SAML 2.0.

Overview of the process using SAML

As the identity provider, your organization authenticates users. The authentication can be by a login with a username and password, or by some other method. When a user gains access to your intranet and attempts to use one of the SmartCloud for Social Business products, a SAML assertion is sent from your organization to the SAML endpoint in SmartCloud for Social Business. The SAML assertion securely identifies the user. The SmartCloud for Social Business system uses the SAML assertion to decide whether the user can access the cloud-based services.

For a more detailed description of the process as it is implemented in SmartCloud for Social Business, see the topics Federated identity management flow models and Federated identity management types.

Enabling federated identity management

When you enable federated identity management, you register your organization as a trusted identity provider with SmartCloud for Social Business. Before you register, you must implement and test a federated identity management system that uses SAML. While you are implementing your system, you must make some choices and prepare several artifacts. For example, you must choose the version of SAML to use, choose the type of federation, and generate a public/private key pair. See the topic Enabling federated identity management for a list of these activities.

Federated identity management flow models

Two flow models exist in federated identity management. One model is the identity provider initiated model (IdP-initiated), and the other is the service provider initiated model (SP-initiated).

Normally, the SP-initiated flow model is not available in SAML 1.1 because SAML 1.1 does not support Identity Provider Discovery Profile. However, SmartCloud for Social Business uses a hybrid version of SP-initiated that allows both SAML 1.1 and SAML 2.0. As a result, Identity Provider Discovery Profile is not required by SmartCloud for Social Business, and is not implemented.

SmartCloud for Social Business implements the Browser/POST profile that is used in SAML 1.1 and is compatible with the Web Browser SSO profile in SAML 2.0. Other profiles are not supported at this time.

The following outlines describe the two flows:

IdP-initiated

The user gains access to your intranet via your organization's authentication mechanism.
The user navigates to a web page on your intranet that contains a link to a SmartCloud for Social Business product such as Engage or Connections.
The user clicks the link.
The SSO process is initiated. A SAML assertion is sent to the SmartCloud for Social Business endpoint via HTTP POST. If the user has a valid account, access is granted.
The user interacts with SmartCloud for Social Business.

SP-initiated hybrid

The user navigates to the SmartCloud for Social Business login page.
The user clicks Use My Organization's Login.
The user enters the email address that is associated with the user’s account.
SmartCloud for Social Business looks up the email address and then redirects the user to your organization’s authentication mechanism.
The flow continues from Step 4 of the IdP-initiated model.

Federated identity management types

In SmartCloud for Social Business, four types of federated identity management are available: Non-federated, Federated, Modified, and Partial. By default, all users in your organization are assigned the Non-federated type unless you enable one of the other types.

Choosing the type of federation to use

Non-federated

The login for SmartCloud for Social Business is independent of, and separate from, your organization's login procedure. Users must log on to SmartCloud for Social Business to use the cloud-based services.

The Non-federated type is the default type, and is the simplest and easiest type to set up because it requires no action on your part.

Federated

Users must authenticate with your organization before they can access the cloud-based services. Users do not have a user name or password on SmartCloud for Social Business. If they go to the SmartCloud for Social Business login page, they must click Use My Organization's Login. The Federated type applies to all users in your organization.

The Federated type is convenient for your users who normally work from the office. They can log on to your system and use SmartCloud for Social Business without needing a separate username/password combination. However, if any of your users work from home or work while traveling, your directory servers must be accessible from the Internet. Also, because your users do not have a separate login for SmartCloud for Social Business, services such as chat and POP/IMAP are not available.

If you choose the Federated type, you must implement the SP-initiated flow model.

Modified

Users have the option of authenticating with your organization before accessing the cloud-based services, or using their SmartCloud for Social Business user name and password to log on to SmartCloud for Social Business. The Modified type applies to all users in your organization.

The Modified type allows your users to access SmartCloud for Social Business from the Internet, but you do not need to make your directory servers accessible from the Internet. Your users can use the single sign-on services when they are in the office, and the SmartCloud for Social Business login when they are outside the office.

Partial

Each user in your organization is assigned one of the previously listed types: Non-federated, Federated, or Modified. If you do not specify a type for a particular user, the user is assigned the Non-federated type.

Use the Partial type if you have one group of users who normally work in the office, and another group of users who normally work from home or who travel frequently. For example, the office workers can be assigned the Federated type, and the traveling sales team can be assigned the Modified type.

You can also use the Partial type to group users by the services that are available to them. Users with the Federated type do not have access to chat or POP/IMAP, but users of the Modified type do have access to chat and POP/IMAP.

If you choose the Partial type, you must implement the SP-initiated flow model to support users with the Federated type.

Changing the type of federation

After one of the federation types is implemented, you can change to one of the other types by contacting your customer services representative. The customer services representative will advise you on the process. If you are using the Partial type, you can change individual users from one type to another without the need to contact your customer services representative.

Preparing for federated identity management

The difficulty of getting your system ready for federated identity management depends on both the state of your system, and on your knowledge and experience with SAML, SSO, LDAP, and related technologies.

Before contacting your IBM customer service representative to enable federated identity management, review the following checklist:

Choose the version of SAML that you want to use. You can use either SAML 1.1 or SAML 2.0.
Choose the type of federation that you want to employ: Federated, Modified, or Partial. See the topic Federated identity management types for more information.
Review the IdP-initiated flow model and the SP-initiated hybrid flow model that SmartCloud for Social Business supports. See the topic Federated identity management flow models for more information.
Implement SAML on your web server. You can use Tivoli® Federated Identity Manger, OpenSAML, Active Directory Federation, or some other federated identity manager.
Retrieve or create the private/public key pair that will be used in digital signatures.
Integrate your directory server with your SAML service. Administration is easier if all of your users are on the same directory server.
Implement and test the SAML Browser/POST profile in either SAML 1.1 or SAML 2.0.
Create a dummy service provider and conduct an IdP-initiated single sign-on test to make sure that everything is working correctly.
Create a SAML metadata file to transmit your identity provider metadata to the IBM customer service representative. If you are using SAML 1.1, you have the option of transmitting most of the information in an email or by some other means that you negotiate with the IBM customer service representative. However, in this case you must transmit the public key inside a Java keystore.

Enabling federated identity management

When your system is ready for testing with the SmartCloud for Social Business system, contact an IBM customer services representative.

Before you start the enablement process, review the following list:

Implement and test a federated identity management system that uses SAML. Make sure that your system is configured to send the user’s email address as the subject in a SAML assertion.
Test your system to make sure that it is configured for the type and flow model that you have chosen. See the topics Federated identity management types and Federated identity management flow models for more information.
Complete the checklist in the topic Preparing for federated identity management

To enable federated identity management:

Send an email to support@lotuslive.com. In the email, request to have federated identity management enabled for your organization. An IBM customer services representative will contact you with instructions and provide details of the process.

Integration server

Integrate user provisioning and iNotes directory integration information from your on-premises administrative environment to cloud-based management.

Integration server overview

The integration server enables you to integrate user provisioning information from your on-premises administrative environment. It also enables you to upload users in your organization’s enterprise directory to the SmartCloud iNotes corporate contacts directory.

The integration server supports your use of a hybrid environment – one that uses a combination of on-premises administrative management and cloud-based service and subscription management. The integration server periodically processes data files that you create and upload using a secure file transfer mechanism, to add, modify, and remove user provisioning information. This enables you to continue using your on-premises management systems and periodically upload user data.

Integrating initial and changed content from your on-premises administrative environment is facilitated through your organization's subscription to the integration server service and by properly named and formatted change files that you periodically create and upload.

Requesting integration server enablement

To begin using the integration server, your administrator must contact an IBM SmartCloud for Social Business Customer Services Representative (CSR) to request enablement.

Be prepared to supply your account information.

Send an email to Customer Services with Integration server enablement request - Your Customer Name" in the subject line.
When Customer Services contacts you in response to your enablement request, be prepared to supply the following information:
- Customer name – Specify your account name, for example Acme. This value should match the Company (or organization) name for your organization.
- Customer ID – Specify the numeric identifier of your account. This value should match the Company (or organization) ID for your organization.
- Integration server user – Specify a user name or account identity for whom an FTP account will be created for uploading integration server change files and downloading their results files through the FTP site.
  - This is the account identity of the user for whom an FTP account will be created for uploading change files and downloading their associated report, log, and trace files.
    Note: You can also specify a different account identity for whom an additional FTP account will be created for downloading authorization and application journal files.
  - The specified user name or account identity must already exist in IBM SmartCloud for Social Business and does not require an Administrator role.
  - You can specify one or more administrators and can optionally create a user name or account identity specifically for the required task, for example llisid_admin@acme.com for integration server functions and llisid_journaladmin@acme.com for journaling functions.
- Customer administrator – Specify the single administrator user name or account identity to perform change file actions in IBM SmartCloud for Social Business for your organization. This value should match the Customer administrator or your organization.
  - This identity is used to perform requests for operations encoded in the change files.
  - The name specified may also be specified as a integration and migration site user.
  - This identity is only used when the integration server processes an uploaded change file.
You will be notified when enablement is complete and can begin using the integration server.

Note: Because the integration server is based on IBM Tivoli Directory Integrator (TDI), Customer Services may supply you with an SSL certificate to enable your organization to securely upload change files and download associated results files through the FTP server.

User provisioning and identity management

Using the integration server, you can upload and integrate user identity and provisioning information from your existing on-premises system as often as needed.

The components that participate in the integration server environment are as follows. Additional components that are managed in the cloud are omitted from this list.

Customer identity management system
The customer identity management system contains information about individual user identities and related provisioning data and is maintained locally by you in an on-premises administrative system.
User provisioning change file
A user provisioning change file is a customer-created CSV (Comma Separated Value) format text file. It contains user identity information and lists the operations to perform for that identity. Typical operations include adding, deleting, and suspending user accounts and enabling user subscriptions. The content and name of the file must adhere to required specifications.

You upload change files to the integration server using secure FTP. Subsequent changes to user identity and provisioning in your on-premises identity management system can be periodically written to new change files on an automated basis, through task enablement or by way of a custom agent, using the required file naming and content conventions.

When the integration server processes a change file, it generates an associated report file.

For more information about provisioning change files, see Creating user provisioning change files.
FTP site
An FTP transfer mechanism allows you to upload change files to the integration server (by way of the cloud-based integration and migration site) over an authenticated, SSL-encrypted channel. It also allows you to download associated report and trace files.
Note: You can designate one or more users that are allowed to upload and download files. A private folder is dedicated to your account. Only designated users can access this folder.
Integration and migration site
The integration and migration site works with the integration server and the FTP site during upload of change files and download of their associated report and trace files.
Integration server
The integration server reads each change file uploaded from the FTP site and pushes the encoded change operations to your organization’s account.
Business Support System
The Business Support System (BSS) is the central component used to define and manage your organization’s account.

Creating user provisioning change files

A user provisioning change file is a customer-created CSV (Comma Separated Value) text file that contains user provisioning information from your on-premises management system. Once you have been enabled to use the integration server you use these text files to upload user provisioning information.

Within the enabled integration server environment, when you add a new user or change an existing user's configuration, you can manually, or automatically using a custom agent, create a user provisioning change file to capture those changes. This text file is used to upload user provisioning information.

Required provisioning file name and content formats are described here.

For examples, see Examples: User provisioning change files.

Within your provisioning change files, you can provision users as single collaboration and mail seat subscription or as part of a bundled subscription. For details, see Specifying a bundled subscription.

You can also specify accessory subscriptions, including IBM Lotus® Traveler, Hosted Blackberry Services, and Archiving Retention Data Feed. For details, see Specifying an accessory subscription.

Provisioning change file naming convention

Provisioning files must be properly named to be recognized and processed. Use the following naming convention when creating a user provisioning change file:

customerId_sourceId_prv_seqnum.csv

Table 2. Provisioning change file naming convention
File name entry type	File name entry description
`customerId`	Specifies the internal numeric identifier assigned to the customer. Your customer ID is located in the Company Account: Settings section of the Administration user interface. Use the value assigned to your specific customer account for the `customerId` value.
`sourceId`	Specifies the optional name of the authoritative source of the change(s). The `sourceId` part of the change file name can remain blank if there is only one source of identity information within the organization. For example, use one `sourceId` when source data is obtained from an IBM Lotus Domino Directory and another when source data is obtained from an Active Directory.
`type`	The user provisioning file type is PRV.
`seqNum`	Specifies the sequence number used to order the processing of files; the value must be an integer value between 0 and 4294967295. The value must not be less than that of the last file processed. UNIX epoch time is the recommended format. Use the UNIX date and time stamp for the `seqNum` part of the file name. See http://www.epochconverter.com (opens a new window) details. Sequence numbers are relative to the `customerId` and the `sourceId` values. This allows for machine and region independence.
`ext`	Specifies the file extension that indicates the data encoding type; options are as follows: .ldif - LDIF encoding; must be specified for integration change files .csv - Comma separated value encoding; must be specified for user provisioning change files

Example provisioning change file names are as follows:

30020506_HRDatabase_PRV_1260226223.CSV
30020506_PRV_1260226223.csv

In both examples, the organization's name is represented by the character string 30020506, the files are user provisioning change files, the sequence number is 1260226223, and the file is designated as one whose contents are comma separated. The first example uses the optional authorization source ID.

Note: Because the sourceId and seqNum values are controlled by each organization, date and time synchronization is not required.

Provisioning change file operations

You can encode various operations in a user provisioning change file.

Note: This table lists operation types; field entries and descriptions are provided in the next table.

Note: If the user is in a HELD state, the integration server will reject their provisioning file content and add an error message to their associated report file.

Note: Email address specification is not case-sensitive; all email addresses are normalized to lowercase.

Note: Using your organization account page, you can optionally specify that terms of use be automatically accepted for all users.

Table 3. Provisioning change file operation types
Provisioning operation	Description
`Add`	Creates a new subscriber record. An `Add` operation sends an email invitation to the subscriber that prompts them to set their own password, accept terms and conditions and access the services to which they've been entitled. The subscriber will be provided with a login account and a self manageable profile. A one-time password may be supplied, which the subscriber must change after first use. Note: Non-federated and Modified federated users must complete registration using the email invitation process, even if their account has been created using a customer-owned domain. Federated users are automatically processed and do not receive the email invitation.
`Update`	Updates a subscriber's person information such as their email address or mail template.
`Suspend`	Disables a subscriber's ability to log in and use services; it does not remove them or revoke subscriptions assigned to them.
`Resume`	Enables a suspended subscriber to log in and use services.
`Remove`	Removes a subscriber and revokes all their entitlements. It also deletes all collaboration content relative to the user's current collaboration subscription or, optionally, reassigns it to another subscriber. Note: Reassignment of mail content is not supported. If the user being removed has a mail subscription, all content associated with that mail subscription will be deleted.
`AssignSeat`	Assigns a subscription seat to the subscriber, provisioning all entitlements as defined within the subscription. A subscription seat entitles the subscriber to use all the features of a specific offering. A subscriber is allowed no more than their mail subscription and one collaboration subscription.
`ChangeSeat`	Changes the user's current collaboration subscription seat to a different collaboration subscription seat. Specifies the new collaboration `subscriptionId` and changes the existing subscription to the new subscription. Note: The current and target subscriptions must be compatible. Contact customer support for a list of compatible subscriptions. Use the `DELETECOLLAB` and `DELETEMAIL` keywords when changing an existing user from a bundled subscription to a single seat mail or collaboration subscription.
`RevokeSeat`	Revokes an existing subscribers seat, removing all entitlements associated with the subscription. Note: Rather than specify a particular `subscriptionId`, specify `COLLAB`, `MAIL`, `BUNDLE`, `BLACKBERRY_HOSTED`, `BLACKBERRY_HOSTED_MDS`, `TRAVELER`, or `RETENTION` in the `subscriptionId` field to identify the seat to revoke. Note: See the `AssignTo` field in the following table to optionally delete all collaboration content relative to a subscription or reassign to another. For a collaboration seat subscription, Files and Activities content can be reassigned, all other user data is deleted. Mail content cannot be reassigned.
`Rename`	Changes the `EmailAddress` that uniquely identifies the user and that they use to log in. Note: This operation is restricted to users that only have collaboration subscriptions. Note: The operation occurs immediately for federated and modified federated users. However, it will fail for a federated user if the new email address contains a domain the customer doesn't own.
`ResendInvitation`	Sends an invitation email to allow a user to activate a subscription for which they have been assigned a seat. This is typically used when the original invitation was either not delivered or was lost or deleted. This operation can also be used in conjunction with an `Add` or `AssignSeat` operation that specifies `SUPPRESS_ALL` in the `SupressInvitation` field. This enables a user to be pre-provisioned (without an invitation being sent) and invited to activate their subscription at a later time.
`ChangeStorage`	Specifies the amount of extra storage to be assigned for a user’s base subscription. The `SubscriptionId` field specifies the base collaboration, mail, or bundled subscription the extra storage is associated with. Use the `collabExtraStorage` or `mailExtraStorage` fields to specify the amount of extra storage being assigned. An available extra storage subscription with enough space to fulfill the requested amount is required.

Provisioning change file operation fields

The first line of the provisioning change file contains required header information; subsequent lines contain field values as described in the following table. When encoding the change file contents, include user-specific field data for the required provisioning operations. Each line must end with the appropriate line feed or carriage return to ensure that line endings are processed correctly during FTP transfer. See Examples: User provisioning change files for details.

Table 4. Provisioning file operation field names and descriptions
Field name	Field value description	Required or optional per operation
`EmailAddress`	Specifies the email address to be used when the user logs in.	This field is required by all operations. The character limit is 254.
`Action`	Specifies the operation to be processed; see preceding table for operation names and descriptions.	This field is required by all operations. The character limit is 10.
`SubscriptionId`	Specifies the subscription that the user be entitled to use. Some operations specify the keyword `COLLAB`, `MAIL`, `BUNDLE`, `BLACKBERRY_HOSTED`, `BLACKBERRY_HOSTED_MDS`, `TRAVELER`, or `RETENTION` to reference a collaboration, mail, bundled, or accessory subscription that is already assigned to the user.	This field is required by the `AssignSeat` and `ChangeSeat` operations and is optional for the `Add`, `AddStorage` and `RevokeSeat` operations. The character limit is 18.
`SubscriptionId2`	Specifies a second internal identifier for the subscription that the user be entitled to use on an `Add` operation.	This field is optional for the `Add` and `ChangeSeat` operations. A `Password` or an `AltEmailAddress` entry is required when changing from a seat that is not a SmartCloud Notes or IBM SmartCloud iNotes seat to one that is. The character limit is 18.
`GivenName`	Specifies the user's first name.	This field is required for the `Add` operation and optional for the `Update` operation. The character limit is 120.
`FamilyName`	Specifies the user's last name.	This field is required for the `Add` operation and optional for the `Update` operation. The character limit is 120.
`Language`	Specifies the user's preferred language.	This field is optional for the `Add` and `Update` operations. The character limit is 5. Note: If no language is specified, the company contact language is used. An administrator specifies the company contact language on their My Account Settings page using the Localization and Language options.
`TimeZone`	Specifies the user's time zone. See `Time zone values for change files` for legal values.	This field is optional for the `Add` and `Update` operations. The character limit is 30.
`Password`	When an account identify is in the process of being established, this one-time password value is used. When the user first logs in they will be prompted to set a new password. This password filed value must conform to password standards.	This field is optional for the `Add` operation. The character limit is 50.
`AltEmailAddress`	IBM SmartCloud for Social Business sends an email invitation to this address to complete establishment of an account identity. The user follows the supplied link to establish their account password. This is also used when specifying the new email address for a `Rename` operation.	This field is required the `AssignSeat` (for mail subscriptions) and `Rename` operations and is optional for the `Add` operation. The character limit is 254.
`NotesTemplate`	Specifies the IBM SmartCloud Notes mail template to be assigned to a SmartCloud Notes mail subscriber in either a hybrid or service-only environment. This field is only applicable for operations that reference SmartCloud Notes mail subscriptions. The name you specify must exactly match the desired template name, for example StdR85Mail. Note: If multiple mail templates are available to the SmartCloud Notes user being provisioned, use the following procedure to determine the template name to assign for the operation: Navigate to the Mail Templates dialog in the SmartCloud Notes administrator. Select Custom Mail Templates or Standard Mail Templates. Locate the row that matches the name, location, and version for the user being provisioned. Specify the desired mail template name in the provisioning change file. Where there is more than one version of the specified mail template name available for the subscriber's locale, for example StdR85Mail versions 8.5.2 and 8.5.3, the latest version is used.	This field is optional for the `Add`, `AssignSeat`, and `Update` operations. The character limit is 255.
`NotesDN`	Specifies the Distinguished Name (DN) to be assigned to a SmartCloud Notes mail subscriber. This field is only applicable for operations that reference SmartCloud Notes subscriptions. Note: SmartCloud Notes subscriptions require a unique user name, which is defined as the specified `NotesDN` value. If a `NotesDN` is not specified, one is generated from the specified, and unique, `GivenName` and `FamilyName` values. Once a SmartCloud Notes hybrid user has been provisioned using an integration server `Add` and `AssignSeat` operation, their name cannot be changed, either by an integration server `Rename` operation or manually by the BSS administrator user interface. The SmartCloud Notes user name would instead need to changed in the on-premises environment by specifying a different DN value.	This field is optional for the `Add` and `AssignSeat` operations. The character limit is 255.
`AssignTo`	Specifies the new (target) subscriber to be given the removed or reassigned resources of the source user. Note: Reassignment of resources is only supported for collaboration subscriptions.	This field is optional for the `RevokeSeat` and `Remove` operations. The character limit is 254.
`Department`	Specifies the user's department designation.	This field is optional for the `Add` and `Update` operations. The character limit is 255.
`JobTitle`	Specifies the Job Title field value for the user's profile record.	This field is optional for the `Add` and `Update` operations. The character limit is 100.
`Country`	Specifies the Country field value for the user's profile record using ISO 2 character code values.	This field is optional for the `Add` and `Update` operations. The character limit is 2.
`Telephone`	Specifies the Telephone field value for the user's profile record.	This field is optional for the `Add` and `Update` operations. The character limit is 20.
`Mobile`	Specifies the Mobile field value for the user's profile record.	This field is optional for the `Add` and `Update` operations. The character limit is 20.
`Fax`	Specifies the Fax field value for the user's profile record.	This field is optional for the `Add` and `Update` operations. The character limit is 20.
`Address`	Specifies the Address field value for the user's profile record.	This field is optional for the `Add` and `Update` operations. The character limit is 254.
`SuppressInvitation`	In combination with a `SUPPRESS_ALL` value, specifies that the `Add` and `AssignSeat` operations does not send the user an invitation email. A `ResendInvitation` operation can later be used to send the invitation. If the field is not specified, or if the field value is `SUPPRESS_NONE`, the invitation is sent (default).	This field is optional for the `Add` and `AssignSeat` operations.
`FederationType`	Species the user's federation type. The following values are available: If the organization federation type is Non-federated, use a user `FederationType` value of `NON_FEDERATED`. If the organization federation type is Federated, use a user `FederationType` value of `FEDERATED`. If the organization federation type is Modified, use a user `FederationType` value of `MODIFIED_FEDERATED`. If the organization federation type is Partial, use a user `FederationType` value of `NON_FEDERATED`, `FEDERATED`, or `MODIFIED_FEDERATED`. If the value does not follow theses rules, or is an invalid value, the integration server generates an error. If a value is not specified, the company's default federation type is used. If the organization's federation type is Partial then `NON_FEDERATED` is used.	This field is optional for the `Add` and `Update` operations.
`CollabExtraStorage`	Specifies the amount of extra storage, in GBs, of the Files quota for the collaboration subscription ID or bundled subscription ID specified in the `subscriptionID` field. Enter an integer greater than or equal to 0.	This field is optional for the `ChangeStorage` operation.
`MailExtraStorage`	Specifies the amount of extra storage, in GBs, of the Mail quota for the mail subscription ID or bundled subscription ID specified in the `subscriptionID` field. Enter an integer greater than or equal to 0.	This field is optional for the `ChangeStorage` operation.

Examples: User provisioning change files

Once you are enabled to use the integration server, and are familiar with file naming and attribute specification requirements, you can create user provisioning change files for uploading information from your on-premises data management system.

Review Creating user provisioning change files before proceeding.

The file header specifies the operation field names as they are defined in the first column of Table 3 in Creating user provisioning change files (case insensitive). The remaining lines define values for the corresponding fields. Each line must end with an appropriate carriage return or line feed character. On Windows platforms use \r\n (0x0D 0x0A) and on UNIX or Linux platforms use \n (0xA). While the integration server can process files with either line ending format, you should use the TEXT transfer format to ensure that proper line endings are sent to and received from the intermediary FTP server.

Adhere to the following rules when encoding operations in a provisioning change file:

Add the relevant field data in the correct, comma-separated, field order as follows; reference Table 3 in Creating user provisioning change files.

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,
language,timeZone,password,altEmailAddress,notesTemplate,notesDN,
assignTo,department,jobTitle,country,telephone,mobile,fax,address,
suppressInvitation,federationType,

Use a UTF-8 character set.
Add an empty value for an optional or non-applicable field using consecutive commas.
Encode a zero length string for a field as “”.
Surround field values with double quotes if the value contains a comma or contains one or more spaces at the beginning or end of the value. Other field values can optionally be surrounded by double quotes:
- Field values may be surrounded double quotes if desired regardless of the characters in the field.
- Double quotes must be used for field values that include a comma.
- Double quotes must be used for field values that have one or more spaces at the beginning or end of the value.
An update operation containing an empty field value (for example. ,,) leaves the field set to its existing value.
An update specifying a zero length string replaces the field value with a zero length string.
Operation names are not case-sensitive.

You can omit trailing commas at the end of a statement. For example, the following two statements yield the same result:

sd@mailinator.com,Add,85180,,Sam,Daryn,en_US,America/New_York

sd@mailinator.com,Add,85180,,Sam,Daryn,en_US,America/New_York,,,,,,,,,,,,

You can omit field names, and commas, at the end of a statement if they are not required for the operation. For example, if no fields are needed past TimeZone, values for the following fields only are sufficient:
```
emailAddress,Action,SubscriptionId,SubscriptionId2,GivenName,FamilyName,Language,TimeZone
```

Examples illustrating sample field values for various operation objectives are as follows:

Add a new subscriber with a collaboration subscription.

sd@mailinator.com,Add,85180,,Sam,Daryn,en_US,America/New_York

rsf@mailinator.com,Add,,,Randi,Factor,en_US,America/New_York

zachjones@us.ibm.com,Add,85181,,Zach,Jones,en_US,America/New_York

Update person information for a subscriber.

sd@mailinator.com,Update,,,,,zh_CN,Asia/Shanghai

rsf@mailinator.com,Update,,,,Jones

zachjones@us.ibm.com,Update,,,Zach

Suspend a subscriber.
```
sd@mailinator.com,Suspend
```
Resume a subscriber.
```
sd@mailinator.com,Resume
```
Assign an IBM SmartCloud iNotes subscription to an existing subscriber who has a collaboration seat.
```
sd@mailinator.com,AssignSeat,85292,,,,,,,samdaryn@try.lotuslive.com
```
Assign an SmartCloud iNotes subscription for an existing subscriber who has no seat subscriptions.
```
rsf@mailinator.com,AssignSeat,85292,,,,,,,rfactor@try.lotuslive.com
```
Assign anIBM SmartCloud Notes subscription to an existing subscriber who has a collaboration seat.
```
zachjones@us.ibm.com,AssignSeat,86796,,,,,,,zachjones@us.ibm.com
```
Assign a Meetings subscription to an existing subscriber who has anSmartCloud iNotes subscription.
```
rfactor@try.lotuslive.com,AssignSeat,85180
```
Change an existing subscription seat held by a subscriber from one subscription to another, for example from Meetings15 to Meetings20.
```
sd@mailinator.com,ChangeSeat,85179
```
Revoke an existing collaboration seat assigned to the subscriber.
```
sd@mailinator.com,RevokeSeat,COLLAB
```
Revoke a collaboration seat from one subscriber and reassign the seat content to a different subscriber (for example from sd@mailinator.com to lsuarez@mailinator.com).
```
sd@mailinator.com,RevokeSeat,COLLAB,,,,,,,,,,lsuarez@mailinator.com
```
Remove (delete) a subscriber.
```
sd@mailinator.com,Remove
```
Remove a subscriber and reassign their collaboration content to another subscriber.
```
sd@mailinator.com,Remove,,,,,,,,,,,lsuarez@mailinator.com
```
Add a subscriber with an SmartCloud iNotes subscription only and set a password that the user must change on first use.
```
samdaryn@try.lotuslive.com,Add,85292,,Sam,Daryn,en_US,America/New_York,secret
```
Add a subscriber with Meetings and SmartCloud iNotes subscriptions and set a password that the user must change on first use.
```
samdaryn@try.lotuslive.com,Add,85180,85292,Sam,Daryn,en_US,America/New_York,secret
```
Add a subscriber with Meetings and SmartCloud iNotes subscriptions and send an invitation to an alternate email containing a link to set the password.
```
samdaryn@try.lotuslive.com,Add,85180,85292,Sam,Daryn,
en_US,America/New_York,,sd@mailinator.com,
```
Add a subscriber with a SmartCloud Notes subscription only and set a password that the user must change on first use.
Note: Always set a one-time password when adding a subscriber; do not send an invitation to an alternate email to set the password.
```
sdaryn@us.abx.com,Add,86796,,Sam,Daryn,en_US,America/New_York,secret,,
mail90.ntf,Sam Daryn/abx/IBM
```
Add a subscriber with Meetings and SmartCloud Notes subscriptions and set a password that the user must change on first use.
Note: Always set a one-time password when adding a SmartCloud Notes subscriber; do not send an invitation to an alternate email to set the password.
```
sdaryn@us.abx.com,Add,85180,86796,Sam,Daryn,en_US,America/New_York,secret,,
mail90.ntf,Sam Daryn/abx/IBM
```

Rename a subscriber.

lucillesuarez@mailinator.com,Rename,,,,,,,,lusuarez@mailinator.com

Suppress an invitation.

lusuarez@mailinator.com,Add,85180,,Lu,Suarez,en_US,America/Boston,,,,,,,,,,,,,SUPPRESS_ALL

vivhanley@mailinator.com,Add,,,Viv,Hanley,en_US,America/Boston,,,,,,,,,,,,,SUPPRESS_ALL
 
vivhanley@mailinator.com,AssignSeat,85180,,,,,,,,,,,,,,,,,,SUPPRESS_ALL

Resend an invitation.

lucsuarez@mailinator.com,ResendInvitation

vivhanley@mailinator.com,ResendInvitation

Specify a federation type.

jashaj@mailinator.com,Add,85180,,Jas,Haj,en_US,America/Boston,,,,,,,,,,,,,,MODIFIED_FEDERATED

vivhanley@mailinator.com,Update,,,,,,,,,,,,,,,,,,,,FEDERATED

Add a SmartCloud Notes hybrid user that is in listed in the Domino directory.

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,language,timeZone,password
jHybrid12@HybridSVTCoA.com,Add,57163,,Jayne,Hybrid12,,,passw0rd

Assign a SmartCloud Notes seat to an existing collaboration user.

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,language,timeZone,password,altEmailAddress
jhybrid06@hybridsvtcoa.com,Assignseat,57163,,Jayne,Hybrid06,,,,jhybrid06@HybridSVTCoA.com

Add a SmartCloud Notes hybrid user and assign a mail template for that user.

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,language,timeZone,password,altEmailAddress,notesTemplate
jHybrid11@HybridSVTCoA.com,Add,57163,,Jayne,Hybrid11,,,passw0rd,,callc10727mail

Assign a SmartCloud Notes seat, and specify a mail template name, for an existing collaboration user.

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,language,timeZone,password,altEmailAddress,notesTemplate
jhybrid06@hybridsvtcoa.com,Assignseat,57163,,Jayne,Hybrid06,,,,jhybrid06@HybridSVTCoA.com,callc10727mail

Update one or more existing users to use a different mail template.

Enable an existing user to use a different mail template than the one they are using currently.

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,language,timeZone,password,altEmailAddress,notesTemplate,notesDN,Department,jobTitle,Country,telephone,mobile,fax,address
jHybridNew28@HybridSVTCoA.com,Update,,,Jayne,Hybridnew28,,,,,CALLC10727Mail

Enable all existing users to use a different mail template than the one they are using currently.

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,language,timeZone,password,altEmailAddress,notesTemplate,notesDN,Department,jobTitle,Country,telephone,mobile,fax,address
maddiemorrie@ktpvmw2k8.swg.usma.ibm.com,Update,,,,,,,,,CALLC10727Mail

When adding or updating a SmartCloud Notes hybrid or non-hybrid user's name or mail template using a provisioning change file; caveats exist for notesDN field usage. This is applicable when a user's givenName or familyName differ in their notesDN settings. Examples are as follows:

Update operations

If an administrator wants to update a SmartCloud Notes user's givenName or familyName, they must not specify anything in the notesDN field. Specifying a value in such an update operation fails with the message ERROR: Notes Attribute validation failed.

For example, the following Update operation would fail:

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,notesDN
jHybridNew10@HybridSVTCoA.com,Update,,,Jaynerevised,HybridNew10revised,Jayne HybridNew10/HighAvail

For example, the following Update operation would succeed:

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,notesDN
jHybridNew10@HybridSVTCoA.com,Update,,,Jaynerevised,HybridNew10revised,

If an administrator wants to update a SmartCloud Notes user's custom template, they must not specify anything in the notesDN field.

For example, the following Update operation would fail:

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,notesTemplate,notesDN
annajones@jroct19.llc1test.net,Update,,,Anna,Jones,E3_2319A,Anna Jones/JR OCT 19

For example, the following Update operation would succeed:

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,notesTemplate,notesDN
annajones@jroct19.llc1test.net,Update,,,Anna,Jones,E3_2319A

Add operations

If an administrator adds a SmartCloud Notes user and specifies a different givenName or familyName than the user's on-premises distinguished name, they must specify the correct distinguished name in the notesDN field.

For example, the following Add operation would fail:

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,password,notesDN
jHybridNew13@HybridSVTCoA.com,Add,57163,,Jaynerevised,HybridNew13revised,passw0rd

For example, the following Add operation would succeed:

emailAddress,action,subscriptionId,subscriptionId2,givenName,familyName,password,notesDN
jHybridNew13@HybridSVTCoA.com,Add,57163,,Jaynerevised,HybridNew13revised,passw0rd,Jayne HybridNew13/HighAvail

AssignSeat operations
Behavior for a SmartCloud Notes subscription is as follows:
- If givenName and familyName are null, and notesDN is specified, use the notesDN as the user’s DN.
- If givenName and familyName are specified, and notesDN is null, use the givenName and familyName to construct the DN.
- If givenName and familyName are specified, and notesDN is specified, use the notesDN as the user’s DN and ignore givenName and familyName.
- If givenName and familyName are null, and notesDN is null, use the givenName and familyName from the account as the user’s DN.
- For SmartCloud Notes hybrid users, an entry must exist in the IBM Lotus Domino Directory with the resulting DN.
- For SmartCloud Notes non-hybrid users there must not be an existing entry in the IBM Lotus Domino Directory with the resulting DN.
- The user account record is not updated with any values specified by the givenName or familyName fields.

Several sample provisioning file entries for bundled subscriptions are provided as follows:

Add a user and provision them with a bundled subscription that includes Engage and SmartCloud iNotes.
```
sarahdavidson@try.lotuslive.com,Add,91319,,Sarah,Davidson,en_US,America/New_York
```
Revoke a bundled subscription from a user and reassign their collaboration user data to another user.
```
sarahdavidson@try.lotuslive.com,RevokeSeat,BUNDLE,,,,,,,,,,jd@mailinator.com
```

Assign a bundled subscription to a user whom has no existing seat.

mad@mailinator.com,AssignSeat,91319,,,,,,,meghandavidson@try.lotuslive.com

Remove subscriber and reassign collaboration content to another user (note that only Files and Activities data can be reassigned, all other SmartCloud Engage applications data and mail data is deleted).
```
mad@mailinator.com,Remove,,,,,,,,,,,jd@mailinator.com
```
Change the seat assignment of a user with individual SmartCloud Engage and SmartCloud iNotes subscriptions to a bundled subscription.
```
smd@mailinator.com,ChangeSeat,91319
```
Change the seat assignment of a user with individual SmartCloud Engage subscriptions to a bundle subscription.
```
nld@mailinator.com,ChangeSeat,91319,,,,,,,nancydavidson@try.lotuslive.com
```
Change the seat assignment of a user with a bundled subscription to an individual SmartCloud Engage and SmartCloud iNotes subscription.
```
smd@mailinator.com,ChangeSeat,85180,85292
```
Change the seat assignment of a user who has been provisioned in a bundled subscription to just SmartCloud Engage.
```
cjd@mailinator.com,ChangeSeat,85180,DELETEMAIL
```
Change the seat assignment of a user who has been provisioned in a bundled subscription to just SmartCloud iNotes.
```
nld@mailinator.com,ChangeSeat,85292,DELETECOLLAB
```
Revoke a bundled subscription from a user and reassign collaboration user data to another user.
```
smd@try.lotuslive.com,RevokeSeat,BUNDLE,,,,,,,,,,jd@mailinator.com 
```
Assign a SmartCloud Notes Traveler seat to a subscriber for an existing SmartCloud Notes user.
```
emailAddress,action,subscriptionId
jnotes06@notesdomain.com,Assignseat,57163 
```
Add and provision a user with a SmartCloud Notes subscription and a SmartCloud Notes Traveler accessory subscription.
```
smd@try.lotuslive.com,Add,91319,91320,Sarah,Davidson,en_US,America/New_York
```
Change the seat assignment of a user who has been provisioned in a SmartCloud Notes and IBM SmartCloud Engage bundled subscription and SmartCloud Notes Traveler subscription to SmartCloud Notes. The Traveler subscription is preserved.
```
cjd@mailinator.com,ChangeSeat,85180,DELETECOLLAB
```
Change the seat assignment of a user who has been provisioned in a bundled subscription and SmartCloud Notes Traveler subscription to just IBM SmartCloud Engage. The Traveler subscription is removed.
```
cjd@mailinator.com,ChangeSeat,85180,DELETEMAIL
```
Assign 15 GB of storage to the Files quota of IBM SmartCloud Engage.
```
smd@example.com,ChangeStorage,85180,,,,,,,,,,,,,,,,,,,,15,
```

Assign 15 GB of storage to the Mail quota of SmartCloud iNotes.

JohnDoe@example.com,ChangeStorage,85292,,,,,,,,,,,,,,,,,,,,,15

Assign 15 GB of storage to the Mail and Files quota in an IBM SmartCloud Engage and SmartCloud iNotes bundle.
```
JohnDoe@example.com,ChangeStorage,91319,,,,,,,,,,,,,,,,,,,,15,15
```

Specifying a bundled subscription

You can specifying a bundled subscription using the integration server.

Bundling subscription data for several users enables you to specify the same collaboration and/or messaging subscription for many users simultaneously. This provides an alternative to specifying user subscription and provisioning individually in the user provisioning change file or individually in the IBM SmartCloud for Social Business administrator user interface.

You can specify a bundled subscription to both initially upload users in bulk, and to make changes to existing users. For some operations you can change a user from a bundled subscriber to a single seat subscriber or a single seat subscriber to a bundled subscriber.

To initiate this user provisioning process, you must first request integration server enablement from your customer services representative and then configure your FTP site as instructed. See Requesting integration server enablement for details.

When you order an IBM SmartCloud Engage and IBM SmartCloud Notes bundled offering, the bundle is configured as follows:

Your organization's account will contain a single subscription that includes the specified bundled subscription entitlements.
Each user is provisioned as one seat in the bundle; that seat will include the designated IBM SmartCloud Engage and IBM SmartCloud Notes entitlements.
All users are provisioned identically, for example you cannot provision some users with just IBM SmartCloud Engage and others with just IBM SmartCloud Notes.

Note: If a user is changed from an individual seat subscription to a bundled subscription, their email address is preserved.

Capture your bundled subscription information in the required CSV file format and upload the CSV file to the integration server. All user provisioning change file operations, as listed in the Creating user provisioning change files topic, support bundled subscriptions. Considerations that are specific to these operations for bundled subscriptions are as follows:

Add and AssignSeat operations

Use an Add or AssignSeat operation to add a user and assign a collaboration and/or mail subscriber (single seat) as a bundled user.

An Add or AssignSeat operation returns an error when you attempt to do the following:

Add a user to a collaboration service, mail service, or bundled subscription when the user is already provisioned by a bundled subscription.
Add a user as part of a bundled subscription when the user is already provisioned as a collaboration service and/or a mail service subscriber.

ChangeSeat

Use a ChangeSeat operation to replace a user’s single seat subscription with a bundled subscription.

If the user is subscribed to a collaboration service and a mail service, that user is swapped to the bundled subscription and their mail is preserved.
If the user is subscribed to a single collaboration service, a mail service, or a bundled subscription the following occurs:
- Target subscription is a bundled subscription
  - If the user is subscribed to a collaboration seat and a mail subscription, the user is swapped to the bundled subscription and removed from their single seat subscription designation. Their collaboration subscription content (for example, data from Profiles, Files, Communities and so on) and mail data is preserved and is reassociated with their bundled subscription.
- Source subscription is a bundled subscription
  - You can specify the source bundled subscription in one field and the target subscription as a new field in the ChangeSeat operation.
  - The keyword values DELETECOLLAB and DELETEMAIL allow you to change a user from a bundled subscription to a single seat mail or collaboration subscription.

Remove and RevokeSeat

These operations remove a user from the bundled subscription or revoke the seat of a user within the bundled subscription respectively.

If no new user is listed, a RevokeSeat operation removes the user from the subscription but does not delete their mail or collaboration service data. The BUNDLE keyword is needed.
If no new user is listed, a Remove operation removes the user from the subscription and deletes all their mail and collaboration service data.

If you also specify an assignTo value, you can reassign a revoked or removed user’s mail and collaboration service data to a designated user.

If you specify an assignTo value for a revokeSeat operation, available service data is reassigned to the assignTo user, other service data is deleted, and the original subscription is removed. If there is no subscription data that can be reassigned, an error message displays.

Only Files and Activities subscription data can be reassigned.
IBM SmartCloud Notes mail subscriptions cannot be reassigned.
IBM SmartCloud iNotes mail subscriptions cannot be reassigned.
If mail data cannot be reassigned it is lost, for example if an assignTo user already has a mail subscription, then only the existing collaboration services data is reassigned, even if the user is a bundled subscriber.

Specifying an accessory subscription

You can provision users with accessory subscriptions using the integration server.

You can provide users with accessory subscriptions such as SmartCloud Notes Traveler, Hosted Blackberry Services, and Archiving Retention Data Feed. Accessory subscriptions require a compatible base subscription. For example, to use Traveler in IBM SmartCloud for Social Business the user being provisioned would first need to have a valid Notes subscription ID. The base subscription ID must be specified when provisioning the user.

The provisioning operations that support accessory subscriptions are Add, Remove, AssignSeat, , and RevokeSeat.

Capture your accessory subscription information in the required CSV file format and upload the CSV file to the integration server. All user provisioning change file operations are described in the Creating user provisioning change files topic. Considerations that are specific to these operations for accessory subscriptions are as follows:

Add: Use Add to entitle a subscriber to an accessory subscription. Specify both the accessory subscription ID and the compatible base subscription ID in either the SubscriptionId or SubscriptionId2 field.
AssignSeat: Use AssignSeat to entitle a user to an accessory subscription. Specify the accessory subscription ID in the SubscriptionId field. To assign an accessory subscription seat, the subscriber must have an existing compatible subscription seat.
Remove: Use Remove to remove a user; any accessory subscriptions the user is entitled to are revoked and the accessory data is deleted.
ChangeSeat: You cannot use ChangeSeat to change from one accessory subscription to another. When ChangeSeat is used on a base subscription, and there is an accessory subscription associated with that base subscription, the accessory subscription is also transferred to the new base subscription.
RevokeSeat: Use RevokeSeat to specify an accessory subscription keyword for the SubscriptionId field to revoke a specific type of accessory subscription. Use keyword, BLACKBERRY_HOSTED, BLACKBERRY_HOSTED_MDS, TRAVELER, or RETENTION to specify the subscription type you are revoking. Using RevokeSeat on a base subscription will also revoke any associated accessory subscriptions.

Reassigning accessory subscriptions is not supported. For example, specifying a RevokeSeat or Remove operation that uses an assignTo qualifier to reassign data resources to another user will only reassign collaboration data; any accessory data is deleted

Completing subscription provisioning for SmartCloud Notes hybrid users

You can use the integration server to complete mail subscription provisioning for IBM SmartCloud Notes hybrid users.

In the SmartCloud Notes hybrid configuration some users access their mail from on-premises server environment and some from a SmartCloud Notes environment.

You can use an Add or AssignSeat entry in a user provisioning change file to provision multiple SmartCloud Notes hybrid users with a SmartCloud Notes mail subscription.

The following scenarios are supported:

An account for the user already exists and some subscriptions have been assigned already using the integration server. The account identity, for example email address, matches the SmartCloud Notes on-premises email address.
1. Complete the procedures in Configuring a hybrid environment (opens a new window) and Completing the configuration (opens a new window) topics in SmartCloud Notes administrator help.
2. Use an AssignSeat entry in a user provisioning change file to assign users a SmartCloud Notes subscription. Be sure to use the account identity email address that matches the user's on-premises email address.
3. Upload the change file to the integration server.
An account for the user already exists but no subscriptions have been assigned
1. Read and comply with the Before you begin section of the Provisioning users with existing mail files in a hybrid environment (opens a new window) topic in SmartCloud Notes administrator help.
2. Use an AssignSeat entry in a user provisioning change file to assign the user a SmartCloud Notes subscription.
3. Upload the change file to the integration server.
No account exists yet for the user
1. Read and comply with the Before you begin section of the Provisioning users with existing mail files in a hybrid environment (opens a new window) topic in SmartCloud Notes administrator help.
2. Use an Add entry in a user provisioning change file to add the user to your organization's account. You can optionally assign the user a SmartCloud Notes subscription, and collaboration services subscriptions, in this same Add statement.
3. Upload the change file to the integration server.

The upload process checks the file entries for a valid user name, domain name, mail template name and that the user has already been configured as a SmartCloud Notes hybrid user. If any of these parameter checks fail, that user is rejected and a corresponding statement is generated in the associated report file. Specifying an account identity email address that does not match the users's on-premises email address also returns an error:

Note: The following considerations exist when renaming a user who is also provisioned asSmartCloud Notes hybrid user:

Using a change operation and specifying only the user’s NotesDN value (and not their name) will return an error.
Using a change operation to rename a user account where the specified user name (email address) does not match the user’s SmartCloud Notes email address will return an error.
Using a change operation to rename a user account where the user name is the SmartCloud Notes email address will return an error.
The NotesDN value is only recognized when changing from a non- SmartCloud Notes seat to a subscription that contains a SmartCloud Notes seat.

Directory integration

Using the integration server, you can upload and integrate some or all users and groups in your enterprise directory to the IBM SmartCloud iNotes corporate contacts directory as often as needed.

Directory integration enables you to synchronize your organization's enterprise directory with the SmartCloud iNotes corporate contacts directory. It does not create, modify, or delete SmartCloud iNotes user accounts.

The components that participate in the integration server environment are as follows. Additional components that are managed in the cloud are omitted from this list.

Customer enterprise directory
The customer enterprise directory contains person and group entries and is typically maintained locally by you in an on-premises administrative system.
SmartCloud iNotes corporate contacts directory
The SmartCloud iNotes directory contains all corporate persona and group entries for use with SmartCloud iNotes; it is typically created from and synchronized with the enterprise directory.
Directory integration change file
A directory integration change file is a customer-created LDIF (LDAP Data Interchange Format) text file. It contains additions, updates, and deletions for each person or group in the enterprise directory or directories. The content and name of the file must adhere to required specifications.

You upload change files to the integration server, using secure FTP, for integration into IBM SmartCloud for Social Business. Subsequent changes to information in your local customer enterprise directory can be periodically written to create new change files on an automated basis, through task enablement, or by way of a custom agent, using the required file naming and content conventions.

When the integration server processes a change file, it generates an associated report file.

For more information about directory integration change files, see Creating directory integration change files.
FTP site
An FTP transfer mechanism allows you to upload change files to the integration server (by way of the cloud-based integration and migration site) over an authenticated SSL-encrypted channel. It also allows you to download associated report and trace files from the integration server by way of the integration and migration site.
Note: You can designate one or more users that are allowed to upload and download files. A private folder is dedicated to your account. Only designated users can access this folder.
Integration and migration site
The integration and migration site works with the integration server and the FTP site during upload of change files and download of their associated report and trace files.
Integration server
The integration server reads each change file uploaded from the FTP site and pushes the encoded change operations to your organization’s account.
Business Support System
The Business Support System (BSS) is the central component used to define and manage your organization’s account.

Creating directory integration change files

A directory integration change file is a customer-created LDIF (LDAP Data Interchange Format) text file. It contains add, update, and delete information for each person or group in an organization’s enterprise directory or directories for upload to the IBM SmartCloud iNotes corporate contacts directory.

Using the integration server and directory integration change files, you can upload and some or all users and groups in your enterprise directory to the SmartCloud iNotes corporate contacts directory as often as needed.

Required directory integration change file name and content formats are described here.

For examples, see Examples: Directory integration change files.

Directory integration change file naming convention

Directory integration change files must be properly named to be recognized and processed. Use the following naming convention when creating a directory integration change file:

customerId_sourceId_di_seqnum.ldif

Table 5. Directory integration change file naming convention
File name entry type	File name entry description
`customerId`	Specifies the internal numeric identifier assigned to the customer. Your customer ID is located in the Company Account: Settings section of the Administration user interface. Use the value assigned to your specific customer account for the `customerId` value.
`sourceId`	Specifies the optional name of the authoritative source of the change(s). The `sourceId` part of the change file name can be blank if there is only one source of identity information within the organization.
`type`	The directory integration file type is DI.
`seqNum`	Specifies the sequence number used to order the processing of files; the value must be an integer value between 0 and 4294967295. The value must not be less than that of the last file processed. UNIX epoch time is the recommended format. Use the UNIX date and time stamp for the `seqNum` part of the file name. See http://www.epochconverter.com (opens a new window) details. Sequence numbers are relative to the `customerId` and the `sourceId` values. This allows for machine and region independence.
`ext`	Specifies the file extension that indicates the data encoding type; options are as follows: .ldif - LDIF encoding; must be specified for integration change files .csv - Comma separated value encoding; must be specified for user provisioning change files

Example directory integration change file names are as follows:

30020506_ActiveDirectory_DI_1260226223.LDIF
30020506_DI_1260226223.ldif

In both examples, the organization's name is represented by the character string 30020506, the files are directory integration change files, the sequence number is 1260226223, and the file is designated as an LDIF file type. The first example uses the optional authorization source ID.

Note: Because the sourceId and seqNum values are controlled by each organization, date and time synchronization between you and IBM is not required.

Directory integration change file operations

Supported directory integration change file operations are as follows. See Tables 3 and 4 and Examples: Directory integration change files for syntax and examples.

Note: Using your organization account page, you can optionally specify that IBM SmartCloud for Social Business Terms of Use be automatically accepted for all users.

Note: For directory integration change files, the integration server does not process operation types where the operation type name contains a capital letter. For example, operation type Add entries are ignored but operation type add entries are processed.

Table 6. Change file operation types
Change file operation type	Description
`add`	Creates a new entry for the specified person record in the SmartCloud iNotes corporate contacts directory.
`modify`	Updates an entry for the specified person record in the SmartCloud iNotes corporate contacts directory. Modify operations can delete, replace, add, and so on.
`delete`	Deletes an entry for the specified person record from the SmartCloud iNotes corporate contacts directory.
`modrdn` or `moddn`	Renames the corresponding group according to the `newrdn` attribute.

Data fields for person and group entries

The following table shows how person entries in the change file should be specified in terms of the inetOrgPerson schema. Supported attributes that have no inetOrgPerson equivalent are shown in in italics.

The mail attribute must be specified on Add operations.

Note: Syntax validation is not performed on mail attribute values.

Note: The maximum character length for all attributes is 255.

Note: All data type formats are String unless otherwise noted.

Table 7. Data fields for directory integration person entries
LDAP inetOrgPerson `or other attribute`	Field Label in iNotes Corporate Contacts directory UI
`DN`	NA
`givenName`	1st line in header
`middleName`	not displayed
`sn`	first line in header
`title`	second line in header
`o`	third line in header
`nickName`	not displayed
`displayName`	not displayed
`birthday`	not displayed
`departmentNumber`	not displayed
`description`	Notes
– Email addresses –
`mail`	emails (Work)
`homeMail`	emails (Home)
– Phone Numbers –
`telephoneNumber`	Phone (Work)
`homePhone`	Phone (Home)
`pager`	Phone (Pager)
`mobile`	Phone
`facsimileTelephoneNumber`	Phone (Fax)
– Home address –
`homeStreetAddress`	Address (Home)
`homeCity`	Address (Home)
`homeState`	Address (Home)
`homePostalCode`	Address (Home)
`homeCountry`	Address (Home)
– Work Address –
`street`	Address (Work)
`l`	Address (Work)
`st`	Address (Work)
`postalCode`	Address (Work)
`c`	Address (Work)
– URLS –	Address (Work)
`labeledURL`	not displayed
`homeURL`	not displayed

Table 8. Data fields for directory integration change file group entries
LDAP Attribute from GroupOfNames `or other attribute`	Field Label in iNotes Corporate Contacts directory UI	Contact Rest API JSON encoding
`DN`	not displayed	`“source”:value`
`cn`	first line in header	`“lastName”:value`
`description`	Notes	`notes”:[value1,...,value2]`
`o`	second line in header	`companyName”:value`
`mail`	emails (Work)	`“emails”:[ { “value”:value, “type”:”work”, “primary”: true} ]`
`nickName`	not displayed	`“nickName”:[value1,...,value2]`

Examples: Directory integration change files

Once you are familiar with required file naming and attribute specifications, you can create directory integration change files for uploading information from your enterprise directory to the IBM SmartCloud iNotes corporate contacts directory.

Review Creating directory integration change files before proceeding.

Add a new person to the corporate contacts directory.
If this is a group objectClass, use groupOfNames rather than inetOrgPerson. The displayName and mail attributes are mandatory, all others are optional.
```
DN: cn=Joe Smith,ou=Development,o=Acme
changeType: add
objectClass: inetOrgPerson
displayName: Joe Smith
mail: joe.smith@acme.com
givenName: Joe
sn: Smith
telephoneNumber: 999 123-9876
```

Modify an existing user's contact information.

Delete a pager number and add a cell phone number.

DN: cn=Joe Smith,ou=Accounting,o=Acme
changeType: modify
delete: pager
replace: mobile
mobile: 123 456-7890

Add a phone number.

DN: cn=Joe Smith,ou=Marketing,o=Acme
changeType: modify
add: telephoneNumber
telephoneNumber: 111 222-3333

Replace any existing title with a new title.

DN: cn=Joe Smith,ou=Sales,o=Acme
changeType: modify
replace: title
title: Senior Vice President

Delete a user.
Remove a user who is no longer with the organization.
```
DN: cn=Joe Smith,ou=Quality Assurance,o=Acme
changeType: delete
```

Replace a user's name.

dn: cn=Marsha Smith,ou=Product Development,o=Acme
changetype: modrdn
newrdn: Marsha Jones
newsuperior: ou=Marketing, o=Acme

Example of a fully populated new entry

A fully populated user sample is as follows.

dn: cn=Joe Smith,ou=Users,dc=Acme,dc=com
changetype: add
objectClass: inetOrgPerson
givenName: Joseph
middleName: Michael
sn: Smith
title: Technical Support Specialist
o: TestCustomer
nickName: jms
displayName: Joseph M Smith
birthday: 1963-07-19
departmentNumber: Department ZZZ
description: Member of ABX support team
mail: joe.smith@acme.com
homeMail: joemsmith@providerabc.net
telephoneNumber: 123 456-7890
homePhone: 456 123-7890
pager: 000 111-2222
mobile: 111 222-3333
facsimiletelephonenumber: 222 333-4444
homeStreetAddress: 111 Boston St
homeCity: Boston
homeState: MA
homePostalCode: 12134
homeCountry: US
street: 550 King St
l: Littleton
st: MA
postalCode: 01460
c: US
labeledURI: http://www.lotuslive.com
homeUrl: http://www.abx789.com

Creating an agent to capture change file content

Uploading change files to the integration server enables you to easily add user identity content. You can create change files on a periodic basis using agents that run in your local on-premises administrative environment.

Consider the following when creating agents to create and upload change files:

Where the agent should search for data
In which fields the agent should search
How to specify the file name and format layout the agent should use to create and populate the change file
At what interval the agent should search for data
How the agent should determine what information has changed since its last search
At what FTP site and folder the agent should place the newly created change file

Processing change files

The integration server is used to upload information from your on-premises system, using a designated FTP site, based on operations specified in change files.

Supported change file types are as follows and are listed in the order in which they are processed:

Directory integration
User provisioning

The process of uploading change file content through the integration server requires that you do the following:

Request and obtain integration server enablement through IBM SmartCloud for Social Business Customer Services.
Create an agent or script that obtains new and changed content information from your on-premises administrative system and creates a new change file that captures that information. The file name and content formatting of the change file are critical.
For user provisioning, determine if you want to provision users as pat of a bundled subscription or as single seat subscribers.
Determine how frequently, and from where, the agent should fetch new and changed content information in your on-premises environment.
Ensure that the agent places the change files that it creates during this process on the designated FTP site in the correct directory.
Determine who in your organization will be the authorized identity used to put change files at the FTP site and get the corresponding results files generated.
As report and trace files warrant, correct any reported errors, rename the change file to facilitate correct sequence numbering, and move the file to the FTP site directory to upload for reprocessing.

It also requires that Customer Services do the following:

Respond to your integration server enablement request with its own request for required account information, such as your organization name and ID.
Enable your organization to use the integration server.
Contact you when integration server enablement is complete and supply you with any organization-specific information such as FTP site name or address.

FTP file transfer of change files and associated results files

Your change files are uploaded to the integration server through the integration and migration site, using secure FTP protocol. This same FTP transfer mechanism is also used when downloading associated results files.

The integration and migration site is an intermediary service that helps facilitate data transfer between your local FTP site and the integration server. The FTP service is configured as follows:

Host – ftp.na.collabserv.com or ftp.ap.collabserv.com depending on your hosting environment.
Port – 990
SSL mode – implicit

The FTP server uses anti-virus software to detect and quarantine infected files.

Summary information for multiple change files can reside in a single report file. If all operations in a change file were performed successfully, the process moves the report file to the _processed folder. If one or more errors occurred, it moves the change file to the _error folder.

The process generates a separate trace file to correspond with each uploaded change file processed, allowing you to perform a programmatic validation on the status of each operation in the file.

Trace files are moved to the same _processed or _error folder as their corresponding change file.

You can delete files in the _error, _processed and _report directories on the FTP server.

Load balancing and processing limitations

The integration server uses processing limitations to assist in load balancing.

When the integration server processes a change file it first counts the number of entries. It will not process the file if doing so would exceed file limits. If processing would exceed daily or hourly limits, the file is processed in the next cycle. The integration server processes all change files for an organization until it reaches the hourly or daily limit for a single organization and then it moves on to the next organization in queue.The following limits exist:

750 change operations per hour for user provisioning change files
10000 change operations per day
200 operations per change file

If the hourly maximum is reached, an organization's files are ignored until the next hour. If the daily maximum is reached, the organization's files are ignored until the next day and an entry is added to the report file. A trace file is created if an error is encountered.

If the file entry count is the same or larger than the daily limit, the file is moved to the _error directory and an entry is added to the report file.

If the entries for a single file exceed the 200 operations limit, the file is moved to the _error directory and an entry is added to the report file.

If a file is ignored, the sequence number is not updated. If the file is processed but an error occurs, the sequence number is updated.

Integration server report files

The integration server generates a report file for each batch of change files processed for your organization.

Report files contain a summary of successful operations and details for operations for which it encountered errors. You can use a report file to do the following:

Verify that intended operations occurred.
Discover and correct problems.
Provide troubleshooting information.

Reports are generated in the _report directory.

Report and trace files provide result code values to help determine and validate processing results.

Report file names are generated based on the date and time processing began. Sample report file names are as follows:

_report\LLIS_Report_20110820_121003.txt
_report\LLIS_Report_20110820_122726.txt
_report\LLIS_Report_20110820_123722.txt

Sample report file content for a provisioning change file showing a combination of successful and failed operations is as follows:

2/8/11 11:32 PM - *** Processing file: llis/acme/foo
2/8/11 11:32 PM - ERROR: The file name format is not valid.
2/8/11 11:32 PM - *** Processing file: llis/acme/10049989_sequence
2/8/11 11:32 PM - ERROR: The file name format is not valid.
2/8/11 11:32 PM - *** Processing file: llis/acme/20049989_PRV_00000000.csv
2/8/11 11:32 PM - ERROR: A failure occurred when processing the CSV entry #1.  

The error message follows: com.abx.bss.shim.exceptions.BadRequestException: 
Email address already exists.
2/8/11 11:32 PM -   CSV entries read: 1; BSS entries written: 0; 
CSV read errors: 0; 
BSS write errors: 1
2/8/11 11:32 PM - *** Processing file: llis/acme/20049989_PRV_00000001.csv
2/8/11 11:32 PM - CSV entries read: 3; BSS entries written: 3; No errors!
2/8/11 11:32 PM - *** Processing file: llis/acme/20049989_PRV_00000002.csv
2/8/11 11:32 PM - CSV entries read: 1; BSS entries written: 1; No errors!
2/8/11 11:33 PM - *** Processing file: llis/acme/20049989_PRV_00000006.csv
2/8/11 11:33 PM - CSV entries read: 1; BSS entries written: 1; No errors!
2/8/11 11:33 PM - *** Processing file: llis/acme/20049989_PRV_00000007.csv
2/8/11 11:33 PM - ERROR: A failure occurred when processing the CSV entry #1.  
The error message follows:   

ERROR: Cannot revoke, user does not hold subscription.
2/8/11 11:33 PM - CSV entries read: 1; BSS entries written: 0; 
CSV read errors: 0; 
BSS write errors: 1
2/8/11 11:33 PM - *** Processing file: llis/acme/20049989_PRV_00000009.csv
2/8/11 11:33 PM - CSV entries read: 1; BSS entries written: 1; No errors!

If an error occurs during processing, the change file is moved to the _err subdirectory to prevent its reprocessing, the error is recorded in an associated report and trace file, and processing of sequentially numbered files continues.

Using the report, and trace, file, you can determine and correct the problem and then upload the change file for reprocessing.

Note: Change the date and time portion of the change file name so that it can be sequentially reprocessed.

For all result code definitions see Integration server report files.

Integration server trace files

The integration server generates a trace file for each change file it processes.

Traces files contain detailed status information for each change file operation processed.

Trace file are created in the same _processed or _error subdirectory in which the corresponding change file resides. Each trace file name matches its corresponding change file name followed by _trace, for example 20049989_PRV_00000000_trace.csv.

See Integration server report files for a list of all available result codes.

User provisioning trace files

User provisioning trace files adhere to the following format:

entryNum,lineNum,resultCode,”original_line_from_change_file”

entryNum is the sequential count of the change entry.
lineNum is the line number on which the change entry begins.
resultCode is the integer result code generated for the change entry.
original_line_from_change_file is the line that was processed.

Sample trace file content for a user provisioning change file is as follows. The zero result code in the first two lines indicates processing success. The entry 99 row indicates a line that could not be processed.

entryNum,lineNum,resultCode,emailAddress,action,subscriptionId,givenName,familyName,language
1,5,0,smd@mailinator.com,Add,85180,Joe,Smith,en_US
2,7,0,rsf@mailinator.com,Add,,Randi,Factor,en_US

...
99,97,1,bad input line

Time zone values for change files

Available Timezone field values for integration server change files are as listed.

Time zone names are defined in the tz database, which is also referred to as the zoneinfo database or Olson database. See List of tz database time zones (opens in a new window) for reference information.

The following user time zone values are available.

Pacific/Apia  (GMT-11:00) Samoa Standard Time  (Apia) 
Pacific/Pago_Pago  (GMT-11:00) Samoa Standard Time  (Pago Pago) 
Pacific/Honolulu  (GMT-10:00) Hawaii-Aleutian Standard Time
America/Adak  (GMT-09:00) United States  (Adak) 
America/Anchorage  (GMT-08:00) Alaska Daylight Time
America/Ensenada  (GMT-08:00) Pacific Standard Time
America/Mazatlan  (GMT-07:00) Mountain Standard Time  (Mazatlan) 
America/Phoenix  (GMT-07:00) Mountain Standard Time  (Phoenix) 
America/Los_Angeles  (GMT-07:00) Pacific Daylight Time  (Los Angeles)
America/Vancouver  (GMT-07:00) Pacific Daylight Time  (Vancouver) 
America/Whitehorse  (GMT-07:00) Pacific Daylight Time  (Whitehorse) 
America/Mexico_City  (GMT-06:00) Central Standard Time  (Mexico City) 
America/Regina  (GMT-06:00) Central Standard Time  (Regina) 
Chile/EasterIsland  (GMT-06:00) Easter Island Time
America/Denver  (GMT-06:00) Mountain Daylight Time  (Denver) 
America/Edmonton  (GMT-06:00) Mountain Daylight Time  (Edmonton) 
America/Chicago  (GMT-05:00) Central Daylight Time  (Chicago) 
America/Indiana/Knox  (GMT-05:00) Central Daylight Time  (Knox) 
America/Winnipeg  (GMT-05:00) Central Daylight Time  (Winnipeg) 
America/Atikokan  (GMT-05:00) Eastern Standard Time  (Atikokan) 
America/Jamaica  (GMT-05:00) Eastern Standard Time  (Jamaica) 
America/Manaus  (GMT-04:00) Amazon Time  (Manaus) 
America/Porto_Acre  (GMT-04:00) Amazon Time  (Porto Acre) 
America/Guadeloupe  (GMT-04:00) Atlantic Standard Time  (Guadeloupe) 
America/Puerto_Rico  (GMT-04:00) Atlantic Standard Time  (Puerto Rico) 
America/St_Thomas  (GMT-04:00) Atlantic Standard Time  (St Thomas) 
America/Santiago  (GMT-04:00) Chile Time
America/Havana  (GMT-04:00) Cuba Daylight Time
America/Detroit  (GMT-04:00) Eastern Daylight Time  (Detroit) 
America/Fort_Wayne  (GMT-04:00) Eastern Daylight Time  (Fort Wayne) 
America/Kentucky/Louisville  (GMT-04:00) Eastern Daylight Time  (Louisville) 
America/New_York  (GMT-04:00) Eastern Daylight Time  (New York) 
America/Toronto  (GMT-04:00) Eastern Daylight Time  (Toronto) 
America/Argentina/Buenos_Aires  (GMT-03:00) Argentina Time  (Buenos Aires) 
America/Argentina/Cordoba  (GMT-03:00) Argentina Time  (Cordoba) 
America/Argentina/Catamarca  (GMT-03:00) Argentina Time  (Catamarca) 
America/Argentina/Jujuy  (GMT-03:00) Argentina Time  (Jujuy) 
America/Argentina/Mendoza  (GMT-03:00) Argentina Time  (Mendoza) 
America/Halifax  (GMT-03:00) Atlantic Daylight Time
America/Sao_Paulo  (GMT-03:00) Brasilia Time
America/St_Johns  (GMT-02:30) Newfoundland Daylight Time
America/Noronha  (GMT-02:00) Fernando de Noronha Time
Europe/Belfast  (GMT+00:00) Greenwich Mean Time  (Belfast) 
Africa/Bamako  (GMT+00:00) Greenwich Mean Time  (Bamako) 
Atlantic/Reykjavik  (GMT+00:00) Greenwich Mean Time  (Reykjavik) 
Europe/Dublin  (GMT+00:00) Greenwich Mean Time  (Dublin) 
Atlantic/Faeroe  (GMT+00:00) Western European Time  (Faeroe) 
Europe/Lisbon  (GMT+00:00) Western European Time  (Lisbon) 
Arctic/Longyearbyen  (GMT+01:00) Central European Time  (Longyearbyen) 
Europe/Belgrade  (GMT+01:00) Central European Time  (Belgrade) 
Europe/Bratislava  (GMT+01:00) Central European Time  (Bratislava) 
Europe/Paris  (GMT+01:00) Central European Time  (Paris) 
Europe/Rome  (GMT+01:00) Central European Time  (Rome) 
Europe/Warsaw  (GMT+01:00) Central European Time  (Warsaw) 
Africa/Harare  (GMT+02:00) Central Africa Time
Africa/Cairo  (GMT+02:00) Eastern European Time  (Cairo) 
Asia/Istanbul  (GMT+02:00) Eastern European Time  (Istanbul) 
Asia/Nicosia  (GMT+02:00) Eastern European Time  (Nicosia) 
Europe/Chisinau  (GMT+02:00) Eastern European Time  (Chisinau) 
Europe/Helsinki  (GMT+02:00) Eastern European Time  (Helsinki) 
Africa/Tripoli  (GMT+02:00) Eastern European Time  (Tripoli) 
Asia/Jerusalem  (GMT+02:00) Israel Standard Time
Africa/Addis_Ababa  (GMT+03:00) East Africa Time  (Addis Ababa) 
Africa/Asmara (GMT+03:00) East Africa Time  (Asmara) 
Europe/Moscow (GMT+04:00)Moscow Standard Time
Asia/Yerevan (GMT+04:00) Armenia Time
Asia/Tehran (GMT+04:30) Iran Daylight Time
Asia/Karachi (GMT+05:00) Pakistan Time
Asia/Ashgabat  (GMT+05:00) Turkmenistan Time
Asia/Calcutta   (GMT+05:30) India Standard Time
Asia/Kathmandu   (GMT+05:45) Nepal Time
Asia/Thimbu   (GMT+06:00) Bhutan Time
Asia/Dacca   (GMT+07:00) Bangladesh Summer Time
Asia/Ho_Chi_Minh   (GMT+07:00) Indochina Time
Australia/Perth   (GMT+08:00) Australian Western Standard Time
Asia/Makassar (GMT+08:00) Central Indonesia Time
Asia/Chongqing   (GMT+08:00) China Standard Time  (Chongqing) 
Asia/Macao   (GMT+08:00) China Standard Time  (Macao) 
Asia/Shanghai   (GMT+08:00) China Standard Time  (Shanghai) 
Asia/Hong_Kong   (GMT+08:00) Hong Kong Time
Asia/Singapore   (GMT+08:00) Singapore Standard Time
Asia/Taipei   (GMT+08:00) Taipei Standard Time
Asia/Ulaanbaatar   (GMT+08:00) Ulan Bator Time
Asia/Tokyo   (GMT+09:00) Japan Standard Time
Asia/Seoul   (GMT+09:00) Korean Standard Time
Australia/Darwin   (GMT+09:30) Australian Central Standard Time
Australia/Brisbane   (GMT+10:00) Australian Eastern Standard Time
Pacific/Truk   (GMT+10:00) Truk Time
Pacific/Chuuk   (GMT+10:00) Chuuk Time
America/Curacao   (GMT-04:00)Atlantic Standard Time (Curacao)
Pacific/Pohnpei   (GMT+11:00)Ponape Time
Australia/Adelaide   (GMT+10:30) Australian Central Daylight Time  (Adelaide) 
Australia/Broken_Hill   (GMT+10:30) Australian Central Daylight Time  (Broken Hill) 
Australia/ACT   (GMT+11:00) Australian Eastern Daylight Time  (ACT) 
Australia/Hobart   (GMT+11:00) Australian Eastern Daylight Time  (Hobart) 
Australia/Melbourne   (GMT+11:00) Australian Eastern Daylight Time  (Melbourne) 
Australia/LHI   (GMT+11:00) Lord Howe Daylight Time
Pacific/Guadalcanal   (GMT+11:00) Solomon Islands Time
Pacific/Kwajalein   (GMT+12:00) Marshall Islands Time
Antarctica/McMurdo   (GMT+13:00) New Zealand Daylight Time  (McMurdo) 
Pacific/Auckland   (GMT+13:00) New Zealand Daylight Time  (Auckland) 
Pacific/Chatham   (GMT+13:45) Chatham Daylight Time

Language and Country values for change files

Available Language and Country field values for integration server change files are listed.

The following Language field values are available:

ca_ES - Catalan
da_DK - Danish
de_DE - German
en_US - English
es_ES - Spanish

fr_FR - French
el_GR - Greek
it_IT - Italian
nl_NL - Dutch
no_NO - Norwegian
pl_PL - Polish

pt_PT - Portuguese
pt_BR - Brazilian Portuguese
ru_RU - Russian
fi_FI - Finnish
sv_SE - Swedish
th_TH - Thai

tr_TR - Turkish
zh_CN - Chinese Simplified
zh_TW – Chinese Traditional
ja_JP - Japanese 
ko_KR - Korean

The following Country field values are available:

 AF -  AFGHANISTAN
 AX -  ALAND.ISLANDS
 AL -  ALBANIA
 DZ -  ALGERIA
 AS -  AMERICAN.SAMOA
 AD -  ANDORRA
 AO -  ANGOLA
 AI -  ANGUILLA
 AQ -  ANTARCTICA
 AG -  ANTIGUA.AND.BARBUDA
 AR -  ARGENTINA
 AM -  ARMENIA
 AW -  ARUBA
 AU -  AUSTRALIA
 AT -  AUSTRIA
 AZ -  AZERBAIJAN
 BS -  BAHAMAS
 BH -  BAHRAIN
 BD -  BANGLADESH
 BB -  BARBADOS
 BY -  BELARUS
 BE -  BELGIUM
 BZ -  BELIZE
 BJ -  BENIN
 BM -  BERMUDA
 BT -  BHUTAN
 BO -  BOLIVIA 
 BA -  BOSNIA.AND.HERZEGOVINA
 BW -  BOTSWANA
 BV -  BOUVET.ISLAND
 BR -  BRAZIL
 IO -  BRITISH.INDIAN.OCEAN.TERRITORY
 BN -  BRUNEI.DARUSSALAM
 BG -  BULGARIA
 BF -  BURKINA.FASO
 BI -  BURUNDI
 KH -  CAMBODIA
 CM -  CAMEROON
 CA -  CANADA
 CV -  CAPE.VERDE
 KY -  CAYMAN.ISLANDS
 CF -  CENTRAL.AFRICAN.REPUBLIC
 TD -  CHAD
 CL -  CHILE
 CN -  CHINA
 CX -  CHRISTMAS.ISLAND
 CC -  COCOS.(KEELING).ISLANDS
 CO -  COLOMBIA
 KM -  COMOROS
 CG -  CONGO
 CD -  CONGO.THE.DEMOCRATIC.REPUBLIC.OF.THE
 CK -  COOK.ISLANDS
 CR -  COSTA.RICA
 CI -  COTE.D'IVOIRE
 HR -  CROATIA
 CY -  CYPRUS
 CZ -  CZECH.REPUBLIC
 DK -  DENMARK
 DJ -  DIJIBOUTI
 DM -  DOMINICA
 DO -  DOMINICAN.REPUBLIC
 EC -  ECUADOR
 EG -  EGYPT
 SV -  EL.SALVADOR
 GQ -  EQUATORIAL.GUINEA
 ER -  ERITREA
 EE -  ESTONIA
 ET -  ETHIOPIA
 FK -  FALKLAND.ISLANDS.(MALVINAS)
 FO -  FAROE.ISLANDS
 FJ -  FIJI
 FI -  FINLAND
 FR -  FRANCE
 GF -  FRENCH.GUIANA
 PF -  FRENCH.POLYNESIA
 TF -  FRENCH.SOUTHERN.TERRITORIES
 GA -  GABON
 GM -  GAMBIA
 GE -  GEORGIA
 DE -  GERMANY
 GH -  GHANA
 GI -  GIBRALTAR
 GR -  GREECE
 GL -  GREENLAND
 GD -  GRENADA 
 GP -  GUADELOUPE 
 GU -  GUAM 
 GT -  GUATEMALA 
 GG -  GUERNSEY 
 GN -  GUINEA 
 GW -  GUINEA-BISSAU 
 GY -  GUYANA 
 HT -  HAITI 
 HM -  HEARD.ISLAND.AND.MCDONALD.ISLANDS 
 VA -  HOLY.SEE.(VATICAN.CITY.STATE) 
 HN -  HONDURAS 
 HK -  HONG.KONG 
 HU -  HUNGARY 
 IS -  ICELAND 
 IN -  INDIA 
 ID -  INDONESIA 
 IQ -  IRAQ 
 IE -  IRELAND 
 IM -  ISLE.OF.MAN 
 IL -  ISRAEL 
 IT -  ITALY 
 JM -  JAMAICA 
 JP -  JAPAN 
 JE -  JERSEY 
 JO -  JORDAN 
 KZ -  KAZAKHSTAN 
 KE -  KENYA 
 KI -  KIRIBATI 
 KR -  KOREA.REPUBLIC.OF 
 KW -  KUWAIT 
 KG -  KYRGYZSTAN 
 LA -  LAO.PEOPLE'S.DEMOCRATIC.REPUBLIC 
 LV -  LATVIA 
 LB -  LEBANON 
 LS -  LESOTHO 
 LR -  LIBERIA 
 LY -  LIBYAN.ARAB.JAMAHIRIYA 
 LI -  LIECHTENSTEIN 
 LT -  LITHUANIA 
 LU -  LUXEMBOURG 
 MO -  MACAO 
 MK -  MACEDONIA.THE.FORMER.YUGOSLAV.REPUBLIC.OF 
 MG -  MADAGASCAR 
 MW -  MALAWI 
 MY -  MALAYSIA 
 MV -  MALDIVES 
 ML -  MALI 
 MT -  MALTA 
 MH -  MARSHALL.ISLANDS 
 MQ -  MARTINIQUE 
 MR -  MAURITANIA 
 MU -  MAURITIUS 
 YT -  MAYOTTE 
 MX -  MEXICO 
 FM -  MICRONESIA.FEDERATED.STATES.OF 
 MD -  MOLDOVA.REPUBLIC.OF 
 MC -  MONACO 
 MN -  MONGOLIA 
 ME -  MONTENEGRO 
 MS -  MONTSERRAT 
 MA -  MOROCCO 
 MZ -  MOZAMBIQUE 
 NA -  NAMIBIA 
 NR -  NAURU 
 NP -  NEPAL 
 NL -  NETHERLANDS 
 AN -  NETHERLANDS.ANTILLES 
 NC -  NEW.CALEDONIA 
 NZ -  NEW.ZEALAND 
 NI -  NICARAGUA 
 NE -  NIGER 
 NG -  NIGERIA 
 NU -  NIUE 
 NF -  NORFOLK.ISLAND 
 MP -  NORTHERN.MARIANA.ISLANDS 
 NO -  NORWAY 
 OM -  OMAN 
 PK -  PAKISTAN 
 PW -  PALAU 
 PS -  PALESTINIAN.TERRITORY.OCCUPIED 
 PA -  PANAMA 
 PG -  PAPUA.NEW.GUINEA 
 PY -  PARAGUAY 
 PE -  PERU 
 PH -  PHILIPPINES 
 PN -  PITCAIRN 
 PL -  POLAND 
 PT -  PORTUGAL 
 PR -  PUERTO.RICO 
 QA -  QATAR 
 RO -  ROMANIA 
 RU -  RUSSIAN.FEDERATION 
 RW -  RWANDA 
 RE -  RUNION 
 BL -  SAINT.BARTHLEMY 
 SH -  SAINT.HELENA 
 KN -  SAINT.KITTS.AND.NEVIS 
 LC -  SAINT.LUCIA 
 MF -  SAINT.MARTIN 
 PM -  SAINT.PIERRE.AND.MIQUELON 
 VC -  SAINT.VINCENT.AND.THE.GRENADINES 
 WS -  SAMOA 
 SM -  SAN.MARINO 
 ST -  SAO.TOME.AND.PRINCIPE 
 SA -  SAUDI.ARABIA 
 SN -  SENEGAL 
 RS -  SERBIA 
 SC -  SEYCHELLES 
 SL -  SIERRA.LEONE 
 SG -  SINGAPORE 
 SK -  SLOVAKIA 
 SI -  SLOVENIA 
 SB -  SOLOMON.ISLANDS 
 SO -  SOMALIA 
 ZA -  SOUTH.AFRICA 
 GS -  SOUTH.GEORGIA.AND.THE.SOUTH.SANDWICH.ISLANDS 
 ES -  SPAIN 
 LK -  SRI.LANKA 
 SR -  SURINAME 
 SJ -  SVALBARD.AND.JAN.MAYEN 
 SZ -  SWAZILAND 
 SE -  SWEDEN 
 CH -  SWITZERLAND 
 TW -  TAIWAN 
 TJ -  TAJIKISTAN 
 TZ -  TANZANIA.UNITED.REPUBLIC.OF 
 TH -  THAILAND 
 TL -  TIMOR-LESTE 
 TG -  TOGO 
 TK -  TOKELAU 
 TO -  TONGA 
 TT -  TRINIDAD.AND.TOBAGO 
 TN -  TUNISIA 
 TR -  TURKEY 
 TM -  TURKMENISTAN 
 TC -  TURKS.AND.CAICOS.ISLANDS 
 TV -  TUVALU 
 UG -  UGANDA 
 UA -  UKRAINE 
 AE -  UNITED.ARAB.EMIRATES 
 GB -  UNITED.KINGDOM 
 US -  UNITED.STATES 
 UM -  UNITED.STATES.MINOR.OUTLYING.ISLANDS 
 UY -  URUGUAY 
 UZ -  UZBEKISTAN 
 VU -  VANUATU 
 VE -  VENEZUELA.BOLIVARIAN.REPUBLIC.OF 
 VN -  VIETNAM 
 VG -  VIRGIN.ISLANDS.BRITISH 
 VI -  VIRGIN.ISLANDS.U.S. 
 WF -  WALLIS.AND.FUTUNA 
 EH -  WESTERN.SAHARA 
 YE -  YEMEN 
 ZM -  ZAMBIA 
 ZW -  ZIMBABWE

Error code values for processed change files

The integration server creates an overall report file for each batch of company change files that ir processes and an individual, corresponding trace file for each change file that it processes.

Result codes reported by the integration server in associated report and trace files errors are listed and described here.

Note: If the integration server encounters more than 100 read errors or 1000 write errors while processing a single change file, an error is reported in associated trace and report files, and processing of that change file stops at the entry at which the error limit was reached.

Read errors are problems encountered when reading lines from a change file, such as formatting problems. Write errors are problems encountered when the integration server attempts to process change file entries, such as validation problems.


Success
INVALID_FILENAME
TYPE_DISABLED
INVALID_CUSTOMERID
INVALID_SEQNUM
MAX_READ_ERRORS_EXCEEDED
MAX_WRITE_ERRORS_EXCEEDED
ENTRY_ALREADY_EXISTS
ENTRY_NOT_FOUND
FIELD_VALIDATION_ERROR
INVALID_LDIF_SYNTAX
INVALID_DN
INVALID_OBJECTCLASS

Table 9. General error codes
Result code	Syntax	Description
0	`Success`	The operation completed successfully.
1	`INVALID_FILENAME`	The change file name does not conform to the required convention and the file has been rejected. This statement shows only in the result file.
2	`TYPE_DISABLED`	The change file type specified in the change file name is currently disabled and the file has been rejected. This statement shows only in the result file.
3	`INVALID_CUSTOMERID`	The `customerId` specified in the file name does not belong to the customer who uploaded the file and the file has been rejected. This statement shows only in the result file.
4	`INVALID_SEQNUM`	The `seqNum` specified in the change file name is not greater than the seqNum of the last change file processed and the change file has been rejected. This statement shows only in the result file.
5	`MAX_READ_ERRORS_EXCEEDED`	The maximum number of errors was encountered in reading the change file and no further entries have been processed.
6	`MAX_WRITE_ERRORS_EXCEEDED`	The maximum number of errors was encountered in writing change file entries and no further entries have been processed.
7	`ENTRY_ALREADY_EXISTS`	The contact, group, or user entry specified in the change file for an Add operation already exists.
8	`ENTRY_NOT_FOUND`	The contact, group or user entry specified in the change file for a Modify operation does not exist.
9	`FIELD_VALIDATION_ERROR`	A field or attribute value in the change file is either not valid or exceeds the maximum character length.
10	`INVALID_LDIF_SYNTAX`	An entry in the integration change file (LDIF) contains invalid syntax.
11	`INVALID_DN`	A DN entry was either omitted or contains invalid syntax.
12	`INVALID_OBJECTCLASS`	The `objectClass` attribute on an add `changeType` is not supported.

Table 10. User provisioning error codes
Result code	Syntax	Description
1000	`INVALID_CSV_SYNTAX`	An entry in the provisioning change file (CSV file) contains invalid syntax.
1001	`CUSTOMER_HELD`	The specified customer is in a HELD state, during which provisioning operations are not allowed.
1002	`CANNOT_REMOVE_COMPANY_CONTACT`	The user specified for a Remove operation is the only company contact and their identity cannot be removed.
1003	`INVALID_SUBSCRIPTION`	The specified `subscriptionID` or type is either not valid or is not available for the specified company or user.
1004	`MULTIPLE_MAIL_SEATS`	Adding multiple mail subscription seats using a provisioning change file is not supported.
1005	`MULTIPLE_COLLAB_SEATS`	Adding multiple collaboration subscriptions seats using a provisioning change file is not supported.
1006	`INVALID_DOMAIN`	The domain name specified in a user's email address is not valid.
1007	`SEATS_FILLED`	The specified target subscription has no remaining seats available.
1008	`USER_WRITE_ERROR`	An error occurred while performing the requested operation for the named user.
1009	`ERROR_CONNECTING_TO_BSS_RENAME`	An error occurred while attempting to connect to the BSS_RENAME Service.
1010	`ERROR_HTTPSTATUS_ERROR_SENDING_EMAIL_ TO_BSS_RENAME`	An error occurred while attempting to connect to the BSS_RENAME Service.
1011	`ERROR_GET_SUBSCRIBER_BY_COMPANYID_ AND_EMAIL_NOT_FOUND`	An error occurred while attempting to get a subscriber by company and email address.
1012	`ERROR_CANNOT_REMOVE_COMPANY_CONTACT`	An error occurred while attempting to remove a subscriber because you cannot remove the company contact.
1013	`ERROR_RESOURCE_DIFF_COMPANY`	An error occurred while attempting to modify a subscriber because you cannot assign resources to contacts in a different company.
1014	`ERROR_RESOURCES_SUBSCRIBER_NOT_FOUND`	An error occurred while attempting to modify a subscriber. The specified `AssignTo` subscriber name was not found.
1015	`ERROR_INVALID_ACTION`	An invalid action was specified in the provisioning change file.
1016	`ERROR_UNKNOWN_BSS_EXCEPTION`	An unknown BSS (Business Subscriber Services) exception error has occurred.
1017	`ERROR_SUBSCRIPTIONTYPE_ERROR`	A subscription ID error has occurred. Enter either a COLLAB or MAIL type.
1018	`ERROR_USER_DOESNT_HOLD_SUBSCRIPTION_ TO_REVOKE_OR_SIZE`	The request to revoke or change extra storage for this subscription failed because the user does not hold this subscription.
1019	`ERROR_MAIL_REASSIGN_NOT_SUPPORTED`	Reassignment of mail resources is not yet supported.
1020	`ERROR_COMPATIBLE_SUBSCRIPTION_NOT_FOUND`	A compatible seat/subscription was not found during a change operation.
1021	`ERROR_INVALID_TARGET_SUBSCRIPTION`	An invalid target subscription was found during a change operation
1022	`ERROR_TARGET_SUBSCRIPTION_FILLED`	The target subscription was already filled and the operation cannot change the seat to this subscription.
1023	`ERROR_TIME_ZONE_INVALID`	An invalid time zone value was encountered.
1024	`ERROR_INVALID_SUBSCRIPTIONID2`	The specified `subscriptionID2` value or type is invalid or does not belong to the company or user.
1025	`ERROR_CANT_ADD_TWO_MAIL_SUBSCRIPTION`	Adding two mail subscriptions is not supported.
1026	`ERROR_CANT_ADD_TWO_COLLAB_SUBSCRIPTION`	Adding two collaboration subscriptions is not supported.
1027	`ERROR_ONE_TIME_PASSWORD_ERROR`	A one-time password can only be specified when adding a user with a mail subscription.
1028	`ERROR_ALT_EMAIL_ON_ADD_ONLY_INOTES`	Use of the `AltEmailAddress` attribute is only valid when adding a subscriber with an IBM SmartCloud iNotes subscription.
1029	`ERROR_ALT_EMAIL_INVALID_SYNTAX`	The `AltEmailAddress` value contains invalid syntax or was not found.
1030	`ERROR_MAIL_NO_PWD_OR_ALTEMAIL`	A mail subscription was requested but an `altEmailAddress` or one time password was not found.
1031	`ERROR_EMAIL_INVALID_SYNTAX`	The `EmailAddress` contains invalid syntax or was not found.
1032	`ERROR_FAILED_SPI_SERVICE`	A BSS SPI (stateful packet inspections) service `get` error occurred.
1033	`ERROR_EMAIL_DOMAIN`	An error occurred when attempting to validate the email domain provided.
1034	`ERROR_NOTES_USERNAME_VALIDATION`	An error occurred when attempting to validate the user name provided.
1035	`ERROR_EMAIL_ALREADY_EXISTS`	The specified email address already exists.
1036	`ERROR_CUSTOMERID_INVALID_OR_NOT_FOUND`	The `CustomerId` is not valid or was not specified.
1037	`ERROR_ISV_SUBSCRIPTION_NOT_SUPPORTED`	ISV subscriptions are not supported.
1038	`ERROR_SPI_SERVICE_VALIDATION_ERROR`	An SPI (stateful packet inspections) Service validation error occurred.
1039	`ERROR_EMAIL_VALIDATION_ERROR`	An email validation error occurred or the email address already exists.
1040	`ERROR_ASSIGN_SEAT`	A seat could not be assigned to a subscriber.
1041	`ERROR_INVALID_CHANGESTORAGE_SIZE`	An invalid size was specified for the change storage value.
1042	`ERROR_SUBSCRIPTION_DOESNT_ SUPPORT_EXTRA_STORAGE`	A subscription was specified that does not support extra storage.
1043	`ERROR_ASSIGNTO_SUBSCRIPTION_TYPE`	Content cannot be assigned to the `AssignTo` subscriber because the subscription type is not compatible.
1044	`ERROR_NO_COMPATIBLE_EXTRA_STORAGE`	No compatible extra storage was found for a subscription.
1045	`ERROR_EXTRA_STORAGE_DEPLETED`	The extra storage for the specified subscription has been depleted.
1046	`ERROR_BSS_EMAIL_ADDRESS_ALREADY_EXISTS`	The specified email address already exists.
1047	`ERROR_BSS_NO_SEATS_AVAILABLE`	No additional seats are available.
1048	`ERROR_RENAME_GENERAL`	An error occurred during a rename operation.
1049	`INVALID_COUNTRY_CODE_FORMAT`	The specified county code is invalid based on format; the country code length should be the two letter country code. See Examples: User provisioning change files for valid country codes.
1050	`INVALID_COUNTRY_CODE`	The specified county code value is not valid. See Examples: User provisioning change files for valid country codes.
1051	`ERROR_JOBTITLE_LENGTH`	The `JobTitle` exceeds the maximum number of 99 characters.
1052	`ERROR_FAMILYNAME_LENGTH`	The `FamilyName` exceeds the maximum number of 120 characters.
1053	`ERROR_GIVENNAME_LENGTH`	The `GivenName` exceeds the maximum number of 120 characters.
1054	`ERROR_SUBSCRIBER_REMOVE_PENDING_ERROR`	An `AddSubscriber` operation failed because another subscriber with the same email address is pending removal. The `AddSubscriber` operation can be resubmitted after the pending removal operation has completed.
1055	`ERROR_NOTES_ATTRIBUTE_VALIDATION`	The attribute validation process failed.
1056	`ERROR_FEDERATION_ONLY_PARTIAL`	The value specified for the `FederationType` attribute was not valid. Only PARTIAL_FEDERATED companies can have users with different federation types.
1057	`ERROR_FEDERATION_INVALID_TYPE`	The value specified for the `FederationType` attribute was not valid. Only NON_FEDERATED, FEDERATED, and MODIFIED_FEDERATED are supported user federation types.
1058	`INVALID_SUPPRESS_INVITATION`	The value specified for the `SuppressInvitation` attribute was not valid.
1059	`INOTES_FAILED_GET_DOMAINS`	The iNotes endpoint failed to obtain the customer domains.
1060	`INOTES_NOT_ENABLED`	The provisioning request cannot be completed because iNotes is not enabled.
1061	`CANNOT_RESEND_TO_PENDING_ENTITLE`	The invitation cannot be resent because the subscriber has a seat in the ENTITLE_PENDING state.
1062	`INVALID_PARAMETER`	An invalid parameter was encountered.
1063	`SUBSCRIPTION_NOT_IN_ACTIVE_STATE`	A specified subscription could not be processed because it was not active.
1064	`INVALID_SEAT`	An invalid seat was specified.
1065	`SEAT_REVOKE_FAILED`	A `RevokeSeat` operation failed.
1066	`CHANGE_SEAT_FAILED`	A `ChangeSeat` operation failed.
1067	`SUBSCRIBER_FETCH_FAILED`	A BSS communication error occurred during a subscriber fetch operation.
1068	`CUSTOMER_FETCH_FAILED`	A BSS communication error occurred during a customer fetch operation.
1069	UNABLE_TO_VERIFY_EMAIL_DOMAIN	Verification of the specified email domain failed.
1070	SUBSCRIBER_ADD_FAILED	An AddSeat operation failed to add the specified subscriber.
1071	SUBSCRIBER_ADD_FAILED_TO_SEND_EMAIL	An AddSeat operation failed to send the email to the new subscriber.
1072	SUBSCRIBER_SET_PASSWORD_FAILED	The subscriber’s password entry was not processed.
1073	ADD_SEAT_FAILED_DUPLICATE_SUBSCRIPTION	An AddSeat operation failed; completing the operation would create a duplicate subscription.
1074	ADD_SEAT_FAILED	An AddSeat operation failed.
1075	PARAM_VALIDATION_TIME_ZONE_FAILED	Time zone validation failed.
1076	ERROR_UNKNOWN_BSS_UP_EXCEPTION	BSS validation failed.
1077	ERROR_TIMEZONENOT_INIT	Time zone initialization failed.
1078	ERROR_LANGUAGESETTINGSNOT_INIT	Language setting initialization failed.
1079	RULE_USER_WITHOUT_SUBSCRIPTION_FAILED	No subscriptions were specified.
1080	RULE_ONLY_ONE_MAIL_SUB_PER_SUBSCRIBER	Only one mail subscription per subscriber is allowed.
1081	RULE_ONLY_ONE_COLLAB_SUB_PER_SUBSCRIBER	Only one collaboration subscription per subscriber is allowed.
1082	RULE_ONLY_MAIL_USER_CAN_HAVE_ONE_TIME_PASSWORD	Only a mail subscriber can be provided a one-time password.
1083	RULE_ONLY_INOTES_USER_CAN_HAVE_ALT_EMAIL	Only an iNotes user can be assigned an alternate email address.
1084	UNSUPPORTED_OPERATION_ADD_EXTRA_STORAGE	A request for adding extra storage is not supported.
1085	SUBSCRIBER_ADD_EXTRA_STORAGE_FAILED	A request for adding extra storage failed.
1086	NOTES_NOT_ENABLED	The provisioning request cannot be completed because IBM SmartCloud Notes is not enabled.
1087	CANNOT_RESEND_TO_PENDING_ENTITLE	The subscriber has a seat in an ENTITLE_PENDING state; the invitation cannot be sent until the user is entitled.
1088	RULE_BUNDLE_EXCLUDES_ALACARTE_SUBSCRIPTIONS	An `AssignSeat` operation is attempting to provision a user as a part of bundled subscription but the user has either already been provisioned as a single seat user or else the same change file is attempting to also provision that same user with a single seat subscription. For example, this error occurs when an `AssignSeat` operation attempts to provision a user as part of a IBM SmartCloud Notes bundled subscription when the user is already provisioned with an Engage seat subscription. A user can either be provisioned as part of a bundled subscription or as a single seat subscription, but not both.
1089	ERROR_STORAGE_SUB_INCOMPATIBLE_WITH_BASE_SUB	The specified storage subscription is not compatible with the base subscription to which it is being associated.
1090	ERROR_ACCESSORY_SUBSCRIPTION_NOT_SUPPORTED	An accessory subscription was specified in the CSV file but the accessory subscription capability is not available.

Journaling

View user activity on your organization account.

Overview of the journal service

The journal is a record of the user activity on your company account. It includes date, time, and user information about events such as logon attempts, password changes, and start times of online meetings.

Approximately every 24 hours, the journal service produces several journal files, one for each component of IBM SmartCloud for Social Business. Each file is compressed using gzip and then made available via FTPS on the SmartCloud for Social Business integration and migration site. After seven days on the site, the files are removed. Each compressed file contains a plain text file that is in a human-readable format. The format is consistent and regular so that the text files can be programmatically parsed.

Terminology

journal service: The system that assembles the journals into files, compresses them, and makes them available on the integration and migration site.
journal: The journal is a record of events. It is contained in one or more journal files.
journal file: A plain text file that contains the records of the events that users performed.
record: A complete entry in the journal file. It contains the date, time, and other details about an event.
component: A service or feature in SmartCloud for Social Business. For example, Files is a component, and Activities is a component.
event: An action that a user performed on your company account, such as logging in, downloading a file, or changing a password.
FTPS: A file transfer protocol that uses Transport Layer Security to provide secure communications on the Internet.
gzip: A file compression utility. Use gunzip to decompress the files.
UUID: A universally unique identifier, in hexadecimal format.

Format of the journal files

The journal is a plain text file that contains one or more records of the events that occurred within your company account.

General description of the format of the journal file

The format of a journal file is consistent and regular. You can create one or more tools to parse and analyze the contents.

Introduction

The Journals for a company account are split up into many compressed text files, one per component. Each file contains one or more records of the events that occurred within the component for your company account. If no events for your company account occur in a particular day, no component file is generated for that day.

Version

The current version of the journal service is 2. The version number is not included in the journal files.

Although changes to the journaling files are not frequent,IBM SmartCloud for Social Business is a constantly evolving system that is regularly improved and upgraded. A major update to the system can result in changes to the names of journal files that appear on the server. A major update can also result in changes to the contents of the journal files. If you create a tool to parse the journal files, make the tool flexible enough to withstand the changes that can occur.

File name

The name of the compressed file that you download for a component is <date>.<component>.txt.gz. The <date> is the date that the journal was written, in YYYY-MM-DD format. The <component> is the name that is used for the journal file of a component. In most cases, <component> is identical to the actual name of the component in LotusLive™. For example:

2011-12-06.CONTACT.txt.gz
2011-12-06.ACTIVITIES.txt.gz
2011-12-06.FILES2.txt.gz

Syntax

All records conform to the following general format:

DATE user SUBJECT performed ACTION [ON_OBJECT] [TARGETED_AT] 
with outcome OUTCOME [reason=REASON] [(EXTRA)]

A more detailed view of the format is as follows:

DATE user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name="name", customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name="name", customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.
The use of parentheses () is required to group object or subject attributes

Parameters

DATE

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

SUBJECT

The person who performed the action. The person can be a member of your organization, a member in another organization that has an account on LotusLive, or an anonymous user. The syntax of SUBJECT is: email (id=subscriberID, customerId=customerId).

email

The email address of the person who performed the action. If the person is a member of your organization, it is the complete email address. If the person has an account on IBM SmartCloud Engage but is not a member of your organization, the email address is the domain only. For example, @example.com If the person is an anonymous user, the email is the text unauthenticated.

subscriberId and customerId

Unique numbers that identify each person and organization in. The numbers never change and are never reused, even when a person or organization is deleted. If a person does not have an account, then the subscriberId and the customerId are not numbers; instead, they are the text unknown.

Examples:

User is in your organization: FrankAdams@mycompany.com (id=2343, customerId=623449)
User is in another organization: @othercompany.com (id=3456, customerId=128)
User is not a member of SmartCloud Engage: unauthenticated (id=unknown, customerId=unknown)

ACTION

A text value that describes the action that was performed by a user. The text values are specific to a component and are tabulated in a separate section of this documentation.

Note: As the capabilities of the components evolve, new actions can be added to the journal file and actions can be removed. If you create a tool to parse the journal files, make the tool flexible enough to withstand the changes that can occur.

ON_OBJECT

The object on which the action was performed. Not all actions have objects. The syntax is: on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId).

TARGETED_AT

The object at which the event was targeted. In most cases, the object is the target user of a sharing event. The syntax is: targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId).

TYPE

The type of the object on which the action was performed. Each component has one or more values that are used for TYPE. Some values are common across all components. For example, USER is a common value.

Note: As the capabilities of the components evolve, new types can be added to the journal file and types can be removed. If you create a tool to parse the journal files, make the tool flexible enough to withstand the changes that can occur.

OBJECTID and TARGETID

The unique identifier of the object or target. The form of the value is consistent within the journal file for any one component, but is not consistent across components. In some components the value is a UUID, but in others it is a number. The value does not change during the life cycle of the object or target.

Note: As the capabilities of the components evolve, the format of the identifiers for newly created objects and targets can change. If you create a tool to parse the journal files, make the tool flexible enough to withstand the changes that can occur.

name

The name of the object that corresponds to the OBJECTID or TARGETID. The format is arbitrary plain text and is a user name, a file name, or other object name. The name of an object or target can vary over time. For example, a user can change the name of a file.

OUTCOME

The result of the action. It is almost always either SUCCESS or FAILURE. Not all components have events that result in a failure.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason depends on the type of failure, the event, and the component. The reason is uppercase and can be multiple words separated by underscores. For example: reason=AUTHENTICATION_FAILURE.

Note: As the capabilities of the components evolve, new reasons can be added to the journal file and reasons can be removed. If you create a tool to parse the journal files, make the tool flexible enough to withstand the changes that can occur.

EXTRA

Contains additional information that is relevant in the context of some actions. The information is in the form of name/value pairs in the format name="value".

Note: New name/value pairs can be added to the journal service and name/value pairs can be removed at any time, including among journal files with the same version number. If you create a tool to parse the journal files, make the tool flexible enough to withstand the changes that can occur.

Format of the journal file for Activities

The journal file for Activities contains events such as creating, updating, deleting, and copying Activities.

File name

The name of the compressed file that you download is <date>ACTIVITIES.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.ACTIVITIES.txt.gz.

Syntax

Each record in the journal file for Activities conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 11. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Attach file to entry	ATTACH_ENTRY_FILE
Auto complete	AUTO_COMPLETE_ACTIVITY
Complete activity	COMPLETE_ACTIVITY
Mark activity complete	COMPLETE_ACTIVITY
Complete todo	COMPLETE_TODO
Copy activity	COPY_ACTIVITY
Move activity	COPY_ACTIVITY, COPY_ACTIVITY_FROM
Create activity	CREATE_ACTIVITY
Create tag	CREATE_ACTIVITY_TAG
Create reply	CREATE_COMMENT
Add entry	CREATE_ENTRY
Add bookmark	ADD_ENTRY_BOOKMARK
Add custom field	ADD_ENTRY_CUSTOM_FIELD
Create entry tag	CREATE_ENTRY_TAG
Add related activity	ADD_RELATED_ACTIVITY
Create section	CREATE_SECTION
Create template	CREATE_TEMPLATE
Create todo	CREATE_TODO
Delete activity	DELETE_ACTIVITY
Delete tag	DELETE_ACTIVITY_TAG
Delete reply	DELETE_COMMENT
Delete entry	DELETE_ENTRY
Delete bookmark	DELETE_ENTRY_BOOKMARK
Delete custom field	DELETE_ENTRY_CUSTOM_FIELD
Delete entry file	DELETE_ENTRY_FILE
Delete entry tag	DELETE_ENTRY_TAG
Remove related activity	REMOVE_RELATED_ACTIVITY
Delete section	DELETE_SECTION
Delete template	DELETE_TEMPLATE
Delete todo	DELETE_TODO
Download attached files	DOWNLOAD_ENTRY_FILE
Duplicate entry	DUPLICATE_ENTRY, DUPLICATE_ENTRY_FROM
Move entry	MOVE_ENTRY, MOVE_ENTRY_TO_ACTIVITY, MOVE_ENTRY_FROM_ACTIVITY
Move section	MOVE_SECTION
Reorder entries	REORDER_ENTRY
Replace entry file	REPLACE_ENTRY_FILE
Copy as new template	SAVE_ACTIVITY_AS_TEMPLATE, SAVE_TEMPLATE_AS_TEMPLATE
Save as template	SAVE_ACTIVITY_AS_TEMPLATE, SAVE_TEMPLATE_AS_TEMPLATE
Set priority	SET_PRIORITY
Mark as tuned in	TUNE_IN_ACTIVITY
Mark as tuned out	TUNE_OUT_ACTIVITY
Uncomplete activity	UNCOMPLETE_ACTIVITY
Uncomplete todo	UNCOMPLETE_TODO
Undelete activity	UNDELETE_ACTIVITY
Undelete reply	UNDELETE_COMMENT
Undelete entry	UNDELETE_ENTRY
Undelete section	UNDELETE_SECTION
Undelete todo	UNDELETE_TODO
Edit activity	UPDATE_ACTIVITY
Make activity internal	UPDATE_ACTIVITY_ACCESS
Update membership	UPDATE_ACTIVITY_MEMBERSHIP
Update visibility	UPDATE_ACTIVITY_VISIBILITY
Update reply	UPDATE_COMMENT
Update entry	UPDATE_ENTRY
Edit bookmark	UPDATE_ENTRY_BOOKMARK
Edit custom field	UPDATE_ENTRY_CUSTOM_FIELD
Update section	UPDATE_SECTION
Update template	UPDATE_TEMPLATE
Update todo	UPDATE_TODO

TYPE

The type of object on which the action was performed. Some possible values are USER and ACTIVITY.

OBJECTID

The unique identifier of the object. For example, when the object type is USER, the OBJECTID is the unique number that identifies the person that has the SmartCloud Engage account.

name

The name that corresponds to the OBJECTID or to the TARGETID. For example, when the object type is ACTIVITY, the name is the name of the Activity.

TARGETID

The identifier of the object, company, or user on which the action was performed.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores. For example: reason=AUTHENTICATION_FAILURE

EXTRA

Contains additional information that is relevant in the context of some actions.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

An Activity was created with the name Marketing Planning for 2012.

2011-10-20T21:36:56+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed CREATE_ACTIVITY on object (type=ACTIVITY, id=FFFG29278562ddf343c58391d036388b2203, 
name="Marketing Planning for 2012", customerId=20083694) with outcome SUCCESS

An Activity was updated to add Kristin MacGyver as an owner.

2011-10-20T21:39:27+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed UPDATE_ACTIVITY_MEMBERSHIP on object (type=USER, id=30081007, 
name="Kristin MacGyver", customerId=20083694) targeted at (type=ACTIVITY, 
id=FFFG29278562ddf343c58391d036388b2203, name="Marketing Planning for 2012", 
customerId=20083694) with outcome SUCCESS (ROLE="OWNER", OPERATION="MEMBER_ADDED")

Format of the journal file for Announcements

The journal file for Announcements contains events for creating, updating, and deleting announcements.

File name

The name of the compressed file that you download is <date>.ANNOUNCEMENT.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.ANNOUNCEMENT.txt.gz.

Syntax

Each record in the journal file for Announcements conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 12. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Create an announcement	CREATE
Edit, enable, or disable an announcement	UPDATE
Delete an announcement	DELETE

TYPE

The type of object on which the action was performed. The value is always ANNOUNCEMENT.

OBJECTID

The unique identifier of the announcement.

name

The title of the announcement.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

An announcement was created to remind people that they have a day off:

2011-11-10T07:59:52+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed CREATE on object (type=ANNOUNCEMENT, id=8e9dab6a-4ebbf4f8405d0, 
name="Company Holiday", customerId=20083694) with outcome SUCCESS 
(link="", linktext="", enabled="1", modifiedby="20087962", body="Please do not forget 
that Friday is a day off for everyone.")

An announcement was disabled:

2011-11-14T07:42:30+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed UPDATE on object (type=ANNOUNCEMENT, id=8e9dab6a-4ebbf4f8405d0, 
name="Company Holiday", customerId=20083694) 
with outcome SUCCESS (enabled="0", modifiedby="20087962")

Format of the journal file for authentication

The journal for authentication contains records of login attempts and password changes.

File name

The name of the compressed file that you download is <date>.AUTH.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.AUTH.txt.gz.

Syntax

Each record in the journal file for Authentication conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) 
performed ACTION 
with outcome OUTCOME [reason=REASON]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 13. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Login page authentication	LOGIN
Authentication via an application such as Lotus Notes Traveler	LOGIN_BASIC
The password of an application that uses the basic login (for example, Lotus Notes Traveler)	LOGIN_APP_PASSWORD
Federated authentication	LOGIN_SSO
User selects Logout	LOGOUT
External federated authentication	EXTERNAL_SSO
Expired password change	PASSWORD_CHANGE

OUTCOME

The result of the action. Can be SUCCESS, FAILURE, PENDING, or UNKNOWN.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores. For example: reason=AUTHENTICATION_FAILURE

Table 14. Authentication events and the reasons for failure that appear in the journal file..
Event	Reason for failure	Text in the journal file
LOGIN	Incorrect credentials	AUTHENTICATION_FAILURE
LOGIN	Maximum number of failed attempts exceeded	MAX_FAILED_LOGINS_EXCEEDED
LOGIN	User does not exist	INVALID_USERNAME
LOGIN	Password expired	PASSWORD_EXPIRED
LOGIN	The user account is suspended	ACCOUNT_SUSPENDED
LOGIN	The reason for failure is not known	NOT_SUPPORTED
LOGIN_SSO	User does not exist	INVALID_USERNAME
LOGIN_SSO	User is deleted or not active	ACCOUNT_SUSPENDED
LOGIN_SSO	Customer not federated	CUSTOMER_NOT_ENTITLED
LOGIN_SSO	Customer is federated, but user is not entitled	USER_NOT_ENTITLED
LOGIN_SSO	The password could not be verified because of an internal service error.	ERROR_BSS
LOGIN_SSO	The password could not be verified because of an internal service error.	ERROR_TAM
LOGIN_BASIC	Maximum number of failed attempts exceeded	MAX_FAILED_LOGINS_EXCEEDED
LOGIN_BASIC	The password could not be verified because of an internal service error.	ERROR_TAM
LOGIN_APP_PASSWORD	The password was revoked by the user, or the password has expired.	PASSWORD_EXPIRED
LOGOUT	The reason for failure is not known.	NOT_SUPPORTED
PASSWORD_CHANGE	Expired password change failure	POLICY_VIOLATION
PASSWORD_CHANGE	The reason for failure is not known.	NOT_SUPPORTED
EXTERNAL_SSO	The password could not be verified because of an internal service error.	ERROR
EXTERNAL_SSO	User is not entitled	USER_NOT_ENTITLED

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

A successful login attempt:

2011-10-24T13:32:16+0000 user user@example.com (id=30083604, customerId=30079205) 
performed LOGIN with outcome SUCCESS

A login failure because the user did not type in the correct password:

2011-10-24T13:30:31+0000 user user@example.com (id=30083604, customerId=30079205) 
performed LOGIN with outcome FAILURE reason=AUTHENTICATION_FAILURE

Format of the journal file for Blogs

The journal file for Blogs contains events such as creating, updating, and deleting Blogs

File name

The name of the compressed file that you download is <date>.BLOGS.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.BLOGS.txt.gz.

Syntax

Each record in the journal file for Blogs conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person that performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 15. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
A new blog was created	CREATE_BLOG
A blog was deleted	DELETE_BLOG
A blog was configured	UPDATE_BLOG_SETTINGS
An Ideation blog was created	CREATE_IDEATION_BLOG
An Ideation blog was deleted	DELETE_IDEATION_BLOG
A new blog entry was created	CREATE_BLOG_ENTRY
A draft of a new blog entry was saved	SAVE_BLOG_ENTRY_DRAFT
A blog entry was updated	UPDATE_BLOG_ENTRY
A blog entry was deleted	DELETE_BLOG_ENTRY
A blog entry was recommended	RECOMMEND_BLOG_ENTRY
A comment was added to a blog entry	ADD_BLOG_COMMENT
A comment was removed from a blog entry	REMOVE_BLOG_COMMENT
A blog comment was recommended	RECOMMEND_BLOG_COMMENT
A file was uploaded to a blog	UPLOAD_BLOG_FILE
A file was removed from a blog	REMOVE_BLOG_FILE
A link was added to a blog entry	ADD_BLOG_LINK
A link was updated	UPDATE_BLOG_LINK
A link was removed from a blog entry	REMOVE_BLOG_LINK

TYPE

The type of change that occurred to the blog.

OBJECTID

The unique identifier of the blog.

name

The name that corresponds to the OBJECTID or to the TARGETID.

TARGETID

The identifier of the object, company, or user on which the action was performed.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

Format of the journal file for BSS

The journal file for BSS contains events that occur in the organization’s account. The events include resetting passwords, adding guest users, and changing user roles.

File name

The name of the compressed file that you download is <date>.BSS.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.BSS.txt.gz.

Syntax

Each record in the journal file for BSS conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 16. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Accept Agreement	ACCEPTAGREEMENT
Accept Service Agreement	ACCEPTSERVICEAGREEMENT
Accept Terms of Use	ACCEPTTERMSOFUSE
Add Customer Account	ADDACCOUNT
Add Address	ADDADDRESS
Add Customer Attribute	ADDCUSTOMERATTRIBUTE
Add Customer Identifier	ADDCUSTOMERIDENTIFIER
Add item to cart/order	ADDITEM
Add Service Component Attribute	ADDSERVICECOMPONENTATTRIBUTE
Add Subscriber	ADDSUBSCRIBER
Add Subscriber Attribute	ADDSUBSCRIBERATTRIBUTE
Allow access to the API	ALLOWAPI
Adding roles to the User profile	ASSIGNROLE
Authorize	AUTHORIZE
Delete Subscription	CANCELSUBSCRIPTION
Cancel Workflow	CANCELWORKFLOW
Change Password	CHANGEPASSWORD
Change Quota	CHANGEQUOTA
Check Password Policy	CHECKPASSWORDPOLICY
Create Cart/Order	CREATECART
Create Service Component	CREATESERVICECOMPONENT
Create Token	CREATETOKEN
Delete access token	DELETEACCESSTOKEN
Delete Cart/Order	DELETECART
Delete Service Component	DELETESERVICECOMPONENT
Delete Service Component Attribute	DELETESERVICECOMPONENTATTRIBUTE
Delete User token	DELETETOKEN
Entitle All Subscribers	ENTITLEALLSUBSCRIBERS
Add Guest User	ENTITLESUBSCRIBER
Entitle Subscriber	ENTITLESUBSCRIBER
Get Customer Password expiration policy	GETCUSTOMERPASSWORDEXPIRY
Get Ip Addresses	GETIPADDRESSES
Get Oauth Credentials	GETOAAUTHCREDENTIALS
Get Role List	GETROLELIST
Get Oauth 2 Tokens	GETTOKENS
Get User Datacenter information	GETUSERDATACENTERS
User login (usually by Sametime Client)	LOGIN
Register Customer	REGISTERCUSTOMER
Release Sales Order	RELEASESALESORDER
Delete Customer Account	REMOVEACCOUNT
Delete Address	REMOVEADDRESS
Delete Customer Attribute	REMOVECUSTOMERATTRIBUTE
Delete Customer Identifier	REMOVECUSTOMERIDENTIFIER
Delete item from cart/order	REMOVEITEM
Remove Subscriber	REMOVESUBSCRIBER
Delete Subscriber Attribute	REMOVESUBSCRIBERATTRIBUTE
Resend Welcome Mail	RESENDWELCOMEMAIL
Reset Oauth Credentials	RESETOAUTHCREDENTIALS
Reset Password	RESETPASSWORD
Restart Workflow	RESTARTWORKFLOW
Revoke All Subscribers	REVOKEALLSUBSCRIBERS
Revoke Subscriber	REVOKESUBSCRIBER
Set Ip Address	SETIPADDRESS
Set One Time Password	SETONETIMEPASSWORD
Set user password	SETPASSWORD
Submit Cart/Order	SUBMITCART
Suspend Customer	SUSPENDCUSTOMER
Suspend Subscriber	SUSPENDSUBSCRIBER
Suspend Subscription	SUSPENDSUBSCRIPTION
Suspend User	SUSPENDUSER
Sync Service Components	SYNCSERVICECOMPONENTS
Toggle Ip Address Restriction	TOGGLEIPADDRESSRESTRICTION
Transfer Seat	TRANSFERSEAT
Transfer Subscriber	TRANSFERSUBSCRIBER
Removing roles from the user profile	UNASSIGNROLE
Delete Customer	UNREGISTERCUSTOMER
Unsuspend Customer	UNSUSPENDCUSTOMER
Unsuspend Subscriber	UNSUSPENDSUBSCRIBER
Unsuspend Subscription	UNSUSPENDSUBSCRIPTION
Unsuspend User	UNSUSPENDUSER
Update Customer Account	UPDATEACCOUNT
Update Address	UPDATEADDRESS
Update Cart/Order	UPDATECART
Modify Customer Profile	UPDATECUSTOMER
Update Customer	UPDATECUSTOMER
Update Customer Attribute	UPDATECUSTOMERATTRIBUTE
Update Ip Address	UPDATEIPADDRESS
Update item to cart/order	UPDATEITEM
Update Seat	UPDATESEAT
Update Service Component	UPDATESERVICECOMPONENT
Update Subscriber	UPDATESUBSCRIBER
Update Subscriber Attribute	UPDATESUBSCRIBERATTRIBUTE
Update Subscription	UPDATESUBSCRIPTION
Validate user token	VALIDATETOKEN

TYPE

The type of object on which the action was performed. Some possible values are CUSTOMER, USER, and FILE.

OBJECTID

The unique identifier of the object. For example, when the object type is USER, the OBJECTID is the unique number that identifies each person that has an account.

name

The name that corresponds to the OBJECTID or to the TARGETID. For example, when the object type is CUSTOMER, the name is the name of your company.

TARGETID

The identifier of the object, company, or user on which the action was performed.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores. For example: reason=INVALID_LOGINNAME_OR_PASSWORD

EXTRA

Contains additional information that is relevant in the context of some actions.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

The user aamadou@example.com changed his password:

2012-01-25T21:42:12+0000 user aamadou@example.com (id=30081144, customerId=30046242) performed 
CHANGEPASSWORD with outcome SUCCESS

The administrator suspended a user:

2012-01-25T21:44:36+0000 user aamadou@example.com (id=30081144, customerId=30046242) performed 
SUSPENDSUBSCRIBER with outcome SUCCESS

Format of the journal file for Communities

The journal file for Communities contains events such as starting a Community, adding bookmarks, and updating membership in the Community.

Within a Community, events that are related to Activities, Files, and Forums are recorded in the journal files for Activities, Files, and Forums. For example, if a user updates an Activity that is within a Community, the update event is recorded in the journal file for Activities.

File name

The name of the compressed file that you download is <date>.COMMUNITIES.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.COMMUNITIES.txt.gz.

Syntax

Each record in the journal file for Communities conforms to the following syntax:

date user email (id=subscriberId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 17. User actions and the associated values that appear in the journal file..
User action	Text in journal file
Start a community	CREATE_COMMUNITY
Customize community	CUSTOMIZE_COMMUNITY_ADD, CUSTOMIZE_COMMUNITY_REMOVE
Edit community	UPDATE_COMMUNITY
Delete community	DELETE_COMMUNITY
Add bookmark	ADD_COMMUNITY_BOOKMARK
Edit bookmark	UPDATE_COMMUNITY_BOOKMARK
Remove bookmark	REMOVE_COMMUNITY_BOOKMARK
Membership updated	UPDATE_COMMUNITY_MEMBERSHIP
Membership added	ADD_TO_COMMUNITY_MEMBERSHIP
Membership removed	REMOVE_FROM_COMMUNITY_MEMBERSHIP
Business owner changed	COMMUNITY_BUSINESS_OWNER_CHANGED

TYPE

The type of object on which the action was performed. Some possible values are COMMUNITY, and USER.

OBJECTID

The unique identifier of the object. For example, when the object type is USER, the OBJECTID is the unique number that identifies each person that has an account on SmartCloud Engage.

name

The name that corresponds to the OBJECTID or to the TARGETID. For example, when the object type is COMMUNITY, the name is the name of the Community.

TARGETID

The identifier of the object on which the action was performed.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

EXTRA

Contains additional information that is relevant in the context of some actions.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

A community with the name Marketing was created:

2011-10-20T21:35:26+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed CREATE_COMMUNITY on object (type=COMMUNITY, id=1bce14a4-c105-4c66-9ceb-0682a24dc076, 
name="Marketing", customerId=20083694) with outcome SUCCESS

A user named Kristin MacGyver was added to the community:

2011-10-20T21:38:14+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed ADD_TO_COMMUNITY_MEMBERSHIP on object (type=USER, id=30081007, 
name="Kristin MacGyver", customerId=20083694) targeted at (type=COMMUNITY, 
id=1bce14a4-c105-4c66-9ceb-0682a24dc076, name="Marketing", customerId=20083694) 
with outcome SUCCESS (ROLE="OWNER", OPERATION="MEMBER_ADDED")

A user named Alain Amadou added the Forum widget to a community:

2012-01-20T19:40:17+0000 user aamadou@example.com (id=30081144, customerId=30046242) 
performed CUSTOMIZE_COMMUNITY_ADD on object (type=WIDGET, 
id=d037d0d4-b4f4-43b0-befb-3a38ab5324de, name="Forum", customerId=30046242) 
targeted at (type=COMMUNITY, id=d037d0d4-b4f4-43b0-befb-3a38ab5324de, 
name="", customerId=30046242) with outcome SUCCESS

Format of the journal file for Company Administration

The journal file for Company Administration contains events that occur when an administrator makes changes to the visibility of users in the SmartCloud Engage directory, or when an administrator modifies any custom fields that are in Profiles.

File name

The name of the compressed file that you download is <date>.COMPANY.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.COMPANY.txt.gz.

Syntax

Each record in the journal file for Company Administration conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 18. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Hide a user on the company directory page	SET_HIDE_VISIBILITY
Show a user on the company directory page	SET_SHOW_VISIBILITY
Add a custom field to Profiles	ADD_NEW_FIELD
Edit a custom field in Profiles	EDIT_FIELD
Delete a custom field from Profiles	DELETE_FIELD
Update company information	UPDATE

TYPE

The type of object on which the action was performed. Some possible values are CUSTOMER, USER, and FILE.

OBJECTID

The unique identifier of the object. For example, when the object type is USER, the OBJECTID is the unique number that identifies each person that has an account.

name

The name that corresponds to the OBJECTID or to the TARGETID. For example, when the object type is CUSTOMER, the name is the name of your company.

TARGETID

The identifier of the object, company, or user on which the action was performed.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores. For example: reason=AUTHENTICATION_FAILURE

EXTRA

Contains additional information that is relevant in the context of some actions.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

An administrator added a new field to the profile page of every user in the Renovations company:

2012-01-23T23:12:07+0000 user aamadou@example.com (id=30081144, customerId=30046242) 
performed ADD_NEW_FIELD on object (type=COMPANY, id=30046242, name="Renovations", 
customerId=30046242) with outcome SUCCESS

Format of the journal file for Contacts

The journal file for Contacts contains records of when users create, update, and delete contacts.

File name

The name of the compressed file that you download is <date>.CONTACT.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.CONTACT.txt.gz.

Syntax

Each record in the journal file for Contacts conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person that performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 19. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Create a contact	CREATE
Delete a contact	DELETE

TYPE

The type of object on which the action was performed. The value is always CONTACT.

OBJECTID

The unique identifier of the contact that was created, updated, or deleted.

name

The name of the contact. For example, "Samantha Daryn".

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

The user aamadou@example.com created a new contact:

2011-11-09T20:03:56+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed CREATE on object (type=CONTACT, id=102474, name="Heather Reeds", customerId=20083694) 
with outcome SUCCESS

The user aamadou@example.com deleted a contact:

2011-11-10T15:54:30+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed DELETE on object (type=CONTACT, id=96455, name="Mike Motler", customerId=20083694) 
with outcome SUCCESS

Format of the journal file for Files

The journal file for Files contains records of file and folder creating, sharing, and modifying.

File name

The name of the compressed file that you download is <date>.FILES2.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.FILES2.txt.gz.

Syntax

Each record in the journal file for Files conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person that performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 20. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
A folder is created. This event may be received when a community is created or when the file is shared with a community (target is COMMUNITY)	COLLECTION_CREATED
A folder is deleted. This event may be received when a community removes the Files widget (target is COMMUNITY)	COLLECTION_DELETED
The name or description of a folder has been updated. This event will also be received when a community changes its name (target is COMMUNITY)	COLLECTION_UPDATED
A comment is added on a file	CREATE_FILE_COMMENT
One or more tags have been added to a file by an editor	CREATE_FILE_TAG
A file is added to a collection by another member (target is FOLDER), or a file is shared with a community (target is COMMUNITY)	FILE_ADDED_TO_COLLECTION
A file is added to a folder by the owner (target is FOLDER), or a file is shared with a community (target is COMMUNITY)	FILE_ADDED_TO_COLLECTION
A file is moved to the trash from a personal library or a community	FILE_DELETED
A file is downloaded.	FILE_DOWNLOADED
A file was edited using IBM Docs	FILE_EDITED
A file is locked by an owner or editor.	FILE_LOCKED
A file is removed from a collection (target is FOLDER), or a file is no longer shared with a community (target is COMMUNITY)	FILE_REMOVED_FROM_COLLECTION
A file has been restored from the trash of a personal library or a community.	FILE_RESTORED
When a file share is created with another user, even if they were previously shared with.	FILE_SHARED
A file has been shared with a user who has not yet joined SmartCloud for Social Business.	FILE_SHARED_FOR_SINGLE_DOWNLOAD
A file has been downloaded by a user who has not yet joined SmartCloud for Social Business.	FILE_SINGLE_DOWNLOAD
One or more users have been added or removed from the sharing list for a file (object type is USER), or the file has been made public with the organization (object type is ORGANIZATION)	FILE_SHARING_UPDATED
The user has stopped sharing the file.	FILE_STOP_SHARING
A file is unlocked by an owner or editor.	FILE_UNLOCKED
A new version of a file is created, or other attributes of the file are changed	FILE_UPDATED
Any user uploads a file to their personal library or a community	FILE_UPLOADED
A file was viewed in the browser	FILE_VIEWED
One or more users have been added or removed from the sharing list for a folder (object type is USER), or the folder has been made public with the organization (object type is ORGANIZATION)	FOLDER_SHARING_UPDATED
When a folder was no longer shared with an individual or group	FOLDER_SHARING_UPDATED
When a folder was reshared with an individual or group who had already received it	FOLDER_SHARING_UPDATED
A comment is deleted on a file	REMOVE_FILE_COMMENT
One or more tags have been removed from a file by an editor	REMOVE_FILE_TAG
An older version of a file has been removed permanently.	REMOVE_FILE_VERSION
An older version of a file is restored to be the current version	RESTORE_FILE_VERSION
A comment is updated on a file	UPDATE_FILE_COMMENT

TYPE

The type of object on which the action was performed. Some possible values are FOLDER, FILE, USER, and ALL.

OBJECTID

The unique identifier of the object. For example, when the object type is FILE, the OBJECTID is the UUID that identifies the file.

name

The name that corresponds to the OBJECTID or to the TARGETID. For example, when the object type is FILE, the name is the name of the file that was affected.

TARGETID

The identifier of the object, company, or user on which the action was performed.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

EXTRA

Contains additional information that is relevant in the context of some actions.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

The file Marketing Presentation.odp was uploaded by user1.

2011-10-20T21:47:11+0000 user user1@example.com (id=30081558, customerId=30079205) 
performed FILE_UPLOADED on object (type=FILE, id=0d916c35-0c08-4b1d-b45f-7727dacff274, 
name="Marketing Presentation.odp", customerId=30079205) with outcome SUCCESS

The file Marketing Presentation.odp was downloaded by user2.

2011-10-20T22:37:55+0000 user user2@example.com (id=30081090, customerId=30079205) 
performed FILE_DOWNLOADED on object (type=FILE, id=0d916c35-0c08-4b1d-b45f-7727dacff274, 
name="Marketing Presentation.odp", customerId=30079205) with outcome SUCCESS

When a file is shared with a user, two events are recorded. The first event is the file sharing action. The second event indicates with whom the file was shared. Both events have the same timestamp and the same user email address.

The user aamadou@example.com shared a file called alain.amadou.jpg with Mike Motler:

2012-01-20T19:37:47+0000 user aamadou@example.com (id=30081144, customerId=30046242) performed 
FILE_SHARED on object (type=FILE, id=48b871e9-c552-421f-a36d-c24e847fd3d4, 
name="alain.amadou.jpg", customerId=30046242) with outcome SUCCESS

2012-01-20T19:37:47+0000 user aamadou@example.com (id=30081144, customerId=30046242) performed 
FILE_SHARING_UPDATED on object (type=USER, id=30076007, name="Mike Motler", customerId=30046242) 
targeted at (type=FILE, id=48b871e9-c552-421f-a36d-c24e847fd3d4, name="alain.amadou.jpg", 
customerId=30046242) with outcome SUCCESS (ROLE="READER", OPERATION="MEMBER_ADDED")

The user aamadou@example.com stopped sharing a file called alain.amadou.jpg with Mike Motler:

2012-02-21T21:48:20+0000 user aamadou@example.com (id=30081144, customerId=30046242) performed
FILE_SHARING_UPDATED on object (type=USER, id=30076007, name="Mike Motler", customerId=30046242)
targeted at (type=FILE, id=48b871e9-c552-421f-a36d-c24e847fd3d4, name="alain.amadou.jpg",
customerId=30046242) with outcome SUCCESS (ROLE="UNSET", OPERATION="MEMBER_REMOVED")

When a file is added to a Community from a user’s computer, two events are recorded. The first event is the file upload. The second event is the FILE_ADDED_TO_COLLECTION event with the target COMMUNITY. Both events have the same timestamp and the same user email address.

The user aamadou@example.com uploaded the file progress report.txt to the Community Sales and Marketing team:

2012-01-20T19:50:01+0000 user aamadou@example.com (id=30081144, customerId=30046242) performed 
FILE_UPLOADED on object (type=FILE, id=d3465761-289e-499e-8cf5-a56fc1a405f3, 
name="progress report.txt", customerId=30046242) targeted at (type=COMMUNITY, 
id=d037d0d4-b4f4-43b0-befb-3a38ab5324de, name="Sales and Marketing team", 
customerId=30046242) with outcome SUCCESS

2012-01-20T19:50:01+0000 user aamadou@example.com (id=30081144, customerId=30046242) performed 
FILE_ADDED_TO_COLLECTION on object (type=FILE, id=d3465761-289e-499e-8cf5-a56fc1a405f3, 
name="progress report.txt", customerId=30046242) targeted at (type=COMMUNITY, 
id=9c73b03f-606a-4643-a7e9-159ed0e961f8, name="Sales and Marketing team", 
customerId=30046242) with outcome SUCCESS

The user aamadou@example.com shared the file called alain.amadou.jpg with his organization:

2012-02-21T21:49:17+0000 user aamadou@example.com (id=30081144, customerId=30046242) performed
FILE_SHARING_UPDATED on object (type=ORGANIZATION, id=30046242, name="Renovations",
customerId=30046242) targeted at (type=FILE, id=48b871e9-c552-421f-a36d-c24e847fd3d4,
name="alain.amadou.jpg", customerId=30046242) 
with outcome SUCCESS (ROLE="READER", OPERATION="GROUP_ADDED")

Format of the journal file for Forms

The journal file for Forms contains events such as creating surveys, publishing surveys, and editing survey templates.

File name

The name of the compressed file that you download is <date>.FORMS.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.FORMS.txt.gz.

Syntax

Each record in the journal file for Forms conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 21. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Create a template Form	CREATE_TEMPLATE
Make a copy of the template Form	COPY_TEMPLATE
Edit a template Form	EDIT_TEMPLATE
Publish a Form to another user(s)	PUBLISH_TO_USERS
Publish a Form to the company	PUBLISH_TO_COMPANY
Publish a Form to all (public form)	PUBLISH_TO_ALL
Complete a Form	SUBMIT
Create a Form from a Form on disk (xml file)	CREATE_SURVEY_FROM_DISK
Create a Form from a template	CREATE_SURVEY_FROM_TEMPLATE
Unpublish a Form	UNPUBLISH_SURVEY
Embed a public Form in another web page	EMBED_FORM
Add a url link to the Form in a web page	EMBED_LINK
View the Form submissions	VIEW_RESULTS

TYPE

The type of object on which the action was performed. Some possible values are TEMPLATE, USER, and FILE.

OBJECTID

The UUID that identifies the object. For example, when the object type is TEMPLATE, the OBJECTID is the UUID that identifies the form template.

name

The name that corresponds to the OBJECTID or to the TARGETID. For example, when the object type is TEMPLATE, the name is the name that the user has set for the template. For example: "Marketing Survey Template"

TARGETID

The identifier of the object, company, or user on which the action was performed. The TARGETID has one of the following values:

a UUID
0
PUBLIC

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores. For example: reason=AUTHENTICATION_FAILURE

EXTRA

Contains additional information that is relevant in the context of some actions.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

A form called Sales Meeting Feedback was created from a template:

2011-10-31T02:09:12+0000 user aamadou@example.com (id=30084698, customerId=30078115) 
performed CREATE_SURVEY_FROM_TEMPLATE on object (type=FORM, id=0, 
name="Sales Meeting Feedback", customerId=30078115) 
with outcome SUCCESS

A form called Sales Meeting Feedback was published and is available to everyone on the Internet:

2011-10-31T01:50:58+0000 user aamadou@example.com (id=30084698, customerId=30078115) 
performed PUBLISH_TO_ALL on object (type=FORM, id=85722fcf376745cd9b2cd3df9f4b82ba, 
name="Sales Meeting Feedback", customerId=30078115) 
targeted at (type=PUBLIC, id=PUBLIC, name="PUBLIC", customerId=0) 
with outcome SUCCESS

Format of the journal file for Forums

The journal file for Forums contains records of user activity in forums that are in Communities.

File name

The name of the compressed file that you download is <date>.FORUMS.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.FORUMS.txt.gz.

Syntax

Each record in the journal file for Forums conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 22. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Create Forum	CREATE_FORUM
Update Forum	UPDATE_FORUM
Delete Forum	DELETE_FORUM
Undelete Forum	UNDELETE_FORUM
Move Forum	MOVE_FORUM
Lock Forum	LOCK_FORUM
Unlock Forum	UNLOCK_FORUM
Follow Forum	FOLLOW_FORUM
Stop following a Forum	UNFOLLOW_FORUM
Add a tag to a Forum	CREATE_FORUM_TAG
Remove a tag from a Forum	DELETE_FORUM_TAG
Create a topic in a Forum	CREATE_TOPIC
Update a topic	UPDATE_TOPIC
Delete a topic	DELETE_TOPIC
Undelete a topic	UNDELETE_TOPIC
Move a topic	MOVE_TOPIC
Lock a topic	LOCK_TOPIC
Unlock a topic	UNLOCK_TOPIC
Follow a topic	FOLLOW_TOPIC
Stop following a topic	UNFOLLOW_TOPIC
Add a tag to a topic	CREATE_TOPIC_TAG
Remove a tag from a topic	DELETE_TOPIC_TAG
Upload an attachment to a topic	UPLOAD_TOPIC_ATTACHMENT
Remove an attachment from a topic	DELETE_TOPIC_ATTACHMENT
Download an attachment from a topic	DOWNLOAD_TOPIC_ATTACHMENT
Reply to a topic	CREATE_TOPIC_REPLY
Update a reply to a topic	UPDATE_TOPIC_REPLY
Delete a reply to a topic	DELETE_TOPIC_REPLY
Upload an attachment to a reply	UPLOAD_TOPIC_REPLY_ATTACHMENT
Delete an attachment from a reply	DELETE_TOPIC_REPLY_ATTACHMENT
Download an attachment from a reply	DOWNLOAD_TOPIC_REPLY_ATTACHMENT

TYPE

The type of object on which the action was performed. Some possible values are FOLDER, FILE, USER, and ALL.

OBJECTID

The unique identifier of the object. For example, when the object type is FILE, the OBJECTID is the UUID that identifies the file.

name

The name that corresponds to the OBJECTID or to the TARGETID. For example, when the object type is FILE, the name is the name of the file that was affected.

TARGETID

The identifier of the object, company, or user on which the action was performed.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

EXTRA

Contains additional information that is relevant in the context of some actions.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

When a forum is created in a Community, the person who created the forum is automatically added as a follower of the forum. For this reason, two events are recorded. One event is CREATE_FORUM and the other event is FOLLOW_FORUM. Both events have the same timestamp and user email. The FOLLOW_FORUM event appears first in the journal file.

The user aamadou@example.com created a forum called Renovations Running Club:

2012-01-25T22:06:24+0000 user aamadou@example.com (id=30081144, customerId=30046242) 
performed FOLLOW_FORUM on object (type=FORUM, id=dcecaa72-1d7c-4ad0-8d56-314d4168cccd, 
name="Renovations Running Club", customerId=30046242) with outcome SUCCESS

2012-01-25T22:06:24+0000 user aamadou@mailinator.com (id=30081144, customerId=30046242) 
performed CREATE_FORUM on object (type=FORUM, id=dcecaa72-1d7c-4ad0-8d56-314d4168cccd, 
name="Renovations Running Club", customerId=30046242) with outcome SUCCESS

The user mike.motler@example.com downloaded a file that was attached to the topic Proposals for 2012 in the forum Sales and Marketing team:

2012-01-24T19:55:35+0000 user mike.motler@example.com (id=30076007, customerId=30046242) 
performed DOWNLOAD_TOPIC_ATTACHMENT on object (type=FILE, id=, name="Marketing Presentation.odp", 
customerId=30046242) targeted at (type=FORUM, id=520bbc45-83bb-4346-b4d5-377edf4ca220, 
name="Sales and Marketing team", customerId=30046242) 
with outcome SUCCESS (TOPIC="Proposals for 2012")

Format of the journal file for iNotes

The journal file for iNotes contains a record of each login attempt and its result.

File name

The name of the compressed file that you download is <date>.INOTES.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.INOTES.txt.gz.

Syntax

Each record in the journal file for iNotes conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
with outcome OUTCOME [reason=REASON]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who logged in.

subscriberId

The unique identifier of the person who logged in.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 23. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Login to iNotes	LOGIN

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

Example

Note: To fit the width of this page, the example record is shown on more than one line. In the journal file, each record is a single line.

2011-10-31T02:09:12+0000 user aamadou@example.com (id=30084698, customerId=30078115) 
performed LOGIN with outcome SUCCESS

Format of the journal file for Meetings

The journal file for Meetings contains records of user activity in a meeting.

File name

The name of the compressed file that you download is <date>.MEETINGS.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.MEETINGS.txt.gz.

Syntax

Each record in the journal file for Meetings conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 24. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Host a meeting	START
Participant Join	JOIN
Leave a meeting	LEAVE
End a meeting	END
Lock a meeting	LOCK
Unlock a meeting	UNLOCK
Pass control	PASSCONTROL
Publish a file	PUBLISH
Present a file	PRESENT
Start Share Screen/Application	APPSHARESTART
Stop Share Screen/Application	APPSHARESTOP
Conduct a poll	CONDUCTPOLL
Meeting Chat Activity	CHAT

TYPE

The type of object on which the action was performed. Some possible values are CUSTOMER, USER, and FILE.

OBJECTID

The unique identifier of the object. For example, when the object type is USER, the OBJECTID is the unique number that identifies each person that has an account.

name

The name that corresponds to the OBJECTID or to the TARGETID. For example, when the object type is CUSTOMER, the name is the name of your company.

TARGETID

The identifier of the object, company, or user on which the action was performed.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores. For example: reason=AUTHENTICATION_FAILURE

EXTRA

Contains additional information that is relevant in the context of some actions.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

A meeting was started by aamadou@example.com:

2011-11-18T23:58:05+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed START on object (type=MEETING, id=347414, name="348766", customerId=20083694) 
with outcome SUCCESS (unmSubscriberName="4371ca9fdc687f1e6", unmServiceProvider="SBS", 
unmSecondaryServiceProvider="none")

The user kmacgyver@example.com joined the meeting:

2011-11-18T23:58:05+0000 user kmacgyver@example.com (id=30081007, customerId=20083694) 
performed JOIN on object (type=MEETING, id=347414, name="348766", customerId=20083694) 
with outcome SUCCESS (unmParticipantId="3249049", unmParticipantFirstName="Kristin", 
unmParticipantLastName="")

Format of the journal file for Profiles

The journal file for Profiles contains information about the network of contacts among users. The journal file also contains records of updates to a user’s profile.

File name

The name of the compressed file that you download is <date>.PROFILE.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.PROFILE.txt.gz.

Syntax

Each record in the journal file for Profiles conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person that performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 25. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Add contact to network (Invite contact to network)	SEND_NETWORK_INVITATION
Accept network request	ACCEPT_NETWORK_INVITATION
Reject network request	REJECT_NETWORK_INVITATION
Remove contact from network	REMOVE_NETWORK_CONNECTION
Update a profile	UPDATE

TYPE

The type of object on which the action was performed. The value is always USER.

OBJECTID

The unique identifier of the user whose network is changing or whose profile is changing.

name

The name of the user that corresponds to the OBJECTID or to the TARGETID.

TARGETID

The unique identifier of the user who is the network contact.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

The user Alain Amadou updated his profile information:

2011-08-29T19:36:16+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed UPDATE on object (type=USER, id=20087962, name="Alain Amadou", 
customerId=20083694) with outcome SUCCESS

The user Alain Amadou invited Kristin MacGyver to his network:

2011-11-10T17:29:59+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed SEND_NETWORK_INVITATION targeted at (type=USER, id=20083830, 
name="Kristin MacGyver", customerId=20083694) with outcome SUCCESS

Format of the journal file for Sametime

The journal file for Sametime® contains records of when people login to Sametime, start a chat, and logout of Sametime.

File name

The name of the compressed file that you download is <date>.SAMETIME.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.SAMETIME.txt.gz.

Syntax

Each record in the journal file for Sametime conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person who performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 26. User actions and the associated values that appear in the journal file..
User action	Text in journal file
Initiate a chat session	CHAT_INITIATION
Logon	LOGIN
Logout	LOGOUT

TYPE

The type of object on which the action was performed. In the journal for Instant Messaging, the value is always USER.

TARGETID

The identifier of the user on which the action was performed.

name

The name that corresponds to the TARGETID. For example, "Kristin MacGyver"

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

A chat that was started by kate@example.com with Alain Amadou:

2011-10-04T13:34:16+0000 user kate@example.com (id=20332346, customerId=20280570) 
performed CHAT_INITIATION targeted at (type=USER, id=20332348, name="Alain Amadou", 
customerId=20280570) with outcome SUCCESS

A successful login that was made by kate@example.com:

2011-10-04T10:59:56+0000 user kate@example.com (id=20332346, customerId=20280570) 
performed LOGIN with outcome SUCCESS

Format of the journal file for Theming

The journal file for Theming contains an update event that occurs when an administrator changes either the color scheme of the SmartCloud Engage interface for your organization, or the logo of your organization.

File name

The name of the compressed file that you download is <date>.THEME.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.THEME.txt.gz.

Syntax

Each record in the journal file for Theming conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person that performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 27. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
Theme is changed	UPDATE

TYPE

The type of change that occurred to the theme. The value can be THEME, THEMELOGO, THEMELOGODISPLAY, or THEMELOGINLOGO.

OBJECTID

The unique identifier of the theme.

name

The name that corresponds to the theme that was updated.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

Examples

Note: To fit the width of this page, the example records are shown on more than one line. In the journal file, each record is a single line.

A new company logo was uploaded:

2011-10-26T08:57:23+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed UPDATE on object (type=THEMELOGO, id=1950, name="company-logo-small.gif", 
customerId=20083694) with outcome SUCCESS

The company logo was made visible:

2011-10-26T08:57:34+0000 user aamadou@example.com (id=20087962, customerId=20083694) 
performed UPDATE on object (type=THEMELOGODISPLAY, id=1950, name="1", 
customerId=20083694) with outcome SUCCESS

Format of the journal file for Wikis

The journal file for Wikis contains events such as creating, updating, and deleting Wikis

File name

The name of the compressed file that you download is <date>.WIKIS.txt.gz, where <date> is the date that the journal was written, in YYYY-MM-DD format. For example: 2011-10-23.WIKIS.txt.gz.

Syntax

Each record in the journal file for Wikis conforms to the following syntax:

date user email (id=subscriberId, customerId=customerId) performed ACTION 
[on object (type=TYPE, id=OBJECTID, name=name, customerId=customerId)] 
[targeted at (type=TYPE, id=TARGETID, name=name, customerId=customerId)] 
with outcome OUTCOME [reason=REASON][(EXTRA)]

Notes:

To fit the width of this page, the record syntax is shown on several lines. In the journal file, each record is a single line.
Content between [ and ] is only present if applicable to the recorded event.

Parameters

date

The date and time that the event occurred at UTC. For example: 2011-06-30T13:23:47+0000

email

The email address of the person who performed the action.

subscriberId

The unique identifier of the person that performed the action.

customerId

The unique number that identifies each company that has subscribed to SmartCloud Engage.

ACTION

The action that was performed by the user. The action is one of the following values:

Table 28. User actions and the associated values that appear in the journal file..
User action	Text in the journal file
A new wiki was created	CREATE_WIKI
A wiki was deleted	DELETE_WIKI
A wiki page was created	CREATE_WIKI_PAGE
A wiki page was updated	UPDATE_WIKI_PAGE
A wiki page was deleted	DELETE_WIKI_PAGE
A comment was added to a wiki page	ADD_WIKI_PAGE_COMMENT
A comment was updated	UPDATE_WIKI_PAGE_COMMENT
A comment was removed from a wiki page	REMOVE_WIKI_PAGE_COMMENT
An attachment was added to a wiki page	ADD_WIKI_PAGE_ATTACHMENT
An attachment was updated	UPDATE_WIKI_PAGE_ATTACHMENT
An attachment was removed from a wiki page	REMOVE_WIKI_PAGE_ATTACHMENT
A tag was added to a wiki page	ADD_WIKI_PAGE_TAG
A tag was removed from a wiki page	REMOVE_WIKI_PAGE_TAG
A wiki page was recommended	ADD_WIKI_PAGE_RECOMMENDATION
A recommendation was removed from a wiki page	REMOVE_WIKI_PAGE_RECOMMENDATION

TYPE

The type of change that occurred to the wiki.

OBJECTID

The unique identifier of the wiki.

name

The name that corresponds to the OBJECTID or to the TARGETID.

TARGETID

The identifier of the object, company, or user on which the action was performed.

OUTCOME

The result of the action. Can be SUCCESS or FAILURE.

REASON

If the outcome of an event is FAILURE, the reason is given. The reason is in uppercase and can be multiple words separated by underscores.

Enabling the journaling service

You can enable journaling when you enable access to the integration and migration site.

When you enable journaling, you must provide at least one user name or account identity that will be used for connecting to the FTP site. You can use your own account, or you can create an account in IBM SmartCloud for Social Business for the specific purpose of connecting to the FTP site and downloading the journal files.

To enable the journaling service for your company, see the Requesting integration server enablement topic.

Downloading SmartCloud Engage journal files

The SmartCloud Engage journal files are stored on the FTP site for seven days.

Make sure that you have the login credentials for the SmartCloud Engage user account that was enabled for access to SmartCloud Engage integration and migration site.

These instructions are for a generic FTP client, but the connection and login information applies to all FTP clients.

To download the journal files:

Open your FTP client and enter the following connection details:
- Host: fom.mail.lotuslive.com
- Protocol: FTP
- Port: 990
- Encryption: Implicit FTP over TLS
- User and password: Enter the credentials for the SmartCloud Engage user account that was enabled for access to SmartCloud Engage integration and migration site.
Connect to the FTP site.
On the remote site, change to the journal directory.
Select the files that you want and download them.

Accessibility features

Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully.

Administration accessibility features

The following list includes the major accessibility features for Administration:

Keyboard-only operation.
Interfaces that are commonly used by screen readers.
Accessible documentation can be found on the Administering SmartCloud for Social Business Translated Product Documentation page (opens in new window).

Keyboard navigation

To go directly to the Topic pane, press Alt+K, and then press Tab. Microsoft Internet Explorer only.
To go directly to the Search Results view, press Alt+R. Microsoft Internet Explorer users then press Enter or Up arrow to enter the view.
To go directly to the Navigation (Table of Contents) view, press Alt+C. Microsoft Internet Explorer users then press Enter or Up arrow to enter the view.
To expand and collapse a node in the navigation tree, press the Right and Left arrows.
To go back, press Alt+Left arrow; to go forward, press Alt+Right arrow.
To go to the next pane, press F6.
To move to the previous pane, press Shift+F6.

IBM and accessibility

See the IBM Human Ability and Accessibility Center for more information about the commitment that IBM has to accessibility.

Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan

The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:

IBM Corporation
Office 4360
One Rogers Street
Cambridge, MA 02142
U.S.A.

Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.

The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us.

Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.

All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject to change before the products described become available.

This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.

This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs.

Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as follows:

If you are viewing this information softcopy, the photographs and color illustrations may not appear.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.